Yoti age checks share facial photos and device fingerprints with third parties(techxplore.com)

131 pointsby Lihh277 hours ago11 comments

internet1010102 hours ago
The third-party list on page 12 is not small. The real-time api architecture creates a live, per-query link between a specific user event and every broker in the chain. Batch transfers or delta shares would break that linkage. Zero-knowledge proofs (also mentioned in the study) can prove age without handing anyone a name, document, or photo.
There's no reason Aristotle or Veratad should see who the underlying requestor is. Yoti should receive the verification request, strip the context, make the request - that's it. The fact that it isn't structured that way and they are tagging on additional metadata suggests per-query economics, which creates a direct incentive to route more verifications through more parties, exactly backwards from data minimization. I'm not going to call it a rev share, but the architecture is consistent with one.
- rockskon2 hours ago
  While I agree with your claim that it is likely the number of third parties info is being routed to is likely related to per-query economics, I want to note that ZKP are not magic. They tend to either be worthless at preventing fraud or require so much additional context as to question how much privacy is really being preserved.
  While ZKP is more useful in limiting how much info is provided and, depending on implementation letting you make sure of the full scope of information acquired....if it literally only validates age then there's nothing other than logistics preventing a single adult from authenticating the entire world.
  - internet1010102 hours ago
    Totally agree. Was just trying to emphasize that there are better ways to do this if privacy and security are something that Yoti actually cares about. ZKP is not a magic bullet.
beloch4 hours ago
If a city hires a cop who openly accepts bribes, it's a problem for city hall. If they tolerate crooked cops, they are rightly painted as being corrupt as well.
If a government mandates age verification and tolerates companies like Yoti as enforcers of their law, it's exactly the same thing. If politicians aren't willing to see that new laws are enforced with integrity, then these corrupt politicians are the problem and need to face the consequences.
- AntosTools3 hours ago
  You're right but its not just the politicians unfortunately, one of the main reasons the general population isn't acutely aware of these kinds of occurrences(Yoti is not the only culprit) is because major news outlets don't give these stories the time of day. If were putting blame on politicians for their contributions to this problem we should also do the same for political news outlets. If they had a shred of moral decency and weren't corrupt they would allow and want this news to spread openly.
Tanoc6 hours ago
I've been telling people for years now not to engage with systems such as these. Some say I'm just being paranoid. But a growing number concerningly reply with either "So? What are they gonna do with it?" or "They already have it, it doesn't matter." Normal people either don't know the dangers present or they don't understand that stopping the flow hurts the machine. And they want neither to know or understand. Apathy or the desire for convenience cannot adequately explain why.
- PaulKeeble5 hours ago
  All this biometric data is setting people up for identity theft attacks. These types of attacks are going to grow enormously over the coming years as biometric data is gathered and leaked on a massive scale. Anything put on the internet has been leaked already, almost every company with a web presence has lost data. Biometrics unlike passwords, phone numbers and credit cards can not be changed.
  - quantummagic5 hours ago
    And that assumes a relatively stable environment; but politics can change drastically for the worse. We have examples from relatively recent history of governments turning evil, rounding up unfavored groups, and shipping them off in rail cars to an early demise. God forbid it happens again with all the information available to sort, categorize, and identify people.
- diegof794 hours ago
  But what is the alternative?
  Many of these systems are added to digital wallets due to legal requirements or fraudulent cases. For example, one case of fraud that I’m aware of happened in Chile, where citizens were able to open bank accounts digitally with just their ID. But since there is no good biometric information, many criminals took the IDs of homeless people to open accounts and move money around.
  Sadly, these shitting things happen, then companies use these services to avoid the liability, and then these services abuse the information they have.
  People don’t have much choice unless their representatives in government do something; it’s not about apathy: you can stop using one bank app, but not all of them otherwise you’ll be out of the financial system.
  - rockskon2 hours ago
    I recall at an old place of work, the security office having a poster on the wall that said something to the effect of "if your facial biometrics get compromised, you must change your face".
    Silly as they were trying to be, the concept still holds -
    Facial biometrics can and do get compromised too. Your example of IDs taken from the homeless - what the heck prevents organized criminals from taking pictures or recordings of their faces too?
    Already there's malware out there stealing facial recognition data from infected devices (ESET reported on this nearly two years ago). Unlike changeable passwords, once your facial recognition data is compromised then that's it. Scammers can now impersonate you on top of having defeated this additional layer of fraud prevention.
- joshuaissac5 hours ago
  What can people do? Systems like these are mandated by companies that provide services that people need, and they are hard to avoid. In-person verification is sometimes an option but not always.
- Grom_PE5 hours ago
  Since those people don't care about privacy and anonymity, perhaps they are also willing to trade by verifying for someone who does care?
- Havoc4 hours ago
  >not to engage with systems such as these
  Yoti is used by governments. Principled stances are all good and well for hn comments but eventually collide with reality
  - Tanoc4 hours ago
    Governments, regardless of what threat they wield against those they supposedly govern, are limited by the fact that they are organizations run by humans. For now. God forbid we ever reach the point where there are no humans... Anyways, because of that they require humans to ensure enforcement. A major reason why Yoti is able to do what it's doing is because there are no humans enforcing privacy and data protection laws against them. This means the reverse can also be true, where enough people motivated to do so can simply not enforce whatever requirement there is for Yoti's services to be used. Because the social contract's been not only breached but shredded and spread to the wind this is very likely to occur. In my viewpoint unfortunately the most likely reason is because they'll go with somebody else other than Yoti that provides more favourable terms, but that's an aside to the likely situation I outlined.
    ian_holt3 hours ago
    In addition, to the fact that governments are still run by us mere mortals, is the fact that even the government is unable to 100% to guarantee that our data is "safe" in their hands...
- AlienRobot5 hours ago
  What I'm afraid of is that this is all a ticking bomb that is going to explode VERY hard on the most technologically vulnerable.
- GuB-424 hours ago
  > Normal people either don't know the dangers present
  But what are the dangers? I mean concretely, in a way that can affect their day to day life, with significant probabilities.
  HN is a tech forum, people here are very aware the tech risks. But talk to anyone in a given field and they will find a way to scare you. Don't go out in the sun without SPF50 gear or you will get cancer, your house electrical system is a fire hazard because you don't have the latest breakers, buy a gun, don't buy a gun, have this and that survival equipment, learn self defense, never talk to the cops, don't leave your drink unattended,...
  At some point, people just want to stop worrying and do their things. And guess what, most people are fine! In fact considering how many things can turn bad, normal people are rather good at avoiding the worst despite an apparently carefree attitude. Meaning they are not so bad at evaluating risks, and that society has pretty good guardrails.
  So cut normal people some slack unless they are in immediate danger (for example if they are in the process of responding to fishing), uploading their picture to Yoti is not that. They have other worries in their own field.
  Inform them, but don't press it, and if you are in the field, your job is to help normal people be carefree, not cause more anxiety, they have more than enough already.
  - Tanoc4 hours ago
    One of the dangers is in the ability to cross-nationally attack someone. As digital infrastructure continues to encompass more and more facets of necessary interactions with the government and governments force more and more points of interaction someone from a foreign nation could destroy the life of someone who is interfering with their aims. Say someone has published an article that reveals the terrible behaviour of a given company. Someone hired by the company can use a variety of data points to not only track down who that person is, but where they live and even which room in their house they spend the most time in. With that kind of information it would be easy to financially, reputationally, or mortally wound someone. With the worryingly swift growth rate of corruption this could apply at any level for any reason. And unlike for example the difficulty of getting into a car crash or robbing a cash register, digital infrastructure makes all of this remarkably easy and for some parts even free. With modern LLM agents it could be entirely automated so that no human is ever involved, and because there's so few current guardrails and such a vehement protestation against any being implemented the agent could wipe it's connection to it's handler so that nobody ever faces any consequences.
    The thing is, this kind of stuff already happens all the time. The number of spam calls people suffer through are a direct result of companies digging through the contacts list after being granted that permission (though often without being granted that permission), then selling that data to brokers. Data breaches that wipe people's credit or force a credit freeze because they bought something ten years ago are another common one. Or think about package stalking, where people get access to someone's purchase history and the tracking number to a purchase so that they can steal it in transit or once it arrives. There's a number of beatings and murders that have happened because of police officers being able to access surveillance tools to track former romantic partners or spouses. All of these are different parts of the lack of privacy, and they're all getting worse because the tools that are used to surveil are becoming more widespread and more accessible.
    Privacy is a protection against the intelligent attacks of other humans. It is not a frill that can be taken away without ridiculous and trailing harm.
falsaberN16 hours ago
There isn't enough noise about this kinda news.
People need to learn to distrust such systems and exposing failings such as this one is a good way to do it.
We aren't going to be free of this stuff until the average Joe's mom hear of "forced age verification" and associate it to "unsafe".
shreyasminocha16 minutes ago
Lead author here, happy to answer any questions about the study!
unknown_user_84an hour ago
Probably worth mentioning that I just did a very informal and quick review of identity/age verification providers because of payment provider requirements. Yoti came up as one of the more privacy focused (relatively) lower friction options because they only require a face scan and try to estimate age based on that. They may do more but that is as far as my research got.
SwellJoe4 hours ago
Age check is identity theft at scale, mandated by the state. A disaster waiting to happen (and it won't wait long).
gruez6 hours ago
>TABLE 2. USER AGENT METADATA FIELDS (“CLIENT HINTS”) SENT AS PART OF YOTI’S AGE ESTIMATION METHOD
As far as device fingerprinting goes, this is pretty tame, compared to what something like chatgpt does: https://www.buchodi.com/chatgpt-wont-let-you-type-until-clou...
The far more concerning part are your pictures/document scans getting sent to them.
pmh6 hours ago
The paper is https://mikespecter.com/assets/pdf/AgeVerification.pdf (good on them for linking it)
The rest of the IEEE Symposium on Security and Privacy papers are listed at https://sp2026.ieee-security.org/accepted-papers.html
gum_wobble6 hours ago
Yeah, well, I mean, ahah, you don't say :)
wmf6 hours ago
Every app shares all data with third parties. The concept of privacy labeling has completely failed and it's time to try a new approach.