top | item 47022196

(no title)

Morromist | 15 days ago

As Argento Dragone said in the Kotaku comments:

"Face scanning is used to do ID verification on your device and then deleted immediately."

"By immediately I mean we send it to k-ID who said that's what they do."

"By that I mean they partnered with Persona to do the actual verification."

"Persona clarified that by 'immediately' they mean 'after seven days.'"

"And given their ties to Palantir, it's probably fine. You trust us, right?"

discuss

eterm|15 days ago

And by "Deleted immediately" they might mean they delete the image but keep the hash.

unknown|15 days ago

[deleted]

Hawxy|15 days ago

> "By immediately I mean we send it to k-ID who said that's what they do."

People have already validated this fyi. When k-ID was first added you could send a bogus age result to discord from your local device, which probably still works. There's no evidence your facial scans leave the device.

> "By that I mean they partnered with Persona to do the actual verification."

Which isn't true, it was a UK-only experiment being run for a small subset of users, which has now been discontinued.

I get people are outraged, but this is sensationalism at best.

shakna|15 days ago

After the last screwup, by the same company, why would you trust the data to stay on your device?

> Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals.

And by same company, I don't mean discord. I mean Persona.

https://discord.com/press-releases/update-on-security-incide...

pavel_lishin|14 days ago

How many people in how many countries does it take before the lie becomes sufficiently flagrant?

rolymath|15 days ago

What good does this do for people who have already had their faces enrolled in Thiel's venture now?

"oh sorry, we said it's local but forgot to tell you about the experiment that sends you data to Thiel"

jacquesm|15 days ago

Trust is fragile.

toofy|15 days ago

was it “uk only” or was it the only place that required them to notify users theyre being experimented on?

we know US law allows tech companies to experiment on us without notifying at all. facebook was caught experimenting on users to see if a timeline full of sad posts would cause the users to become depressed.

im guessing his companies will get ahold of discord users data in most other countries. i’d be shocked if he only wants data from a tiny number of UK people.

cookiengineer|15 days ago

Enter into Google: Discord breach october 2025

Discord probably still claims they weren't hacked. How they handle incidents like this matters to a lot of folks, and that's what this is about.

3 months after a major breach, how could anybody possibly believe that they fixed all their wrong organizational policies and security measurements within that time, while still not even acknowledging the incident?