this post was submitted on 26 Jul 2025
514 points (99.0% liked)

Technology

73254 readers
3767 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
514
Brits can get around Discord's age verification thanks to Death Stranding's photo mode, bypassing the measure introduced with the UK's Online Safety Act. We tried it and it works—thanks, Kojima (www.pcgamer.com)
submitted 1 day ago by Interstellar_1@lemmy.blahaj.zone to c/technology@lemmy.world
47 comments fedilink hide all child comments
top 47 comments
sorted by: hot top controversial new old
[–] Havatra@lemmy.zip 137 points 1 day ago (4 children)

It's fun that one can use games for it, but it shouldn't be difficult to do the same through AI-generated imagery either, which isn't much more difficult.

Even though this method is flawed, one shouldn't really use ID-only verification either imho, as it's a security risk to upload any official document like that (ref. Tea app leaks).

The whole age verification that the UK wants to impose has been quite the impossible task from the beginning. Creating government-backed education for (future) parents about how to raise a kid and protect them in today's digital society would be more efficient than this, if we really are thinking of what is best for the kids. But alas, there are zero requirements to become a parent...

[–] Voroxpete@sh.itjust.works 29 points 1 day ago (1 children)

The problem, as always, is that parents don't want to put the work into educating their children, they want the government to wave a magic wand and make the problem go away. And that's what gets you half assed solutions like this.

[–] leraje@piefed.blahaj.zone 30 points 1 day ago (1 children)

The OSA is nothing to do with kids or parenting and everything to do with further developing surveillance of the UK and controlling what we can access.

I guarantee you, at some point after this will come prohibiting content deemed terrorism such as mentions of the word 'palestine' and 'action' in the same paragraph for example.

Sooner or later we'll have our own pseudo or real great firewall. I expect them to come after VPN use at some point too.

[–] towerful@programming.dev 15 points 21 hours ago

VPNs are next.

People circumventing the OSA.
THINK OF THE CHILDREN!
VPNs banned

[–] Im_old@lemmy.world 22 points 1 day ago (1 children)

Tbh just take any stock photo from image search online

[–] echodot@feddit.uk 6 points 8 hours ago

No it's okay they promise they definitely delete all photographs as soon as you're verified. They totally don't keep them around in an insecure format or anything like that. They promise.

[–] ColeSloth@discuss.tchncs.de 0 points 22 hours ago (2 children)

Neither is taking a picture of nearly any stranger about to take a bite of food at a fast food place and then walking over and snapping another picture of them. What they gonna do about it?

[–] ChaoticEntropy@feddit.uk 3 points 21 hours ago (1 children)

You can't use a picture of me eating noodles to open a bank account.

[–] XTL@sopuli.xyz 1 points 6 hours ago (1 children)

How about two gym memberships and a library card?

[–] ChaoticEntropy@feddit.uk 1 points 5 hours ago

Results may vary.

[–] MilitantAtheist@lemmy.world 1 points 7 hours ago

Can't say about any stranger, but you and I would have a problem. 😂

[–] rob_t_firefly@lemmy.world 56 points 1 day ago* (last edited 1 day ago) (3 children)

This is a clever way to bypass. If they get wise and somehow filter out Sam Porter Bridges' face, you could always fire up any of the games of comparable visual realism which let you design your own character's appearance.

[–] echodot@feddit.uk 14 points 8 hours ago (1 children)

Just get an AI to generate a face. If it's prepared to accept photos from video games and it'll probably accept AI generated images.

Not really that I expected competence.

[–] lepinkainen@lemmy.world 8 points 9 hours ago

It’s not just the realistic appearance, it’s the fact you can make the character do the specific expressions required, like opening your mouth etc

[–] FuckFascism@lemmy.world 7 points 16 hours ago

The one thing AI might be good for

[–] Quicky@piefed.social 24 points 1 day ago* (last edited 1 day ago) (5 children)

I've seen this suggested elsewhere and it seems like the least intrusive suggestion to me - why not simply use the device as the age verification. Almost every phone/tablet/computer already knows your age through it's own sign-up/activation method, so why not allow the device to offer an API that provides age verification to sites that require it.

It could simply be a permissions-based answer where an adult site requests a yes/no answer to the question "is this user an adult" from the device and the user is prompted to provide the permissions for the site to have that data.

This would solve the problem for the vast majority of iphone/android/windows/macos consumers.

[–] markovs_gun@lemmy.world 74 points 1 day ago (2 children)

Spoiler alert- the point isn't to keep kids from looking at porn, it's to keep adults from looking at it too.

[–] Quicky@piefed.social 7 points 1 day ago (1 children)

Whether or not that's the case, I think the proposed technical implementation above is a better way of enforcing the actual law than what's been applied so far.

[–] markovs_gun@lemmy.world 13 points 1 day ago (1 children)

Yeah I do too, but so would anyone who was seriously thinking about this in terms of keeping kids from looking at porn rather than restricting access to "adult content" (whatever that means) more broadly. Any programmer worth their salt would have immediately suggested "hey this is a bad idea we should do it this other way" when asked about the viability of the current solution and yet this was ignored.

[–] ErmahgherdDavid@lemmy.dbzer0.com 4 points 7 hours ago* (last edited 7 hours ago)

My entire experience as a software engineer for the last 15 years has been being ignored by the non-exprerts in charge. It goes like this:

MBA: I want to solve this problem using this solution

Me: that won't solve the problem well, how about-

MBA: I don't care for the laws of reality. Do it my way [or find another job]!

They say they want our expertise but really they want validation of their own terrible ideas and they think coercing experts with threats of unemployment is as valuable as actually listening to those experts.

This applies as much to the public sector and the absolute clowns we vote in to govern us as it does to the private sector where the clowns hold the purse strings. Frankly it makes me want to give up the subject I have a PhD in and grow potatoes on a remote island somewhere.

[–] brachiosaurus@mander.xyz 1 points 6 hours ago

Do you actually believe the government care about people not watching porn? The whole point is mass surveillance and to extend ID verification to the internet.

[–] Deestan@lemmy.world 25 points 1 day ago* (last edited 1 day ago) (1 children)

The goal is to introduce general surveillance and censorship mechanisms. Whether they be technical, legal precedence, tested boundaries, or changes in laws and government positions.

Porn age stuff is just a convenient entry point. Solving just that without the survellance mechamisms is pointless to these people.

[–] Quicky@piefed.social 4 points 1 day ago (1 children)

Yeah, I'm not getting involved in the politics or reasoning of the assumed end goal, I'm just talking from a technical standpoint.

[–] Deestan@lemmy.world 4 points 1 day ago

That is important. Pointing out sane alternatives helps make it clear this isn't an acceptable solution.

[–] BeardedBlaze@lemmy.world 9 points 23 hours ago (1 children)

None of my devices required any kind of sign-up/activation.

[–] Quicky@piefed.social -2 points 23 hours ago (1 children)

I mean, great? Most mainstream devices do however, whether it's an AppleID, Google account or Microsoft account.

[–] BeardedBlaze@lemmy.world 6 points 21 hours ago (1 children)

It's not a requirement on Android. Like at all. My Windows 10 also isn't signed into Microsoft Account.

[–] Quicky@piefed.social -2 points 21 hours ago (1 children)

There absolutely is a minimum age requirement to set up a Google account, which you can see from their Ts & Cs. Whether that is enforced is an entirely different question.

[–] BeardedBlaze@lemmy.world 6 points 11 hours ago (1 children)

You don't need a google account to use android.

[–] Quicky@piefed.social 1 points 6 hours ago* (last edited 6 hours ago)

No you don't, but like I say, I'm talking about the majority of users.

Again though, and I'm copying this from a previous response, I think it's worth remembering that this is a suggestion, and not even originally mine. If you're happier to use the current multitude of age verification services that differ on a per-site basis, with all the security vulnerabilities, risk, and inconvenience that entails, then feel free. Or bypass them using the methods suggested.

I'm literally just providing a better technical solution than has been implemented. What I'm not suggesting is "this is the answer to everyone's problem".

[–] LostXOR@fedia.io 3 points 1 day ago (1 children)

The problem is that would be incredibly easy to bypass at multiple levels. You could set your age as >18 when configuring your device's account (they don't check ID) or modify the OS/browser/client-side webpage itself (the latter of which a simple browser extension could accomplish).

[–] Quicky@piefed.social 4 points 1 day ago* (last edited 23 hours ago)

As we've seen, the current system is incredibly easy to bypass. There are plenty of ways to game or avoid the age checks.

The current implementation also uses multiple different age verification services, on a per-site basis. This proposed one reduces data exposure vulnerabilities to a fraction.

[–] iglou@programming.dev 2 points 23 hours ago (1 children)

Except there is no ID/age verification when you create a Google or Microsoft account (no idea about Apple, don't use that crap), so you're suggesting that the "birthday" field where I can set whatever date I want should be a standard age verification method?

[–] Quicky@piefed.social 1 points 21 hours ago* (last edited 17 hours ago) (1 children)

Jesus Christ, no, I'm not suggesting that nothing changes from exactly what we do now. I'm suggesting a new, more secure, less intrusive method, and it's not even an original suggestion. Just try a little bit of thought.

If it's going to be implemented by law anyway, the age verification should be at the device level. The device accounts already do ask your age - directly or indirectly - although it's not stringently enforced, however each of the big 3 already have a minimum age requirement to set up an account as per their terms and conditions.

It's not a big leap to suggest that true age verification is done at that point seeing as you already often have to provide an age or payment information to set up on-device payment details, meaning there's no need to involve a third party at any other subsequent point.

[–] iglou@programming.dev 3 points 16 hours ago* (last edited 16 hours ago) (1 children)

Honestly, I'd rather see official governmental third parties that handle ID verification and guarantee to discord and any service needing age verification that the user is over the required age. Not comfortable with sharing any sort of verifying data with private companies, even less american companies. I have to for some stuff, but... Not liking it one bit.

There is already a few countries here in Europe with an official governmental identity verification system, and I'm pretty sure age verification can be done through them. I think the EU is also working on a system covering the entirety of Europe, but not certain.

[–] Quicky@piefed.social 3 points 15 hours ago (1 children)

The difficulty you might end up with there is governments not permitting their age verification system for certain sites if they desired. Meaning even greater governmental control of what sites you can access.

[–] iglou@programming.dev 1 points 10 hours ago

Well then the site uses a different system that complies with regulations. I don't see this as a problem, it doesn't have to be the only service that can verify your age.

[–] Deebster@infosec.pub 20 points 1 day ago* (last edited 1 day ago) (2 children)

The techies implementing it probably knew this, but hoped that people would just quietly do it and not blast the news all over the internet. Nope!

I guess soon there will be only the more intrusive/trackable options like credit card or bank details.

[–] MonkderVierte@lemmy.zip 5 points 1 day ago* (last edited 23 hours ago)

Then come the hacks and abuses (executives and politicians not excluded) and we are back to square one, except that everybody and the innocents lost something while the cybercrime syndicates had a field day.

[–] WhyJiffie@sh.itjust.works 4 points 22 hours ago (1 children)

I don't think credit cards are more intrusive than forced selfies, to the contrary.

[–] Deebster@infosec.pub 2 points 20 hours ago

I think that credit cards are unambiguously tied to you, whereas a photo could be a bunch of people. I appreciate that having someone take a photo of you before you go to a porn site isn't exactly anyone's idea of a utopia.

[–] Frenchfryenjoyer@lemmy.world 13 points 11 hours ago* (last edited 11 hours ago)

This age verification thing is so stupid but it's good to know it can be bypassed this easily!! not gonna dox myself I care about my privacy 🤘 hope enough people rebel against this measure gets overturned bc it shows this country doesn't care about people's privacy online which is ironic considering the name

[–] themakara@lemmy.world 8 points 6 hours ago

To be fair, the game's rated 18+ in the UK. In terms of the law, this probably doesn't suffice. But theoretically, there still is a kind of age-check in place :'D

[–] cannon_annon88@lemmy.today 3 points 56 minutes ago

Man I thought we had it bad over here in the US, tf going on over there now?

[–] twikz@sopuli.xyz 1 points 6 hours ago* (last edited 6 hours ago)

Wasn't exactly this talked about a few years ago?