Forced Identification: Difference between revisions

(One intermediate revision by the same user not shown)

Line 9:

Forced Identification's functionality varies based on the region it is enforced within and how it is integrated by the company that uses it. Regardless, the result traditionally leads to sensitive information that is stored on servers that may be breached at any moment.

The traditional usage of forced identification is for [[age verification]], however there have been other uses as well.

The traditional usage of forced identification is for [[age verification]], however there have been other uses as well, such as spam prevention.

==Why it is a problem==

=== Risk of lost or stolen data ===

===Risk of lost or stolen data===

<blockquote>“Any system can be hacked—this is no longer a secret.”

― ''Dan Kaminsky, Security Researcher and DNS Expert''</blockquote>There is no such thing as a system that is unable to be breached, and IDs are a valuable product that malicious actors are incentivized to hijack. These 2 facts tend to lead to an increase in attempted security breaches. As an example, in late September 2025, attackers breached [[Discord]]'s 3rd-party customer service portal,<ref name=":2">{{Cite web |date=2025-10-03 |title=Update on a Security Incident Involving Third-Party Customer Service |url=https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |url-status=live |archive-url=https://web.archive.org/web/20251006163040/https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |archive-date=2025-10-06 |access-date=2025-10-07 |website=Discord}}</ref> leading to an estimated 70,000 photo IDs for the United Kingdom being stolen from the platform.<ref>{{Cite web |last=Hunt |first=Troy |date=2025-10-04 |title=X |url=https://x.com/troyhunt/status/1974558088847102289}}</ref>

― ''Dan Kaminsky, Security Researcher and DNS Expert''</blockquote>There is no such thing as a system that is unable to be breached,<ref>{{Cite web |last=Aj |first= |date=Sep 7, 2025 |title=Why “Unhackable” Systems Don’t Exist: Lessons from the Frontlines |url=https://osintteam.blog/why-unhackable-systems-dont-exist-lessons-from-the-frontlines-6fd517d117ba |access-date=Oct 22, 2025 |website=osintteam.blog}}</ref> and IDs are a valuable product that malicious actors are incentivized to hijack.<ref>{{Cite web |last=Weissmann |first=Shoshana |date=May 22, 2023 |title=If platforms are required to have your government IDs and face scans, hackers and enemy governments can access them too |url=https://www.rstreet.org/commentary/if-platforms-are-required-to-have-your-government-ids-and-face-scans-hackers-and-enemy-governments-can-access-them-too/ |access-date=Oct 22, 2025 |website=RStreet}}</ref> These 2 facts tend to lead to an increase in attempted security breaches. As an example, in late September 2025, attackers breached [[Discord]]'s 3rd-party customer service portal,<ref name=":2">{{Cite web |date=2025-10-03 |title=Update on a Security Incident Involving Third-Party Customer Service |url=https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |url-status=live |archive-url=https://web.archive.org/web/20251006163040/https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |archive-date=2025-10-06 |access-date=2025-10-07 |website=Discord}}</ref> leading to an estimated 70,000 photo IDs for the United Kingdom being stolen from the platform.<ref>{{Cite web |last=Hunt |first=Troy |date=2025-10-04 |title=X |url=https://x.com/troyhunt/status/1974558088847102289}}</ref>

=== Loss of privacy ===

===Loss of privacy===

Some legal agreements with platforms will allow them to sell user data to 3rd parties, and this may include any legal identification that is given to these companies when signing up. This data can also be given to governments for the purpose of tracking users.

=== Censorship ===

===Censorship===

Users who are forced to give their ID when using a platform may be forced to see feeds only curated for their region,<ref>{{Cite web |date=2025-09-01 |title=Strict Age Verification Laws: Balancing Content Restriction and Educational Rights |url=https://www.thinkacademy.ca/blog/strict-age-verification-laws-impact-k12-education/#:~:text=Impact%20on%20K12,affect%20these%20groups |access-date=2025-09-04 |website=Think Academy}}</ref><ref name=":0">{{Cite web |last=Kelley |first=Jason |last2=Mackey |first2=Aaron |last3=Mullin |first3=Joe |date=2024-02-15 |title=Don’t Fall for the Latest Changes to the Dangerous Kids Online Safety Act |url=https://www.eff.org/deeplinks/2024/02/dont-fall-latest-changes-dangerous-kids-online-safety-act |access-date=2025-09-04 |website=Electronic Frontier Foundation}}</ref> as well as have their content specifically moderated more harshly depending on the region's government. This also can lead to methods where VPNs are used to access content that may otherwise be inaccessible in some regions to no-longer be viable.

==Examples==

=== Legal acts ===

===Legal acts===

* The United Kingdom [[UK Online Safety Act|Online Safety Act]] (OSA)

*The United Kingdom [[UK Online Safety Act|Online Safety Act]] (OSA)

* [[US kids online safety act|US Kids Online Safety Act]] (KOSA)

*EU [[Digital services act]] (DSA)

*[[US kids online safety act|US Kids Online Safety Act]] (KOSA) [[Texas H.B. 1181]] [[Louisiana SB 162]] [[Virginia SB 1515]]

=== Platforms with forced identification ===

===Platforms with forced identification===

* [[Discord]]: United Kingdom

*[[Discord]]: United Kingdom

* [[Google]]: United Kingdom, United States

*[[Google]]: United Kingdom, United States

=== Incidents involving forced identification ===

===Incidents involving forced identification===

* [[Discord]]: Customer service portal had a breach that led to an estimated 70,000 UK IDs stolen.<ref name=":2" />

*[[Discord]]: Customer service portal had a breach that led to an estimated 70,000 UK IDs stolen.<ref name=":2" />

* [[Tea Dating Advice]]: A 4chan post leaked over 72,000 sensitive images, including those with US state IDs.<ref>{{Cite web |last1=Maiberg |first1=Emanuel |last2=Cox |first2=Joseph |date=2025-07-25 |title=Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan |url=https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/ |url-status=live |archive-url=https://web.archive.org/web/20250727101532/https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/ |archive-date=2025-07-27 |access-date=2025-07-27 |work=404 Media}}</ref><ref>{{Cite web |last=Lanz |first=Jose |date=2025-07-25 |title=Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail |url=https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail |url-status=live |archive-url=https://web.archive.org/web/20250727222442/https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail |archive-date=2025-07-27 |access-date=2025-07-27 |work=Decrypt}}</ref><ref>{{Cite web |author=u/B_drgnthrn |date=2025-07-27 |title=Is teaspill just the start? |url=https://www.reddit.com/r/ask/comments/1maag7d/is_teaspill_just_the_start/ |url-status=live |archive-url=https://archive.ph/jduIg |archive-date=2025-07-28 |access-date=2025-07-28 |work=Reddit}}</ref>

*[[Tea Dating Advice]]: A 4chan post leaked over 72,000 sensitive images, including those with US state IDs.<ref>{{Cite web |last1=Maiberg |first1=Emanuel |last2=Cox |first2=Joseph |date=2025-07-25 |title=Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan |url=https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/ |url-status=live |archive-url=https://web.archive.org/web/20250727101532/https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/ |archive-date=2025-07-27 |access-date=2025-07-27 |work=404 Media}}</ref><ref>{{Cite web |last=Lanz |first=Jose |date=2025-07-25 |title=Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail |url=https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail |url-status=live |archive-url=https://web.archive.org/web/20250727222442/https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail |archive-date=2025-07-27 |access-date=2025-07-27 |work=Decrypt}}</ref><ref>{{Cite web |author=u/B_drgnthrn |date=2025-07-27 |title=Is teaspill just the start? |url=https://www.reddit.com/r/ask/comments/1maag7d/is_teaspill_just_the_start/ |url-status=live |archive-url=https://archive.ph/jduIg |archive-date=2025-07-28 |access-date=2025-07-28 |work=Reddit}}</ref>

==References==

@@ Line 9: / Line 9: @@
 Forced Identification's functionality varies based on the region it is enforced within and how it is integrated by the company that uses it. Regardless, the result traditionally leads to sensitive information that is stored on servers that may be breached at any moment.
-The traditional usage of forced identification is for [[age verification]], however there have been other uses as well.
+The traditional usage of forced identification is for [[age verification]], however there have been other uses as well, such as spam prevention.
 ==Why it is a problem==
-=== Risk of lost or stolen data ===
+===Risk of lost or stolen data===
 <blockquote>“Any system can be hacked—this is no longer a secret.”
-― ''Dan Kaminsky, Security Researcher and DNS Expert''</blockquote>There is no such thing as a system that is unable to be breached, and IDs are a valuable product that malicious actors are incentivized to hijack. These 2 facts tend to lead to an increase in attempted security breaches. As an example, in late September 2025, attackers breached [[Discord]]'s 3rd-party customer service portal,<ref name=":2">{{Cite web |date=2025-10-03 |title=Update on a Security Incident Involving Third-Party Customer Service |url=https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |url-status=live |archive-url=https://web.archive.org/web/20251006163040/https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |archive-date=2025-10-06 |access-date=2025-10-07 |website=Discord}}</ref> leading to an estimated 70,000 photo IDs for the United Kingdom being stolen from the platform.<ref>{{Cite web |last=Hunt |first=Troy |date=2025-10-04 |title=X |url=https://x.com/troyhunt/status/1974558088847102289}}</ref>
+― ''Dan Kaminsky, Security Researcher and DNS Expert''</blockquote>There is no such thing as a system that is unable to be breached,<ref>{{Cite web |last=Aj |first= |date=Sep 7, 2025 |title=Why “Unhackable” Systems Don’t Exist: Lessons from the Frontlines |url=https://osintteam.blog/why-unhackable-systems-dont-exist-lessons-from-the-frontlines-6fd517d117ba |access-date=Oct 22, 2025 |website=osintteam.blog}}</ref> and IDs are a valuable product that malicious actors are incentivized to hijack.<ref>{{Cite web |last=Weissmann |first=Shoshana |date=May 22, 2023 |title=If platforms are required to have your government IDs and face scans, hackers and enemy governments can access them too |url=https://www.rstreet.org/commentary/if-platforms-are-required-to-have-your-government-ids-and-face-scans-hackers-and-enemy-governments-can-access-them-too/ |access-date=Oct 22, 2025 |website=RStreet}}</ref> These 2 facts tend to lead to an increase in attempted security breaches. As an example, in late September 2025, attackers breached [[Discord]]'s 3rd-party customer service portal,<ref name=":2">{{Cite web |date=2025-10-03 |title=Update on a Security Incident Involving Third-Party Customer Service |url=https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |url-status=live |archive-url=https://web.archive.org/web/20251006163040/https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |archive-date=2025-10-06 |access-date=2025-10-07 |website=Discord}}</ref> leading to an estimated 70,000 photo IDs for the United Kingdom being stolen from the platform.<ref>{{Cite web |last=Hunt |first=Troy |date=2025-10-04 |title=X |url=https://x.com/troyhunt/status/1974558088847102289}}</ref>
-=== Loss of privacy ===
+===Loss of privacy===
 Some legal agreements with platforms will allow them to sell user data to 3rd parties, and this may include any legal identification that is given to these companies when signing up. This data can also be given to governments for the purpose of tracking users.
-=== Censorship ===
+===Censorship===
 Users who are forced to give their ID when using a platform may be forced to see feeds only curated for their region,<ref>{{Cite web |date=2025-09-01 |title=Strict Age Verification Laws: Balancing Content Restriction and Educational Rights |url=https://www.thinkacademy.ca/blog/strict-age-verification-laws-impact-k12-education/#:~:text=Impact%20on%20K12,affect%20these%20groups |access-date=2025-09-04 |website=Think Academy}}</ref><ref name=":0">{{Cite web |last=Kelley |first=Jason |last2=Mackey |first2=Aaron |last3=Mullin |first3=Joe |date=2024-02-15 |title=Don’t Fall for the Latest Changes to the Dangerous Kids Online Safety Act |url=https://www.eff.org/deeplinks/2024/02/dont-fall-latest-changes-dangerous-kids-online-safety-act |access-date=2025-09-04 |website=Electronic Frontier Foundation}}</ref> as well as have their content specifically moderated more harshly depending on the region's government. This also can lead to methods where VPNs are used to access content that may otherwise be inaccessible in some regions to no-longer be viable.
 ==Examples==
-=== Legal acts ===
+===Legal acts<!-- Make sure all articles linked here are bluelinked! -->===
-* The United Kingdom [[UK Online Safety Act|Online Safety Act]] (OSA)
+*The United Kingdom [[UK Online Safety Act|Online Safety Act]] (OSA)
-* [[US kids online safety act|US Kids Online Safety Act]] (KOSA)
+*EU [[Digital services act]] (DSA)
+*[[US kids online safety act|US Kids Online Safety Act]] (KOSA) [[Texas H.B. 1181]] [[Louisiana SB 162]] [[Virginia SB 1515]]
-=== Platforms with forced identification ===
+===Platforms with forced identification<!-- Please organize this list in this format: - [company]: [region 1], [region 2], [region 3], etc.  To save space, if multiple countries in a given region is doing this, group them together! For example, if Germany, France, Sweden, and more have forced ID laws, and Reddit follows them, you can display it as: - Reddit: EU -->===
-* [[Discord]]: United Kingdom
+*[[Discord]]: United Kingdom
-* [[Google]]: United Kingdom, United States
+*[[Google]]: United Kingdom, United States
-=== Incidents involving forced identification ===
+===Incidents involving forced identification<!-- Please keep summaries brief! -->===
-* [[Discord]]: Customer service portal had a breach that led to an estimated 70,000 UK IDs stolen.<ref name=":2" />
+*[[Discord]]: Customer service portal had a breach that led to an estimated 70,000 UK IDs stolen.<ref name=":2" />
-* [[Tea Dating Advice]]: A 4chan post leaked over 72,000 sensitive images, including those with US state IDs.<ref>{{Cite web |last1=Maiberg |first1=Emanuel |last2=Cox |first2=Joseph |date=2025-07-25 |title=Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan |url=https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/ |url-status=live |archive-url=https://web.archive.org/web/20250727101532/https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/ |archive-date=2025-07-27 |access-date=2025-07-27 |work=404 Media}}</ref><ref>{{Cite web |last=Lanz |first=Jose |date=2025-07-25 |title=Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail |url=https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail |url-status=live |archive-url=https://web.archive.org/web/20250727222442/https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail |archive-date=2025-07-27 |access-date=2025-07-27 |work=Decrypt}}</ref><ref>{{Cite web |author=u/B_drgnthrn |date=2025-07-27 |title=Is teaspill just the start? |url=https://www.reddit.com/r/ask/comments/1maag7d/is_teaspill_just_the_start/ |url-status=live |archive-url=https://archive.ph/jduIg |archive-date=2025-07-28 |access-date=2025-07-28 |work=Reddit}}</ref>
+*[[Tea Dating Advice]]: A 4chan post leaked over 72,000 sensitive images, including those with US state IDs.<ref>{{Cite web |last1=Maiberg |first1=Emanuel |last2=Cox |first2=Joseph |date=2025-07-25 |title=Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan |url=https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/ |url-status=live |archive-url=https://web.archive.org/web/20250727101532/https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/ |archive-date=2025-07-27 |access-date=2025-07-27 |work=404 Media}}</ref><ref>{{Cite web |last=Lanz |first=Jose |date=2025-07-25 |title=Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail |url=https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail |url-status=live |archive-url=https://web.archive.org/web/20250727222442/https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail |archive-date=2025-07-27 |access-date=2025-07-27 |work=Decrypt}}</ref><ref>{{Cite web |author=u/B_drgnthrn |date=2025-07-27 |title=Is teaspill just the start? |url=https://www.reddit.com/r/ask/comments/1maag7d/is_teaspill_just_the_start/ |url-status=live |archive-url=https://archive.ph/jduIg |archive-date=2025-07-28 |access-date=2025-07-28 |work=Reddit}}</ref>
 ==References==