@feld You're moving some goalposts here. The original issue was about payment processors governing the standard. That is not the case here. That is an improvement.
Taggart
@mttaggart@infosec.exchange
Displaced Philly boy. Threat hunter. Educator. #infosec, #programming #rust :rust:, #python :python: #haskell :haskell:, and #javascript :javascript:. #opensource advocate. General in the AI Resistance. Runs @thetaggartinstitute. Made https://wtfbins.wtf. Not your bro. All opinions my own. Dad. #fedi22 #searchable
Pronouns: He/him.
Posts
Latest notes
No posts yet.
@feld Don't think it's a US ship being sunk, and I don't think the footage is from today: https://www.navalnews.com/naval-news/2026/03/us-navy-strikes-another-iranian-catamaran-corvette/
I am trying to read this as charitably as possible, if only to clarify my own concerns. There are definitely ways it could be worse. The "video selfie" component of the assurance process is analyzed on-device. But your ID is still sent to a third-party vendor. The claim is that the data is deleted "quickly—in most cases, immediately after age confirmation." But Discord doesn't actually control that; the unnamed third party does.
A spokesperson for Discord has said of the age inference model:
Discord’s age inference model uses account information such as account tenure, device and activity data, and aggregated, high-level patterns across Discord communities. Discord does not use private messages or any message content in this process.
https://www.theverge.com/tech/875309/discord-age-verification-global-roll-out
Account tenure could mean "Are you necessarily an adult assuming you created your account when you turned 13?" As far as device and activity data, that as vague as hell! And without reviewing messages, I don't love the idea that whatever data they're collecting could be used for verification. Whether it works or not, pretty creepy.
And I guess that's where I'm landing here. I have a very public record of being too credulous with these kinds of things in the past. I'm tired of getting burned. I'm tired of my community getting burned. This won't be the last creepy thing Discord pulls out on its road to IPO. I think I'd rather take the next offramp.
@feld I'm afraid your timing could not have been worse to go after the W3C on this point.
https://www.w3.org/TR/payment-request/
We shouldn't let perfect be the enemy of the good; that's true. We also shouldn't accept the worst possible version of a solution. There's a balance there, and letting payment processors govern the standard just ain't it.
@feld Do you get the difference between being a service provider and standards maintainer? Do you get why you want a firewall between them? And why, for financial material, that firewall is extra important?
@feld I do not think letting the payment processors govern the standard could be anything but status quo
The Linux Foundation getting in bed with Coinbase to develop a web payments standard.
No thanks very much
No wait, it's worse than you thought!
Membership [of the x402 governing body] will be comprised of participants from multiple verticals with initial intent and support being expressed by Adyen, Amazon Web Services, American Express, Ampersend.ai, Base, Circle, Cloudflare, Coinbase, Fiserv Merchant Solutions, Google, KakaoPay, Mastercard, Merit Systems, Microsoft, Polygon Labs, PPRO, Shopify, Sierra, Solana Foundation, Stripe, thirdweb, and Visa.
This is a list of people I don't want in charge of my money. And yes, I am forced to use some of them. Doesn't mean I trust them.
Claude is down again and I am seeing people basically go through withdrawal.
If you are feeling it, recognize it for what it is.
@feld Log in one time from a desktop
Discord claims "most users" will never go through an age verification process because they're already monitoring your behavior.
For the majority of adult users, we will be able to confirm your age group using information we already have. We use age prediction to determine, with high confidence, when a user is an adult. This allows many adults to access age-appropriate features without completing an explicit age check.
Gotta say, constant behavior analysis is not the warm and fuzzy blanket they seem to think it is.
https://discord.com/safety/how-discord-is-building-safer-experiences-for-teens
@alice This is what happens in our Discord when someone uses "guys." Folks sometimes get annoyed, but I'm not budging on the issue.
And yeah, https://heyguys.cc/