Forced identification: Difference between revisions
→Incidents involving forced identification: fixed ref |
m link forced-acc |
||
| (16 intermediate revisions by 9 users not shown) | |||
| Line 1: | Line 1: | ||
{{See also|Age verification|De-anonymization}} | {{See also|Age verification|De-anonymization}} | ||
Forced Identification is the practice of forcing the user to unnecessarily provide their ID in order to access a product or service. The primary concern for forced identification comes from how services neglect to adequately secure this sensitive information for its user base, leading to dangerous security breaches occurring. | Forced Identification is the practice of forcing the user to unnecessarily provide their ID in order to access a product or service. The primary concern for forced identification comes from how services neglect to adequately secure this sensitive information for its user base, leading to dangerous security breaches occurring. | ||
Unlike with traditional consumer protection incidents, Forced Identification is typically caused by governmental laws, such as the UK Online Safety Act, rather than any sort of intentional data collection completed by other companies. | Unlike with traditional consumer protection incidents, Forced Identification is typically caused by governmental laws, such as the ''[[UK Online Safety Act]]'', rather than any sort of intentional data collection completed by other companies. | ||
==How it works== | ==How it works== | ||
| Line 16: | Line 15: | ||
<blockquote>“Any system can be hacked—this is no longer a secret.” | <blockquote>“Any system can be hacked—this is no longer a secret.” | ||
― ''Dan Kaminsky, Security Researcher and DNS Expert''</blockquote>There is no such thing as a system that is unable to be breached,<ref>{{Cite web |last=Aj |first= |date=Sep 7, 2025 |title=Why “Unhackable” Systems Don’t Exist: Lessons from the Frontlines |url=https://osintteam.blog/why-unhackable-systems-dont-exist-lessons-from-the-frontlines-6fd517d117ba |access-date=Oct 22, 2025 |website=osintteam.blog}}</ref> and IDs are a valuable product that malicious actors are incentivized to hijack.<ref>{{Cite web |last=Weissmann |first=Shoshana |date=May 22, 2023 |title=If platforms are required to have your government IDs and face scans, hackers and enemy governments can access them too |url=https://www.rstreet.org/commentary/if-platforms-are-required-to-have-your-government-ids-and-face-scans-hackers-and-enemy-governments-can-access-them-too/ |access-date=Oct 22, 2025 |website=RStreet}}</ref> These 2 facts tend to lead to an increase in attempted security breaches. As an example, in late September 2025, attackers breached [[Discord]]'s 3rd-party customer service portal,<ref name=":2">{{Cite web |date=2025-10-03 |title=Update on a Security Incident Involving Third-Party Customer Service |url=https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |url-status=live |archive-url=https://web.archive.org/web/20251006163040/https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |archive-date=2025-10-06 |access-date=2025-10-07 |website=Discord}}</ref> leading to an estimated 70,000 photo IDs for the United Kingdom being stolen from the platform.<ref>{{Cite web |last=Hunt |first=Troy |date=2025-10-04 |title=X |url=https://x.com/troyhunt/status/1974558088847102289}}</ref> | ― ''Dan Kaminsky, Security Researcher and DNS Expert''</blockquote>There is no such thing as a system that is unable to be breached,<ref>{{Cite web |last=Aj |first= |date=Sep 7, 2025 |title=Why “Unhackable” Systems Don’t Exist: Lessons from the Frontlines |url=https://osintteam.blog/why-unhackable-systems-dont-exist-lessons-from-the-frontlines-6fd517d117ba |access-date=Oct 22, 2025 |website=osintteam.blog}}</ref> and IDs are a valuable product that malicious actors are incentivized to hijack.<ref>{{Cite web |last=Weissmann |first=Shoshana |date=May 22, 2023 |title=If platforms are required to have your government IDs and face scans, hackers and enemy governments can access them too |url=https://www.rstreet.org/commentary/if-platforms-are-required-to-have-your-government-ids-and-face-scans-hackers-and-enemy-governments-can-access-them-too/ |access-date=Oct 22, 2025 |website=RStreet |archive-url=http://web.archive.org/web/20260205235858/https://www.rstreet.org/commentary/if-platforms-are-required-to-have-your-government-ids-and-face-scans-hackers-and-enemy-governments-can-access-them-too/ |archive-date=5 Feb 2026}}</ref> These 2 facts tend to lead to an increase in attempted security breaches. As an example, in late September 2025, attackers breached [[Discord]]'s 3rd-party customer service portal,<ref name=":2">{{Cite web |date=2025-10-03 |title=Update on a Security Incident Involving Third-Party Customer Service |url=https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |url-status=live |archive-url=https://web.archive.org/web/20251006163040/https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |archive-date=2025-10-06 |access-date=2025-10-07 |website=Discord}}</ref> leading to an estimated 70,000 photo IDs for the United Kingdom being stolen from the platform.<ref>{{Cite web |last=Hunt |first=Troy |date=2025-10-04 |title=X |url=https://x.com/troyhunt/status/1974558088847102289}}</ref> | ||
===Loss of privacy=== | ===Loss of privacy=== | ||
Some legal agreements with platforms will allow them to sell user data to 3rd parties, and this may include any legal identification that is given to these companies when signing up. This data can also be given to governments for the purpose of tracking users. | Some legal agreements with platforms will allow them to sell user data to 3rd parties,{{Citation needed|reason=read comment}}<!-- We need to point to a few legal agreements that mention this info --> and this may include any legal identification that is given to these companies when signing up. This data can also be given to governments for the purpose of tracking users.<!-- Citation maybe needed; if you find a decent article talking about this, include it here! --> | ||
===Censorship=== | ===Censorship<!-- This may need more references added! -->=== | ||
Users who are forced to give their ID when using a platform may be forced to see feeds only curated for their region,<ref>{{Cite web |date=2025-09-01 |title=Strict Age Verification Laws: Balancing Content Restriction and Educational Rights |url=https://www.thinkacademy.ca/blog/strict-age-verification-laws-impact-k12-education/#:~:text=Impact%20on%20K12,affect%20these%20groups |access-date=2025-09-04 |website=Think Academy}}</ref><ref name=":0">{{Cite web |last=Kelley |first=Jason |last2=Mackey |first2=Aaron |last3=Mullin |first3=Joe |date=2024-02-15 |title=Don’t Fall for the Latest Changes to the Dangerous Kids Online Safety Act |url=https://www.eff.org/deeplinks/2024/02/dont-fall-latest-changes-dangerous-kids-online-safety-act |access-date=2025-09-04 |website=Electronic Frontier Foundation}}</ref> as well as have their content specifically moderated more harshly depending on the region's government. This also can lead to methods where VPNs are used to access content that may otherwise be inaccessible in some regions to no-longer be viable. Besides that, dissidents or exiles of certain authoritarian countries may face transnational repressions if the databases containing their ID details suffer data breaches. | Users who are forced to give their ID when using a platform may be forced to see feeds only curated for their region,<ref>{{Cite web |date=2025-09-01 |title=Strict Age Verification Laws: Balancing Content Restriction and Educational Rights |url=https://www.thinkacademy.ca/blog/strict-age-verification-laws-impact-k12-education/#:~:text=Impact%20on%20K12,affect%20these%20groups |access-date=2025-09-04 |website=Think Academy |archive-url=http://web.archive.org/web/20251021043327/https://www.thinkacademy.ca/blog/strict-age-verification-laws-impact-k12-education/ |archive-date=21 Oct 2025}}</ref><ref name=":0">{{Cite web |last=Kelley |first=Jason |last2=Mackey |first2=Aaron |last3=Mullin |first3=Joe |date=2024-02-15 |title=Don’t Fall for the Latest Changes to the Dangerous Kids Online Safety Act |url=https://www.eff.org/deeplinks/2024/02/dont-fall-latest-changes-dangerous-kids-online-safety-act |access-date=2025-09-04 |website=Electronic Frontier Foundation |archive-url=http://web.archive.org/web/20260222141612/https://www.eff.org/deeplinks/2024/02/dont-fall-latest-changes-dangerous-kids-online-safety-act |archive-date=22 Feb 2026}}</ref> as well as have their content specifically moderated more harshly depending on the region's government. This also can lead to methods where [[wikipedia:Virtual_private_network|VPNs]] are used to access content that may otherwise be inaccessible in some regions to no-longer be viable. Besides that, dissidents or exiles of certain authoritarian countries may face transnational repressions if the databases containing their ID details suffer data breaches. | ||
== | ==See also== | ||
*[[Forced account]] | |||
*[[Anti-privacy legislation]] | |||
== | ==External links== | ||
*[https://action.freespeechcoalition.com/age-verification-bills/all "Every age verification bill targeted at “material harmful to minors” introduced after 2021"]''FSC Action Center'' | |||
* | *[https://action.freespeechcoalition.com/age-verification-resources/global-age-verification-policies "Global Age-Verification Policies"]''FSC Action Center'' | ||
*[ | |||
==References== | ==References== | ||