Yoti age checks share facial photos and device fingerprints with third parties

I've been telling people for years now not to engage with systems such as these. Some say I'm just being paranoid. But a growing number concerningly reply with either "So? What are they gonna do with it?" or "They already have it, it doesn't matter." Normal people either don't know the dangers present or they don't understand that stopping the flow hurts the machine. And they want neither to know or understand. Apathy or the desire for convenience cannot adequately explain why.

>TABLE 2. USER AGENT METADATA FIELDS (“CLIENT HINTS”) SENT AS PART OF YOTI’S AGE ESTIMATION METHOD

As far as device fingerprinting goes, this is pretty tame, compared to what something like chatgpt does: https://www.buchodi.com/chatgpt-wont-let-you-type-until-clou...

The far more concerning part are your pictures/document scans getting sent to them.

There isn't enough noise about this kinda news.

People need to learn to distrust such systems and exposing failings such as this one is a good way to do it.

We aren't going to be free of this stuff until the average Joe's mom hear of "forced age verification" and associate it to "unsafe".

Every app shares all data with third parties. The concept of privacy labeling has completely failed and it's time to try a new approach.

The paper is https://mikespecter.com/assets/pdf/AgeVerification.pdf (good on them for linking it)

The rest of the IEEE Symposium on Security and Privacy papers are listed at https://sp2026.ieee-security.org/accepted-papers.html

Yeah, well, I mean, ahah, you don't say :)