this just seems like it’s now getting unhealthy…
“I don’t know how it works but you’re clearly wrong!”
You really need to work on your scene entry, mate.
Any data verification processes backed by trusted provider are sufficient enough to only implement age verification without the need for obtaining end user’s PII. These services are typically run by government entities, and are subject to much stricter security measures as well as requirements to access said data in the first place.
Persona is not a government entity, not even a government-backed one. They act as a layer between the consumer (VRC) and the user’s PII, providing pseudo-verification. As a matter of fact, Persona does not validate the authenticity of the documents users provide, at all. They are, however, very adamant on forcing the user to go through their “liveness check”, which is a good reason for concern, given their involvement with stated lawsuits. Mind you, this “liveness check” does not involve demonstrating the document used in the first step.
But sure, disregard all that because I’m “paranoid”.
Golly-gee, that’s news to me. I must be unqualified to be principal backend engineer then.
On a more serious note, let’s break down the bollocks you’ve posted:
We’ve already gone over how authenticity is not verified. The documents collected are put through basic canvas alignment, internal type matcher, and then OCR. About the same process as what we do to digitise old newspaper releases. Extracted data is then stored.
It is not temporary. As per persona’s own documentation linked above, your “profile” is indeed created for further accessing by the consumer. VRC claims this process is supposed to be replaced with Persona bringing them all the data instead, and then waiting on VRC to submit a hash for Persona to store in place of your data.
Typically this would be true and desirable, and the end consumer would not be receiving any PII outside of the information needed. This is not how VRC describes this process:
So, no. Both entities operate on PII, needlessly. Steps 6 and 7 therefore are entirely off the course, as per VRC’s words: they hash the PII and send that hash back to persona to… store it in place of your PII? To do something. This is where they employ STO practices that make this shadier than it needs to be.
This literally goes the opposite to what VRC have stated, linked above. Please read their statements in question first before claiming anything. This tends to be the best practice.
No, it is not. Again, like it was stated, they rushed this, and after a sufficient enough backlash they caved in and set up a hashing system to be able to identify the same PII given to not run it through Persona’s OCR and extractors over again, thus to not have to pay the processing fee.
Why exactly this is a techincal limitation in either implementation is unclear. Why it is a limitation in concept is very clear: age verification is just identity verification in disguise.
I assume you’re asking for a solution to multiple accounts being verified with the same identity.
Well, it’s simple: just receive and update. A user can have multiple accounts by definition.
This situation is basically identical to adding a unique index onto the password hash field. Except this time it’s PII hash.
Of course a government controlled system wouldn’t need PII (Personally Identifiable Information), they have it all already. They just need to verify it is you they are communicating with, usually by some form of multi-factor authentication.
But are you really claiming that Persona then just guessed? You don’t think they have some secure line to verify the documents they receive from users? I would love to see your source for that, since it would mean they are super easy to cheat with basic image generating AI tools and some paint skills.
Ah, I guess you are right on some of that. step 6 and 7 at least need to be swapped, as it sounds like VRChat is the one creating the hash. Interesting, and a little sad that Persona doesn’t have a hashing solution instead. Is there really no standard for creating a hash like that?
It doesn’t say anything about VRChat sending the hash to Persona though. So it sounds pretty one-way to me. And as far as VRChat said, they have instructed Persona to delete the information from their system too once they have sent it to VRChat.
I am sure Persona keeps some minor non-PII information though, companies usually do. Could check their privacy policy somewhere maybe.
What even is the difference? What is it you think they will do with this?
Are you afraid they will use it to enforce bans on banned users if they can see they are trying to verify a new account? Something else?
Maybe I am just a trusting person and believe that VRChat really will keep just the PII hash. I don’t see an issue with that. Also, considering the GPDR fines and such, I doubt they would want to risk doing anything else with it.
Persona I can understand not trusting. Especially if you say they have some lawsuits going and such. But since my interest in VRChat’s age verification system is only a minor curiosity, I don’t feel like reading up on the company myself.
Once age verification is out of beta testing and whatever, maybe I will read more into Persona and whatever system VRChat ended up with, but I am in no hurry to decide if I want to bother getting myself verified.
Basically, aye. Persona does not employ backed validations. They may use esoteric knowledge to verify document’s authenticity, but this is unreliable with the method used right now.
Empirically proven during our attempt at integrating. They could not verify a set of fraudulent copies we ran through them. Hence why they were dropped.
This, funny enough, is worse than manual manufacturing. ML generation has heaps of visibly identifiable traces, and they have measures in place to prevent this.
There are various process guidelines, but it all relies on the outlined task, with government certification involved. Persona is not put through an of those as far as I’m aware.
I believe that was mentioned by @tupper in the update video. It is ass-backwards, but they’ve refused to elaborate.
Again, trusting a word in an incredibly shady process. I hope it is destroyed, but let’s not go the weeds of data recovery and various data flow security issues, or we’ll be here all night.
This isn’t an issue, at least not from where I’m sitting. Some metadata is expected to stay.
Age verification is the process of identifying an anonymous individual’s age, nothing else. Under this lens VRC would only know that I’m born on 01.01.1970, not that I’m John Doe the british citizen born in Glasgow in 01.01.1970–which is identity verification.
It’s the scope.
My concern is how piss-poor VRC’s dev team is when it comes to the service security. Processing PII makes them a significant target for data exfil attacks, and they’re woefully unqualified to handle hose.
Other than that, I do not see the need for identity verification on this platform. Other than data collection, there is no need for it. Principle of data minimisation and all that jazz, y’know.
AFAIK VRC is not subject to GDPR in this context, though they should be, given their involvement with hashing PII.
No doubts they would, because when a data breach occurs, can you imagine the shitstorm? The part in question is the fact that they collect all the data, when Persona allows them to only exfiltrate DoB.
Kind of like if I’d ask you to hand me your SSN/CID for me to tell you that I’d only ask your government if you’re real. Pinky promise. See the issue?