by internet101010
1 subcomments
- The third-party list on page 12 is not small. The real-time api architecture creates a live, per-query link between a specific user event and every broker in the chain. Batch transfers or delta shares would break that linkage. Zero-knowledge proofs (also mentioned in the study) can prove age without handing anyone a name, document, or photo.
There's no reason Aristotle or Veratad should see who the underlying requestor is. Yoti should receive the verification request, strip the context, make the request - that's it. The fact that it isn't structured that way and they are tagging on additional metadata suggests per-query economics, which creates a direct incentive to route more verifications through more parties, exactly backwards from data minimization. I'm not going to call it a rev share, but the architecture is consistent with one.
- If a city hires a cop who openly accepts bribes, it's a problem for city hall. If they tolerate crooked cops, they are rightly painted as being corrupt as well.
If a government mandates age verification and tolerates companies like Yoti as enforcers of their law, it's exactly the same thing. If politicians aren't willing to see that new laws are enforced with integrity, then these corrupt politicians are the problem and need to face the consequences.
- I've been telling people for years now not to engage with systems such as these. Some say I'm just being paranoid. But a growing number concerningly reply with either "So? What are they gonna do with it?" or "They already have it, it doesn't matter." Normal people either don't know the dangers present or they don't understand that stopping the flow hurts the machine. And they want neither to know or understand. Apathy or the desire for convenience cannot adequately explain why.
by falsaberN1
0 subcomment
- There isn't enough noise about this kinda news.
People need to learn to distrust such systems and exposing failings such as this one is a good way to do it.
We aren't going to be free of this stuff until the average Joe's mom hear of "forced age verification" and associate it to "unsafe".
- Age check is identity theft at scale, mandated by the state. A disaster waiting to happen (and it won't wait long).
- >TABLE 2. USER AGENT METADATA FIELDS (“CLIENT HINTS”) SENT AS PART OF YOTI’S AGE ESTIMATION METHOD
As far as device fingerprinting goes, this is pretty tame, compared to what something like chatgpt does: https://www.buchodi.com/chatgpt-wont-let-you-type-until-clou...
The far more concerning part are your pictures/document scans getting sent to them.
by truthfinder61
0 subcomment
- We are definitely entering the era of stupidity.
Who wrote that article hasn't read the paper, just asked some AI to scan it and fudge up an eye catching article.
The article claim things that are not in the paper, that are actually false, the paper does state the face image is actually encrypted on the client side and never says that is shared with third parties. If you prompt your AI with enough bias and ask it to read a technical paper, then this is what happens.
And given no one bothers to check facts there you go, everyone screaming against a legit company that is just doing its job.
The paper itself reports that Yoti has given an amicus brief in a US court where they just stated that age verification can be done in a privacy preserving way (which seems to be what they do, they have nothing to gain from keeping data). I wonder if that is why they are after Yoti so badly now.
by ChrisArchitect
1 subcomments
- Update since submission:
An open letter to Georgia Institute of Technology and University of California, Irvine requesting retraction and correction of false statements
https://www.yoti.com/blog/open-letter-to-georgia-institute-o...
by shreyasminocha
1 subcomments
- Lead author here, happy to answer any questions about the study!
- The paper is https://mikespecter.com/assets/pdf/AgeVerification.pdf (good on them for linking it)
The rest of the IEEE Symposium on
Security and Privacy papers are listed at https://sp2026.ieee-security.org/accepted-papers.html
by unknown_user_84
0 subcomment
- Probably worth mentioning that I just did a very informal and quick review of identity/age verification providers because of payment provider requirements. Yoti came up as one of the more privacy focused (relatively) lower friction options because they only require a face scan and try to estimate age based on that. They may do more but that is as far as my research got.
by gum_wobble
0 subcomment
- Yeah, well, I mean, ahah, you don't say :)
- Every app shares all data with third parties. The concept of privacy labeling has completely failed and it's time to try a new approach.
Hacker News