Age Verification FAQ

Can there be a function in the future where you can use your shield level to hide/disable people who are not 18 for folks who don’t want to have any interactions with children?

Given that this feature is expected to roll out for early testing by the end of this year, is there a way for those interested to request an opt-in for the testing of the feature?

We have released a new video describing changes we’ve made to the Age Verification system.

These changes are intended to maximize the effectness and trustworthiness of the system while reducing the amount of user data stored on either VRChat or Persona’s systems to the minimum possible while retaining functionality and effectiveness.

Please watch the video and re-read the OP to get a handle on these changes. Many questions in this thread are answered in the changes.

We have updated the OP with new answers reflecting these changes.

In particular, please view these new FAQ items that detail how the hashing works.

• What is a hash?
• Why do you need the hash?

Several other questions now contain amended answers that address this functionality.

We will continue to monitor this thread for new questions. Some questions in this thread have already been answered in the OP, so please review the OP before asking your question.

We expect testing to begin soon. If you submitted a request to be included in testing, please keep an eye on your email. Testing slots are limited and there were a lot of responses, so the majority of groups that requested will not be a part of testing.

Will there be more flexibility for restricting ages other than 18? 21+? 30+?

Will VRChat be transparent in which elements of the document will be included in the hash? The update video states that “selected information” will be utilized in the hashing function.

Is this immediate deletion of personal data clause included in Persona’s Privacy Policy anywhere, or is this coming entirely from VRChat’s own backend requesting the deletion from Persona on a user’s behalf?

You seem to have gone out of your way to NOT explain exactly which data from the ID is transmitted to VRChat. Please describe the specific data you receive, and why.

This is a lot better of a system and I applaud you guys for listening to the community.

I still don’t entirely trust that Persona would delete the data, but that’s more an issue with Persona themselves than VRChat, and I’m hoping that the information doesn’t get temporarily placed on a hard drive, instead all done in memory instead, but again, a Persona issue instead of a VRChat issue.

The hash is a very good compromise which addresses a lot of my complaints, and I feel a lot happier about this system now.

The only recommendation that I have is to ensure that you tell users about this hashing in the verification process, as it will likely put a lot of minds at rest.

Final question, would VRChat be open to the possibility of an Independent Audit to put people more at ease?

Thank you!

I believe (or hope) that VRChat is configuring their Persona Inquiry Templates flow to not run the “Update Account Fields” method which then saves the information and builds up a user profile, but only VRChat can confirm if that is the case.

I would love to know if that is the case, and also what data is used in the hash too, however, since it’s being hashed, I’m personally not too concerned with how much data is used to create the hash.

1. Since VRC’s age limit is 13 (should be 15 I think), is there anything planned for those below 18?
2. What about adding age as a category to the report feature? It seems like an obvious thing and there still isn’t the option.

Hello. In my case, I am using two separate accounts depending on the situation.
( example : furry friends only account / human friends only account)

If authentication is maintained on only one account, I might have to throw away one of the two accounts in the worst case scenario, but is there a plan to increase the limit on the number of authentication to two in the future?

How do we know if we are in a group that was accepted into the small fee in testing? Where on the VRChat client will we see a “Verify Age” button

So now, not only birthday but other (not named) data will be sent to VRChat, but extra.
I assume it is real full name and/or serial number of the paper and/or issuer of the paper.
Huh?
Now instead of trust one subject (Persona), we have to trust two subjects (VRChat and Persona) and communication channel between them.
You might write more paragraphs about how secure hashes is, but with this new system the surface of attack is much much larger.
Now it might be almost impossible to steal or leak stored data, but theoretically easier to steal or leak the data during the process.

Sorry guys, but security in VRChat is not what you can brave of. In other aspects of VRChat you guys shown how bad at security are: assume all client are trusted (which is the reason why malicious client exists), trust other’s client’s data without sanitizing sent (ex. crashes through vrcobjectsync, I mentioned this in prev dev update), etc etc
It must be an enormous amount of trust to assume you will treat the data sent by Persona well.

I was OK to verify myself on previous system (If it’s available in my place), but now I doubt.

I made a canny about that.

Anyways…

Also, my question is: I am not lawyer, but isn’t in some jurisdictions data made with personal data also considered as same personal data, even if it’s irreversible in theory?

My other question is: What exactly data being hold?
This is important question, because in some places some names might be too common causing collisions (I know at least 2 more persons with exactly the same full name as my mother exist in my neighborhood lol). Birthday might reduce number of collisions greatly, but it’s still questionable.
So, it feels like you going also store info on issuer of the paper and its serial number? Or it is not necessary?

My third question: are all of those data combined together and then processed into one hash, or each piece of information being processed into own hash, so actually series of typed hashes will be bound to the user?

Can I use a Blue Badge that’s used for people to use disability parkings as an ID?

I would like to first say that I am much much much happier with this new system.

I do still have a few questions:

1. Does this mean that now VRChat receives and processes our data more directly (ie: doesn’t just get birthday returned from Persona)? If so, what data does VRChat obtain access to at any time?

2. What data is used to generate the hash? I would hope that the data used is innocuous (IE: only taking part of your name (like 2 letters for example), partial ID#, etc, not the full information. I understand that there are questions of entropy here as well though). Hashes are one way, but in the event that they are breached, they can be cracked with time.

3. Following on from the previous question, is the hash generated stored with your account, or is it anonymized? I would hope that the hashes would be stored completely unassociated with your account, and only used to verify that the ID has not been used before. This is important as if this data is breached, an attacker cannot target the hashed information of specific accounts for cracking. Simply salting the information just makes broad attacks impossible, not targeted cracking. Peppering is good, but in the event of a breach I am assuming the pepper is also exposed.

4. Also what hashing algorithm is being used?

Edit: Reading the update more carefully, I must say that I am disappointed. It appears that the hashes are indeed stored associated with each VRChat account. This means that what data is being used to generate the hash is even more important.

As an ongoing reminder, all posts in this thread that are not a question will be deleted. Please do not discuss questions, attempt to answer questions, or leave feedback for us in this thread! Your post will be removed.

Please direct all feedback (change requests, feature additions) to our feedback boards.

I am very happy to see positive changes, and extend my thanks to you for your excellent responses and engagement with us on this @tupper, but I still have many reservations about Persona and their trustworthiness.

Is our data still processed on Persona’s servers?
You don’t directly state it in your follow-on video, but it appears that data is still processed remotely on Persona’s servers to generate a hash, is that correct? If so, Which subprocessors is Persona sharing it to, and what are -their- policies on retaining our data? Most significantly, in Persona’s own list of their subprocessors, they have their own Canadian business listed, from whom I’m unable to find a privacy policy posted publically anywhere. It seems as though they could very easily use this as a loophole.

Several age verification providers can perform data processing locally, such that it never leaves the user’s computer. For example, Private Identity, who provides Age Verification services for the likes of Google, though there are many other recognized options. Is it possible for Persona to perform all data processing locally on our computers, as these other companies do?

Many of Persona’s competitors, including the ones I have mentioned, do not require the use of a government ID, and can perform it with only photos, with voice, with e-mail or cell carriers. Many VRChat users have very significant concerns about sharing their government IDs to a third party - and Persona does not accept government IDs from all jurisdictions, which bars some of VRChat’s users from being able to verify with them. Is there a reason that VRChat is specifically wanting government IDs to do age verification, even though there are less invasive options?

Given that there are serious issues with Persona’s handling of personal information, I think it’s very important to address this concern. You have stated clearly that VRChat thinks that Persona is the best option. Why does the VRChat team think that Persona is superior to the alternatives? - Are you choosing them on a cost basis, do you believe their technology is superior to the competiton, or…? From where I stand, they seem to be among the worst options - neither cheap, nor privacy respecting, nor any better at effective AV than their competitors, with a dubious reputation to boot. Surely there’s a reason you have decided they are the best choice - what is it?

Steam and Meta already perform age verification. To my knowledge, this does not meet the legal standard in all jurisdictions, but in areas where it does, why not accept the age verified status of a user from Steam or Meta? Since these accounts are more or less durable, malicious users would have a difficult time making more bogus accounts, and it would sidestep the issue of using Persona entirely for a significant portion of the userbase.

I understand that some of these questions might be driving into subjects that might be under NDA or otherwise be business decisions you don’t wish to discuss openly, but I would appreciate any amount of insight you can provide on these.

Do have a question about using a hash now

In the Why do you need the hash? section, it’s mentioned this will allow multiple accounts in the future.

It’s probably early to ask this since it’s mentioned this is for the future but I would like to ask if this means a new hash will be generated (with a new salt) for each account using the same id. (Well of course after you do whatever is needed to verify that "these are the same person with an alt and not someone wanting to verify for someone else)

I’m concerned that in the case of a database leak, someone will be able to match 2 accounts as being from the same player if the same hash is used.

Why is it not just possible to verify oneself with the actual minimal set of data (only a boolean whether the user is 18+) and one is forced to submit an unnecessary huge amount of data to a shady third-party company? In Europe with eID, especially in Germany with our digital identity card, you can explicitly ask if the user is above/below a certain age threshold. There is absolutely no need to ask for more information to fulfill the functionality. On top of that, each data request from eID has to be confirmed with a private PIN code. You can’t just snatch a random/your parent’s ID card and do the verification process.

Trustpilot (1.3/5 rating): withpersona.com Reviews | Read Customer Service Reviews of withpersona.com

Edit: Why is this called “Age Verification” when the actual solution is to verify people, not just their age?

So… What is going to be done about…

1. Account Share/Farming - Oh I know for a fact that the communities of sh*tters are going to set up a nice little system of farming out new accounts, costing VRC 0.60 USD per validation using the hacking resources of the eastern block countries.

2. The Family Troll Series - What is really stopping someone from signing Grandpa & Grandma up and using their personas to gain access. Heck where did those 20 million votes really come from?

3. Does not address stolen accounts - Again VRC has catered to the Eastern Block countries far too much, I suspect we will see account theft rise.

While I approve of the age verification aspects, I fear that the Management of VRC see this as a fix all solution. This will mean for groups that wanted the Age Verification to relieve them the stress of moderation by making their instances “VERIFIED” stagnant. They will need to open “UN-VERIFIED” instances to gain users and get their name/brand recognized. Yes, I see groups like brands, some groups have good brand recognition, others are there to be “Eurasian Call Centers”

For a enterprise architect that has tried to get into VRC and actually fix their problems I see it as a off brand bandage that once the costs are shown; there will be no more funding for actual data analytic moderation and using AI appropriately to pre-moderate user/group profiles into classes of users.

I look at VRC Moderation like a military battlefield, the Theater of Engagement, looking at tips that come from profile personalities and then prior moderation actions.

Too thirds of VRC’s troubles can be solved today with a couple MongoDB queries.

I’m calling you out VRC, stop being wishy-washy ID-10-T users and either really address the core issues or hire someone that already has a plan of how to solve your problems by day 15. You already have my resume and you know my reputation as the “Moderation Consultant of VR Chat”

Persona is still active in 2 lawsuits for data abuse, making people who have any awareness not willing to get involved.
Washington v. Persona Identities, Inc.
Johnson et al v. Persona Identities Inc.

Also doesn’t this just gives more incentive for people to NOT use this system?

2 questions with this one:

• Will this include any content with “mature” or “sexually suggestive” tags being blocked behind age verification? (i hope not, because this would just encourage everyone to not use the tags, leading to more anarchy)
  …or perhaps a new tag?

• Because adding age verification is already in grey territory with Steam’s code of conduct, does gating actual content by age not cross the line, requiring it to be labelled with the adult tag on Steam?
  (Their terms state that any game with adult content, even internally gated, must be appropriately labelled on their platform so the platform itself can gate it)

I don’t think this will increase trust for age verified accounts, just weave more distrust in those that don’t.

Also, the fallacy that more transparency builds more trust is something that’s been discussed quite a lot – because to the contrary, it makes people unable to trust when even a tiny bit of information is missing or for the moment they are not exposed, which erodes the notion of trust altogether.
— “Society of Transparency/Exhibition” as they call it.

(what ever happened to people being raised to “never give any identifying information to anyone on the internet no matter how trustworthy they seem”?)

This is destructive to social dynamics and makes people more suspicious of eachother, which is not good for social spheres. It becomes like a big game of “Among Us”. It generates many more conflicts than it solves.

The aforementioned lawsuits are about unauthorized analytics and ai training using your personal data, they don’t need to keep your raw data for any amount of time to use this. Just because it’s “deleted” doesn’t mean it hasn’t already been used for it’s desired purpose by said company.

Does this not just invalidate it if someone can just have it removed and add another one that is more convenient?
(i know this goes against my own statements, but it makes everything just come off as completely ridiculous.)

. . .
I can’t help but feel VRChat is digging it’s own grave with all of this, and it worries me. I’m not against age filtering as a principle, but if we want everything to be healthy and stable, i’d say the platform needs to find a way to stop being dishonest about it’s content, and to do this, making a sanitized child-friendly moderation/content-filter heavy version and an adult version, with network isolation. It would solve all of these problems.
2 different games, with 2 different terms of service. This way you can age filter a vast majority without requiring identity transparency.