Discord Is Testing Incode for Age Verification, and the Privacy Concerns Are Legitimate (wp.me)
from UnLocoPoco@lemmy.world to privacy@lemmy.ml on 29 Jun 07:24
https://lemmy.world/post/48785198

Discord has quietly begun testing Incode as a new age verification provider, replacing its previous vendor for some users. The company says face scans are processed on-device where possible, IDs and selfies are deleted after age confirmation, and Discord only receives an age result, not your identity. But the move still raises important privacy questions around biometric verification, third-party trust, and the growing trend of mandatory age checks online, especially after the massive Persona breach linked to Discord user data back in 2025

#privacy

threaded - newest

sudoer777@lemmy.ml on 29 Jun 08:21 next collapse

I wish more FOSS communities would use Matrix, Discord sucks so I barely use it anymore

UnLocoPoco@lemmy.world on 29 Jun 09:01 next collapse

Their desktop client is a memory hog too. Takes ages to launch and update

Coyote@piefed.ca on 29 Jun 12:14 collapse

Yeah, for Discord on my PC I use it through Equibop. It works quite well.

sudoer777@lemmy.ml on 29 Jun 18:18 collapse

On my computer I have to use Equibop because their shitass client doesn’t support ARM Linux

comrade_twisty@feddit.org on 29 Jun 09:57 next collapse

I stopped and will immediately stop using all services that require face scans, ids, phone number or qr-captchas.

If they want to kill their product they can be my guest.

FineCoatMummy@sh.itjust.works on 29 Jun 17:45 collapse

I stopped and will immediately stop using all services that require face scans, ids, phone number or qr-captchas.

Same.

The question tho is, how many will? If it’s 50%, they killed their product. If it’s 0.1%, then their product is fine, while you, me, and all us 0.1% are excluded from more and more of the online world. This won’t stop with Discord.

I guess the % will be somewhere between those levels. Where exactly? IDK.

[deleted] on 29 Jun 12:45 next collapse

.

GMac@feddit.org on 29 Jun 13:29 next collapse

I like the marketing and on the surface, Matrix looks like something I would be on baord with, BUT… staff and leadership track back to amdocs and thats a red flag for me. Independent code review, analysis, security audit and activity verification might change my mind but at this point I have no incentive to invest effort into verifying matrix is safe after my concern radar has pinged.

tekato@lemmy.world on 29 Jun 14:37 next collapse

Matrix is just the protocol so if you think that synapse (the server implementation developed by Element which does have ties to Amdocs) is somehow logging all your data and sending it back or whatever, just use a different implementation. For example, tuwunel is sponsored and used by Switzerland’s government.

GMac@feddit.org on 29 Jun 18:25 next collapse

Sure i read that the protocol developments go back to amdocs Governments use palantir so not a benchmark reference for avoiding spyware. Like i said, red flag and lack of motivation to act enough to verify either way. Ymmv

sudoer777@lemmy.ml on 29 Jun 18:39 collapse

I will say that Matrix does not have a good security track record for E2EE and all of the clients use their software to do it. If that’s a dealbreaker, you should probably use something security-oriented like Signal.

tekato@lemmy.world on 30 Jun 06:55 next collapse

Was just addressing the amdocs complaint. Didn’t know about the security concerns but it’s most likely still better than Discord and I’m not sure if Signal is even in consideration when looking for a Discord alternative.

procapra@lemmy.ml on 30 Jun 16:01 collapse

Its literally always this one guys complaint, you know, the guy that shills signal, the app that literally requires a phone number to use.

sudoer777@lemmy.ml on 30 Jun 17:08 collapse

The person in the article I linked to analyzed Signal’s protocol implementation and claims that it’s much safer. Although it would be interesting to see an analysis on SimpleX.

dropdrip@lemmy.ml on 30 Jun 13:52 collapse

Matrix’s origin is Israel’s intelligence community. One could argue the authors are rebels, being insiders themselves, who’ve begun to fight back against the surveillance state that they intimately know. That’s a naive and foolish thing to think. The project’s design is awful from a ‘privacy’ perspective, with the design specifically allowing third-parties to silently ‘intercept’ users’ data–all whilst still being ‘E2EE’. It’s a feature. That’s the amusing thing about its absolutely shit design, but regardless of design choices, encryption has always been a lagging component of the program.

The cynic might observe that the whole thing was proposed with foresight as to create a compromised leader ready to be adopted by organizations that felt they needed a higher degree of security. Matrix is a good solution, or so government bureaucrats are told.

Let Tel Aviv inside.

Zizzy@lemmy.blahaj.zone on 29 Jun 13:35 next collapse

I agree, but all matrix clients have their own issues too, and its not a 1:1 replacement.

EncryptKeeper@lemmy.world on 29 Jun 14:49 next collapse

Fluxer just finally finished their big refactor that brought their code to GitHub for public contribution and they released their revamped selfhosting experience

Solrac@lemmy.world on 29 Jun 15:42 collapse

Still. Not. Federated.

mnemonicmonkeys@sh.itjust.works on 29 Jun 16:27 collapse

It’s on the roadmap, and it’s a solo dev

Solrac@lemmy.world on 29 Jun 16:28 next collapse

Wake us up when its federated and ha proper e2ee.

sudoer777@lemmy.ml on 29 Jun 18:15 next collapse

It’s on the roadmap

Kindof like Helix plugin system, Forgejo federation, CoMaps live traffic, etc. I’d rather use something that works right now and not have to wait like 5 years

dreadbeef@lemmy.dbzer0.com on 29 Jun 23:48 collapse

And Claude ofc

Manalith@midwest.social on 29 Jun 15:22 next collapse

Been working on deciding where to move to, not sure if I can get my people to come with but as it stands

Fluxer - E2EE is iffy at the moment from what I’ve seen, federation not yet a thing

Matrix - I don’t know of a client that allows audio screenshares which is important when sites keep removing the watchparty features

MOVIM is entirely text based as far as I can tell

mnemonicmonkeys@sh.itjust.works on 29 Jun 21:54 next collapse

MOVIM is entirely text based as far as I can tell

What are you talking about? One of its main features is multi-stream video calls, which most other XMPP clients don’t handle

NewNewAugustEast@lemmy.zip on 29 Jun 22:07 next collapse

I assume E2EE is end to end encryption?

Curious why you care that much. On discord it’s all on their servers anyways, so it already doesn’t matter.

If you had to you could self host and set up e2ee for the connection if you wanted to.

spiderhamster@midwest.social on 30 Jun 01:36 collapse

Matrix - I don’t know of a client that allows audio screenshares which is important when sites keep removing the watchparty features

If you use Element web with a chrome-based browser you can share a tab playing a video from the same browser. I use Helium to connect to matrix and my Jellyfin server to stream movies regularly. Within the last few months they’ve added the ability to adjust stream volume as well.

warm@kbin.earth on 29 Jun 15:44 collapse

When Fluxer gets federation, I really think it will be a great drop-in for Discord. It's very familiar.

Matrix really isn't a good replacement for Discord. I wish forums were still the thing though, I hate threads in my chat apps.

It_is_gaslighting@discuss.tchncs.de on 29 Jun 14:48 next collapse

My community is in the process to migrate to fluxxer, self-hosted.

NGC2346@sh.itjust.works on 29 Jun 15:16 next collapse

As much as i hate this, CSAM sharing accounts are a real problem, and they keep making more and more.

I wonder what else could be used to counter this ? Device IMEI auth? Im sure we can come up with better than ID verification, which will ultimately make me leave the platform, not because i have something to hide, but because the precedent it sets is dangerous and WILL lead to leaks and breaches.

Meatwagon@lemmy.dbzer0.com on 29 Jun 16:00 collapse

Offer a paid option to purchase a card at a store that to be activated needs you to show your ID to a clerk just like purchasing alcohol. Nothing is stored. You take the card home and input the activated code into you account.

mnemonicmonkeys@sh.itjust.works on 29 Jun 16:26 collapse

That’s… actually a good idea

aurelar@lemmy.ml on 29 Jun 15:46 next collapse

They said that the pictures were deleted last time, and we found out later that they weren’t. Why would we trust them a second time when they violated our trust the first time?

JamesBoeing737MAX@sopuli.xyz on 29 Jun 21:27 collapse

Most people love capitalism and the ways it fucks them over.

wisdomsuccubus@thelemmy.club on 29 Jun 23:05 next collapse

Bye Discord… Hi Element/Matrix haha

PerfectDark@lemmy.world on 30 Jun 05:01 collapse

We replaced our site’s (not-very-used) Discord server with Matrix, and even if a few thousand don’t know/didn’t follow, we’re happier to be on a nicer space than Discord :)

wisdomsuccubus@thelemmy.club on 30 Jun 20:20 collapse

Congratulations, that’s great! Since the more people we leave platforms that play with our data, the more people will migrate to platforms that take care of our privacy. Union is strength <3

manuallybreathing@lemmy.ml on 01 Jul 01:05 next collapse

I know there are groups local to me who organise almost entirely on discord, I cannot understand why they choose to do this, even before everything discord has proven to be a very insecure platform

airikr@lemmy.ml on 04 Jul 10:28 collapse

How can Discord users be 100% sure that Discord will delete their very private data after being verified? Where is the source code for that so we can verify it?

Oh. Wait. Discord is closed sourced…