Welcoming Discord users amidst the challenge of Age Verification

Posted by foresto 3 hours ago

Welcoming Discord users amidst the challenge of Age Verification(matrix.org)

160 points | 82 commentspage 2

lenerdenator 3 hours ago|

My security collective is honestly considering going back to IRC.

It's becoming increasingly apparent that if you don't use something truly free and open source and host it yourself, you're just setting yourself up for more of this sort of thing.

You can't trust anyone to properly handle the problem of "how the hell do we keep creeps the f*ck away from kids?" with any amount of common sense.

LAC-Tech 41 minutes ago||

I was on yahoo chat as an 11 year old and I was... fine?

ranger_danger 3 hours ago||

Even if you self-host matrix there are still multiple ways you could be liable for content you don't even know exists. Especially the last 4 points here:

https://telegra.ph/why-not-matrix-08-07

There are even custom message/media types that people use to upload hidden content you can't see even if you're joined to the same channel using a typical client.

jamespo 2 hours ago|||

Does matrix self-hosting allow you to disable federation & uploads?

direwolf20 2 hours ago|||

Has this actually happened, or is it hypothetical? Was a server operator held liable for merely holding cached images?

Edit: It seems I've suddenly been rate–limit banned.

Arathorn 1 hour ago||

That post is 2023 vintage and is both outdated and questionable in parts.

19. "media downloads are unauthenticated by default" -> fixed in Jun 2024: https://matrix.org/blog/2024/06/26/sunsetting-unauthenticate...

20. "ask someone else’s homeserver to replicate media" -> also fixed by authenticated media

21. "media uploads are unverified by default" - for E2EE this is very much a feature; running file transfers through an antivirus scanner would break E2EE. (Some enterprisey clients like Element Pro do offer scanning at download, but you typically wouldn't want to do it at upload given by the time people download the AV defs might be stale). For non-encrypted media, content can and is scanned on upload - e.g. by https://github.com/matrix-org/synapse-spamcheck-badlist

22. "all it takes is for one of your users to request media from an undesirable room for your homeserver to also serve up copies of it" - yes, this is true. similarly, if you host an IMAP server for your friends, and one of them gets spammed with illegal content, it unfortunately becomes your problem.

In terms of "invisible events in rooms can somehow download abusive content onto servers and clients" - I'm not aware of how that would work. Clients obviously download media when users try to view it; if the event is invisible then the client won't try to render it and won't try to download the media.

Nowadays many clients hide media in public rooms, so you have to manually click on the blurhash to download the file to your server anyway.

josefritzishere 3 hours ago||

I'll be closing and uninstalling Discord the first time I get a face scan pop up.

ranger_danger 3 hours ago|

FWIW It's done on the client side and there are multiple ways to bypass it.

https://news.ycombinator.com/item?id=46982421

https://tech.yahoo.com/social-media/articles/now-bypass-disc...

jsheard 2 hours ago|||

That K-ID bypass has already been patched, and even if it's bypassed again, Discord is apparently directing some users to Persona instead now. Persona does server-side classification so that one won't be as easy as nulling out the checks on the client.

The 3D model method might work on Persona, but that demo only shows it fooling K-IDs classifier.

direwolf20 2 hours ago||

Oh, so they promised your face was only processed on the client and then deleted, but none of that is true? They're courting some huge GDPR fines.

jsheard 2 hours ago||

Eh, the worldwide rollout hasn't happened yet so for now the only people getting sent to Persona after they promised client-side scanning are those who are fiddling around with Discords internals to trigger the age verification flow early. But yeah if they stick with Persona then they will need to retract the client-side promise before the proper rollout, and that'll be even more fuel on the PR fire.

edgineer 2 hours ago|||

Things are changing quickly. Some users are being allowed only 3rd party age verification.

https://piunikaweb.com/2026/02/12/discord-uk-age-verificatio...

genghisjahn 3 hours ago||

There's just something about that headline that doesn't land well.

xena 3 hours ago||

I'll be willing to believe that matrix is a home when they can get their shit together and stop transphobic hate waves for good.

GaryBluto 3 hours ago||

Why (and more importantly how) are you proposing a decentralized protocol censors something?

kelseyfrog 3 hours ago|||

I've always wished there was a market for mod actions.

Moderation and centralization while typically aren't independent, aren't necessarily dependent. One can imagine viewing content with one set of moderation actions and another person viewing the same content with a different set of moderation actions.

We sort of have this in HN already with viewing flagged content. It's essentially using an empty set for mod actions.

I believe it's technically viable to syndicate of mod actions and possibly solves the mod.labor.prpbl, but whether it's a socially viable way to build a network is another question.

wizzwizz4 3 hours ago|||

Consider the ActivityPub Fediverse. With notable, short-lived exceptions (when a bad actor shows up with a new technique), the majority of the abuse comes from a handful of instances, whose administrators are generally either negligent or complicit.

GaryBluto 3 hours ago|||

So your solution to people using a decentralized, federated protocol to say things you don't like is to stop various servers interacting with each other? At that point why not just use federated services with multiple accounts?

It seems far too risky to sign up on a service for the purpose of intercommunication that is able (or even likely) to burn bridges with another for any reason at any time. In the end people will just accumulate on 2 or 3 big providers and then you have pseudo-federation anyway.

wolvoleo 2 hours ago|||

Servers stopping federation with each other is pretty normal IMO. If I had a mastodon server I would also not federate with something like gab.com.

However all the LGBT+ friendly servers federate with each other and that's good enough for me. I like not having to see toxicity, there's too much of it in the world already.

wizzwizz4 2 hours ago|||

My solution is for instances to stop being negligent. Mastodon still directs everyone to create an account on mastodon.social using dark patterns (see https://joinmastodon.org/), which has lead to the flagship instance being far bigger than its moderation team can handle, leading to a situation where it's a major source of abuse and where defederation is too costly for many to consider.

"People will just accumulate on 2 or 3 big providers" is far from an inevitable circumstance, but there are conditions that make it more likely. That, too, is largely down to negligence or malice (but less so than the abusive communications problem).

progval 2 hours ago||

> which has lead to the flagship instance being far bigger than its moderation team can handle, leading to a situation where it's a major source of abuse

Is that still true? As the admin of a small instance, I find the abuse coming from mastodon.social has been really low for a few years. There is the occasional spammer, but they often deal with it as quickly as I do.

littlecranky67 2 hours ago|||

Throwing in Nostr as a truly decentralized alternative. Instead of relying on federated servers, the messages themselves are signed and relayed for anyone to receive.

b00ty4breakfast 2 hours ago|||

it's up to the maintainer of a particular server to moderate what goes on in said server. Now, if the Matrix.org Foundation wants to moderate their servers one way or the other, that's one thing, but to expect the protocol/spec to lay down a content policy is, with all due respect, dumb as hell.

aystatic 3 hours ago||

you are literally on hackernews

poly2it 3 hours ago|||

Is the implication that HN is transphobic?

aystatic 3 hours ago||

you're free to have your own opinion based on your experiences here, but i wouldn't blame anyone for feeling that way. for the record, i don't think dang or anybody is a transphobe, but i have to imagine the culture here is pretty off-putting to trans people

https://news.ycombinator.com/item?id=36231993

oytis 2 hours ago||

This is a wild take. HN has transphobic users like it has trans and ally users. It's neutral to this topic, it's about tech.

aystatic 2 hours ago|||

i don't think it's that "wild". sure, i'm not so cynical as to feel hn's become a nazi bar or anything, but i am willing to recognize that some of the incidents i've witnessed could be reason enough for a trans person to want to avoid this site.

> It's neutral to this topic, it's about tech.

this thread began by xe bringing up failures in moderation affecting trans people

krapp 2 hours ago|||

That isn't how it works. The presence of neutral allies doesn't somehow counterbalance and cancel out the transphobia. If a platform allows transphobic users - as Hacker News does because transphobia isn't against the guidelines - and transphobia is common in threads where trans issues or people are a subject (and it is) then it's a hostile platform to trans people.

Asking trans people to ignore this is like asking Jews to be comfortable in a bar where only ten percent of the patrons are Nazis. Arguing that "well not everyone is a Nazi" doesn't help, an attitude of "we're neutral about Nazis, we serve drinks to anyone" still makes it a Nazi bar, just implicitly rather than explicitly.

oytis 2 hours ago|||

I'd agree with this logic if we were discussing all kinds of different topics here, and one's stance on gender would be immediately visible to anyone. But I can't remember the last time the matters of gender were discussed here at all, and pretty sure anything openly transphobic would be flagged or deleted pretty soon.

krapp 2 hours ago||

>I'd agree with this logic if we were discussing all kinds of different topics here, and one's stance on gender would be immediately visible to anyone.

We do discuss all kinds of different topics here. Despite what many people here want to believe, Hacker News isn't exclusively for tech and tech-related subjects.

>and pretty sure anything openly transphobic would be flagged or deleted pretty soon.

But not banned, that's the problem. The guidelines are extremely pedantic but nowhere is bigotry, racism, antisemitism or transphobia mentioned as being against those guidelines. You might say that shouldn't be necessary, but it's weird that so much effort is put into tone policing specific edge cases but the closest the guidelines come to defending marginalized groups is "Please don't use Hacker News for political or ideological battle. It tramples curiosity." Transphobia is treated as a mere faux pas on the same par as being too snarky, or tediously repetitive. The real transgression being not the bigotry but "trampling curiosity." Any trans person who posts here knows that bigots who hate them and want to do them harm aren't going to suffer meaningful consequences (especially if they just spin up a green account) and that the culture here isn't that concerned about their safety.

Read the green account just below me. That sort of thing happens all the time. Yes, the comment is [dead] but why should a trans person be comfortable here, or consider themselves welcome, knowing that this is the kind of thing they'll encounter?

oytis 2 hours ago||

I'm not in a position to tell marginalized people how they should feel, but a moderation policy that wouldn't even allow offensive messages by new accounts appear for a short time would make this place into another social media - walled off and tracking their users. I understand the point though.

uxhoiuewfhhiu 2 hours ago|||

[dead]

kelseyfrog 3 hours ago|||

Elaborate?

mmonaghan 1 hour ago|

I just don't get why anyone is still arguing against age verification tbh. Large social spaces are required by law to do it, whether its discord or matrix or anywhere that allows strangers to interact.

marak830 1 hour ago|

I'm against needing to give my personal ID to use a simple service. Especially when it's already been leaked once.

No thanks, there are other services I can use.