Alex6d ago
Chuck Darwin

We’ve been saying this for years now, and we’re going to keep saying it until the message finally sinks in:

mandatory age verification creates massive, centralized honeypots of sensitive biometric data that will inevitably be breached.

Every single time.

And every single time it happens,
the politicians who mandated these systems and the companies that built them act shocked—shocked!

—that collecting enormous databases of government IDs, facial scans, and biometric data from millions of people turns out to be a security nightmare

https://www.techdirt.com/2026/02/25/hackers-expose-the-massive-surveillance-stack-hiding-inside-your-age-verification-check/

Hackers Expose The Massive Surveillance Stack Hiding Inside Your “Age Verification” Check

We’ve been saying this for years now, and we’re going to keep saying it until the message finally sinks in: mandatory age verification creates massive, centralized honeypots of sensitiv…

Techdirt
Mar 14 at 9:34pmWeb
Show threadMuMar 15

@cdarwin I feel it is possible to do these things well, the NZ Covid tracer app was pretty good on privacy, even if it's not a proof of age thing.

When designed to collect minimal information, and allow control over that information to sit with the person whose information it is, there are some amazing things possible

https://en.wikipedia.org/wiki/NZ_COVID_Tracer

NZ COVID Tracer - Wikipedia

Show threadJeff CodesMar 15
@mu @cdarwin
Even if the data is safeguarded, the larger purpose is achieved, mass surveillance. The data integrity is secondary to adding a whole new trove of PII that can, and will, be easily used for surveillance.
Show threadMuMar 15
@jeffcodes @cdarwin the NZ Covid tracer has the data on the phone, and asked to share it every time.
Show threadJeff Codes6d ago
@mu @cdarwin
It doesn’t matter where the hard/PII data is saved. The ID’s and documents can be safe, sure. The meta data, the IP, the OS, the date, the time, the patterns of use, instances logged in and when, and any other data shared, will end up in oligarchs or government hands to profile the people further than we already are. Maybe just for behavioral manipulative advertising, maybe for identification in political round ups.
With the current fascist regime going after people wearing black to protests and garnering convictions of domestic terrorism as antifa as a result, I don’t I want any of my data, meta or not, being gathered due to the high potential for abuse of a repressive regime. I don’t want to end up in jail as a terrorist because I log into a liberal Discord frequently and use Signal.
Argue about data safety all you want, but it misses the actual problem completely.
Show threadJames 🌈💜6d ago

@mu

The Te Whatu Ora breach, came from an insider. Unless the entire pipeline can be verified, there is always a risk.
If you normalise collecting the data, you allow for a breach even where you don't expect it. Apps are not a silo, but part of an ecosystem.

The pandemic created something where risks were outweighed by gains. Thousands dead and dying.

The risk when applied to a new norm, is greater, and when alternative approaches exist, aren't worth it.

Show threadBrooks SmithMar 15

In the world of centralised databases of sensitive data on the internet, I'm much more comfortable with a democratically-elected government holding it than with Jeff Bezos, Elon Musk, Mark Zuckerberg, and the other tech oligarchs.

Centralised databases of sensitive data, including biometrics, will (and do) exist. Unless we want to go 100% off-grid, we're not going to stop them. What we can do is put them in the hands of the people we distrust the least and whom we can hold accountable for breaches.

I'm sure there are plenty of folks on here who disagree with me, but I personally distrust elected governments less than I distrust tech bros.

Show threadAaron6d ago
@smithb Sure, it's less bad. But the march of entropy means that sooner or later, that democracy you trust more can turn into that oligarchy you trust less. We are living through what may be the last moments of such an event here in the US.
Show threadAaron6d ago
@smithb I guess my point is, push as far in the other direction as possible, so when things backslide you're still in safe territory.