Rendered at 23:50:18 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
Tanoc 3 hours ago [-]
I've been telling people for years now not to engage with systems such as these. Some say I'm just being paranoid. But a growing number concerningly reply with either "So? What are they gonna do with it?" or "They already have it, it doesn't matter." Normal people either don't know the dangers present or they don't understand that stopping the flow hurts the machine. And they want neither to know or understand. Apathy or the desire for convenience cannot adequately explain why.
GuB-42 54 minutes ago [-]
> Normal people either don't know the dangers present
But what are the dangers? I mean concretely, in a way that can affect their day to day life, with significant probabilities.
HN is a tech forum, people here are very aware the tech risks. But talk to anyone in a given field and they will find a way to scare you. Don't go out in the sun without SPF50 gear or you will get cancer, your house electrical system is a fire hazard because you don't have the latest breakers, buy a gun, don't buy a gun, have this and that survival equipment, learn self defense, never talk to the cops, don't leave your drink unattended,...
At some point, people just want to stop worrying and do their things. And guess what, most people are fine! In fact considering how many things can turn bad, normal people are rather good at avoiding the worst despite an apparently carefree attitude. Meaning they are not so bad at evaluating risks, and that society has pretty good guardrails.
So cut normal people some slack unless they are in immediate danger (for example if they are in the process of responding to fishing), uploading their picture to Yoti is not that. They have other worries in their own field.
Inform them, but don't press it, and if you are in the field, your job is to help normal people be carefree, not cause more anxiety, they have more than enough already.
Tanoc 30 minutes ago [-]
One of the dangers is in the ability to cross-nationally attack someone. As digital infrastructure continues to encompass more and more facets of necessary interactions with the government and governments force more and more points of interaction someone from a foreign nation could destroy the life of someone who is interfering with their aims. Say someone has published an article that reveals the terrible behaviour of a given company. Someone hired by the company can use a variety of data points to not only track down who that person is, but where they live and even which room in their house they spend the most time in. With that kind of information it would be easy to financially, reputationally, or mortally wound someone. With the worryingly swift growth rate of corruption this could apply at any level for any reason. And unlike for example the difficulty of getting into a car crash or robbing a cash register, digital infrastructure makes all of this remarkably easy and for some parts even free. With modern LLM agents it could be entirely automated so that no human is ever involved, and because there's so few current guardrails and such a vehement protestation against any being implemented the agent could wipe it's connection to it's handler so that nobody ever faces any consequences.
The thing is, this kind of stuff already happens all the time. The number of spam calls people suffer through are a direct result of companies digging through the contacts list after being granted that permission (though often without being granted that permission), then selling that data to brokers. Data breaches that wipe people's credit or force a credit freeze because they bought something ten years ago are another common one. Or think about package stalking, where people get access to someone's purchase history and the tracking number to a purchase so that they can steal it in transit or once it arrives. There's a number of beatings and murders that have happened because of police officers being able to access surveillance tools to track former romantic partners or spouses. All of these are different parts of the lack of privacy, and they're all getting worse because the tools that are used to surveil are becoming more widespread and more accessible.
Privacy is a protection against the intelligent attacks of other humans. It is not a frill that can be taken away without ridiculous and trailing harm.
diegof79 1 hours ago [-]
But what is the alternative?
Many of these systems are added to digital wallets due to legal requirements or fraudulent cases. For example, one case of fraud that I’m aware of happened in Chile, where citizens were able to open bank accounts digitally with just their ID. But since there is no good biometric information, many criminals took the IDs of homeless people to open accounts and move money around.
Sadly, these shitting things happen, then companies use these services to avoid the liability, and then these services abuse the information they have.
People don’t have much choice unless their representatives in government do something; it’s not about apathy: you can stop using one bank app, but not all of them otherwise you’ll be out of the financial system.
Havoc 50 minutes ago [-]
>not to engage with systems such as these
Yoti is used by governments. Principled stances are all good and well for hn comments but eventually collide with reality
Tanoc 20 minutes ago [-]
Governments, regardless of what threat they wield against those they supposedly govern, are limited by the fact that they are organizations run by humans. For now. God forbid we ever reach the point where there are no humans... Anyways, because of that they require humans to ensure enforcement. A major reason why Yoti is able to do what it's doing is because there are no humans enforcing privacy and data protection laws against them. This means the reverse can also be true, where enough people motivated to do so can simply not enforce whatever requirement there is for Yoti's services to be used. Because the social contract's been not only breached but shredded and spread to the wind this is very likely to occur. In my viewpoint unfortunately the most likely reason is because they'll go with somebody else other than Yoti that provides more favourable terms, but that's an aside to the likely situation I outlined.
joshuaissac 2 hours ago [-]
What can people do? Systems like these are mandated by companies that provide services that people need, and they are hard to avoid. In-person verification is sometimes an option but not always.
PaulKeeble 2 hours ago [-]
All this biometric data is setting people up for identity theft attacks. These types of attacks are going to grow enormously over the coming years as biometric data is gathered and leaked on a massive scale. Anything put on the internet has been leaked already, almost every company with a web presence has lost data. Biometrics unlike passwords, phone numbers and credit cards can not be changed.
quantummagic 1 hours ago [-]
And that assumes a relatively stable environment; but politics can change drastically for the worse. We have examples from relatively recent history of governments turning evil, rounding up unfavored groups, and shipping them off in rail cars to an early demise. God forbid it happens again with all the information available to sort, categorize, and identify people.
Grom_PE 1 hours ago [-]
Since those people don't care about privacy and anonymity, perhaps they are also willing to trade by verifying for someone who does care?
AlienRobot 2 hours ago [-]
What I'm afraid of is that this is all a ticking bomb that is going to explode VERY hard on the most technologically vulnerable.
beloch 20 minutes ago [-]
If a city hires a cop who openly accepts bribes, it's a problem for city hall. If they tolerate crooked cops, they are rightly painted as being corrupt as well.
If a government mandates age verification and tolerates companies like Yoti as enforcers of their law, it's exactly the same thing. If politicians aren't willing to see that new laws are enforced with integrity, then these corrupt politicians are the problem and need to face the consequences.
falsaberN1 3 hours ago [-]
There isn't enough noise about this kinda news.
People need to learn to distrust such systems and exposing failings such as this one is a good way to do it.
We aren't going to be free of this stuff until the average Joe's mom hear of "forced age verification" and associate it to "unsafe".
SwellJoe 19 minutes ago [-]
Age check is identity theft at scale, mandated by the state. A disaster waiting to happen (and it won't wait long).
gruez 2 hours ago [-]
>TABLE 2. USER AGENT METADATA FIELDS (“CLIENT HINTS”) SENT AS PART OF YOTI’S AGE ESTIMATION METHOD
But what are the dangers? I mean concretely, in a way that can affect their day to day life, with significant probabilities.
HN is a tech forum, people here are very aware the tech risks. But talk to anyone in a given field and they will find a way to scare you. Don't go out in the sun without SPF50 gear or you will get cancer, your house electrical system is a fire hazard because you don't have the latest breakers, buy a gun, don't buy a gun, have this and that survival equipment, learn self defense, never talk to the cops, don't leave your drink unattended,...
At some point, people just want to stop worrying and do their things. And guess what, most people are fine! In fact considering how many things can turn bad, normal people are rather good at avoiding the worst despite an apparently carefree attitude. Meaning they are not so bad at evaluating risks, and that society has pretty good guardrails.
So cut normal people some slack unless they are in immediate danger (for example if they are in the process of responding to fishing), uploading their picture to Yoti is not that. They have other worries in their own field.
Inform them, but don't press it, and if you are in the field, your job is to help normal people be carefree, not cause more anxiety, they have more than enough already.
The thing is, this kind of stuff already happens all the time. The number of spam calls people suffer through are a direct result of companies digging through the contacts list after being granted that permission (though often without being granted that permission), then selling that data to brokers. Data breaches that wipe people's credit or force a credit freeze because they bought something ten years ago are another common one. Or think about package stalking, where people get access to someone's purchase history and the tracking number to a purchase so that they can steal it in transit or once it arrives. There's a number of beatings and murders that have happened because of police officers being able to access surveillance tools to track former romantic partners or spouses. All of these are different parts of the lack of privacy, and they're all getting worse because the tools that are used to surveil are becoming more widespread and more accessible.
Privacy is a protection against the intelligent attacks of other humans. It is not a frill that can be taken away without ridiculous and trailing harm.
Many of these systems are added to digital wallets due to legal requirements or fraudulent cases. For example, one case of fraud that I’m aware of happened in Chile, where citizens were able to open bank accounts digitally with just their ID. But since there is no good biometric information, many criminals took the IDs of homeless people to open accounts and move money around.
Sadly, these shitting things happen, then companies use these services to avoid the liability, and then these services abuse the information they have.
People don’t have much choice unless their representatives in government do something; it’s not about apathy: you can stop using one bank app, but not all of them otherwise you’ll be out of the financial system.
Yoti is used by governments. Principled stances are all good and well for hn comments but eventually collide with reality
If a government mandates age verification and tolerates companies like Yoti as enforcers of their law, it's exactly the same thing. If politicians aren't willing to see that new laws are enforced with integrity, then these corrupt politicians are the problem and need to face the consequences.
People need to learn to distrust such systems and exposing failings such as this one is a good way to do it.
We aren't going to be free of this stuff until the average Joe's mom hear of "forced age verification" and associate it to "unsafe".
As far as device fingerprinting goes, this is pretty tame, compared to what something like chatgpt does: https://www.buchodi.com/chatgpt-wont-let-you-type-until-clou...
The far more concerning part are your pictures/document scans getting sent to them.
The rest of the IEEE Symposium on Security and Privacy papers are listed at https://sp2026.ieee-security.org/accepted-papers.html