Mildly Infuriating @lemmy.world fne8w2ah @lemmy.world 1 yr. ago

Twitter/X new ID Verification - First Look

cross-posted from: https://lemmy.world/post/3291604

Thanks to Popcrave https://twitter.com/popcrave/status/1691852136236327316?s=46&t=lcH0dp9biwkMEBKsRQeVeQ

Who here is going to put their ID and photo on X/Twitter

Technology @lemmy.world DarkUFO @lemmy.world 1 yr. ago

You're viewing a single thread.

72 comments

From the text on there, you can see it's probably not that insecure. Au10tix is the company actually doing the identity verification and they're an Israel-based company that seems to be pretty legit. I bet X only stores the data in-memory while they send it over to the appropriate APIs or something like that.

Not that I trust them anyway with who's in charge over there.
- As a Cyber Security professional I am telling you now, it is not a matter of “if” Au10tix get hacked and leak data it is when.
  
  Everyone should minimise the number of companies with important Personally Identifiable Information to prevent identity theft and other scams.
  
  Companies are not trustworthy while they are motivated solely by profit.
  
  I would hope that people who have embraced the Fediverse concept over corporate options would be more discerning with their personal information.
  
  it infuriates me to no end that so many people are willing to go over to places like blue sky, spoutible, threads. Instead of capitalizing (no pun intended) on this golden opportunity to re-invent social media to be owned by everyone/no one instead of billionaires/corporations/capitalists by embracing the fediverse.
  
  SO! FUCKING! INFURIATING!
- The text says that you give X permission to store the image of your id for 30 days. If you trust them to delete it after that, then I don’t know how to help you.
  
  Even if they do delete them, there will be millions of id images stored at any time.
  
  What's the worst thing that could happen? I mean, we're already spied on constantly anyways.
  
  Would you mind proxying all your data through my server? I MITM all TLS traffic, but as you're already being spied on constantly anyways, there's really no harm in opening yet another possible hole, right?
  
  Sure, DM me the details.
- The fine print right there in the screenshot explicitly says that they can and will do more than that with the information.

You've viewed 72 comments.