Never Give Them Your Face

Can't we even write a short text like this without LLMs anymore, not even when it's really important, when it's about humans against the inhumane?

I quit facebook over a decade ago. Then, a few months back, I was under some pressure to sell something, and the facebook marketplace appears to be the way to go locally. So I tried to create a facebook account.

They wanted to scan my face, and in a moment of weakness, I performed the ritual. Thirty seconds later, they suspended my account due to violations of their terms of service: "this decision cannot be appealed". So now they have my face and I still can't use the marketplace.

I can only assume I'm suspended due to the behavior of somebody who tried to use my identity for something during the decade when I had no facebook account. Apparently not even my face is strong enough authentication for me to convince them that I'm not whoever it was that caused whatever the problem was.

This is why biometrics will never make sense. They're too immutable. Maintaining multiple accounts is not a bug, it's a debugging mechanism. Since I have only the face that I do, I can't even figure out why I'm banned.

We need to instead stop trusting people merely because they have an account. 10k upvotes/likes/5-star-reviews should mean nothing if I don't explicitly or transitively trust the upvoters/likers/reviewers. We have to build things that make decisions by traversing the trust graph so instead of being banned with no recourse, I can create a no-trust identity and elevate it back to personhood status by convincing my meatspace friends to trust it by having a conversation with them in meatspace.

It ends with "The platforms need you far more than you need them". And I think this is the misconception. No, they don't. The amount of people who will sign this, is a fraction of a fraction of a "platform"'s users. They will not care if they lose 50,000 users out of 2 Billion. A drop in the ocean. Not the target audience anyway.

And that is the real shame. Because I don't want to have to give my face or do age verification but I know when the time comes, and If I need to use a service now, I will give them whatever they want to get past the hurdle and use the service. It sucks, but I don't think a petition will help. Unless of course you get the 50 million to sign the petition AND stick to it.

This is a little bit of a tangent compared to the post, but can someone explain to me why it's NOW that we have multiple countries (USA, Canada, UK, Australia, and probably others that I am not aware of) all looking at age verification for a technology (the internet and all the things it lets you access) has existed for over 2 decades, and has been mature for at least 10 years? You could buy illicit drugs and watch porn on the internet since the 2000s, but it's NOW that we're legislating things (in incomprehensibly stupid and hopelessly unenforceable ways)?

The worst part is these are all stupid poorly thought out band-aid solutions to "protect the kids" from platforms that are also detrimental to adults.

Im sure a lot of people know about tor on this site...but let me remind everyone.

Tor is not for criminals. It's for you and me. And happens to be good enough that criminals use it too. This is the two sided nature of technology.

Tor is a networks of peers across the globe volunteering their network bandwidth to support people under oppression by their government.

The amount of privacy that can be gained from tor is proportional to the amount of people using it. The more that people utilize the technology, the more that everyone looks the same, and protects the people that need it the most.

Tor enables me to say no to these things and carry on, without permission.

There is actually a way to prove the age anonymously. Yubikey-like devices support attestation - they can have a private key proving authenticity of a device.

So some organization could release Yubikeys with a certain private key and distribute them in stores that allow only adult customers - like liquor stores or sex shops. Owning a key proves that one is adult without disclosing identity. Keys support USB and bluetooth and can be easily supported on any device.

Also, OS developers should implement simple parent mode - such that parents only need to flip a switch and set a password, and do not have to whitelist apps or websites - the OS should use government-provided lists. You might not like the government, but 99% of parents do not want to bother compiling white lists manually.

I have yet to receive my federal tax refund because I submitted my taxes through a preparation service and, thinking that physical checks were still an option (the tax software didn't tell me otherwise), I did not give the federal government an ACH account number for direct deposit. The IRS then told me I'd have to open an account to update/provide direct deposit info, which in turn requires me to register with ID.me to create an account. ID.me has an obnoxious signup policy which includes sending them a boatload of documentation, and a headshot. I'm not doing it. So to date, I have yet to receive my federal refund.

Somewhere on the IRS website I had found buried in an article that if they can't submit my refund via direct deposit after some period of time, they are supposed to mail me a physical check. Yet so far, nada.

> Name the places now demanding "age verification," and see how many will accept a plain government document that says only that you are over eighteen — and nothing else. Almost none will. Because age was never the point.

Name the physical places that would accept a plain government document that says only that you are over eighteen and nothing else? None will, not because 'age was never the point', or because every bar or casino is stealing your face - but because a plain document doesn't offer any proof you are it's owner. Photo ID has been standard as age verification because it's the best way to prove the official ID actually links to the person holding it.

There are more concerns in a digital world with giving your ID / face, but the idea that the demand for photo ID proves it's all a big data grab not remotely about age is a conclusion looking for evidence.

(Plus they acknowledge some sites have done age verification where all they want is your face to confirm you look over 18 - which they then ignore, claiming it's all really a ploy to get your documents. So why isn't the site 'Never give them your documents'?)

I agree 100% with the message and think we should strive to reject this kind of gathering wherever possible, but it feels like the horse is already out of the barn insofar as each and every one of our faces being out there. Hell, we have entire states where people can't watch porn without uploading their ID. The inertia is such that (I'm in the U.S.) we really need a constitutional amendment at this point to stop this.

> We run background checks on people who want to buy a gun, but we do not background check everyone at all times just in case.

And the other thing is, you can use a gun to murder people. If you try to use a porn site to murder someone, you're fundamentally hitting them with a laptop.

A major reason nobody can think clearly about this anymore is that there are people out there that genuinely believe porn sites and social media are as dangerous to human health as assault rifles and cigarettes. I'm almost as disturbed that people can't differentiate between harm risks as I am about horrible internet age checking laws.

Age assurance is the law in California and age verification is illegal in California. We should push more jurisdictions to adopt this model. While many age verification laws are malicious mass surveillance, some are because politicians didn't see a better option.

I just have obs with a video of mkbhd downloaded playing in a loop, whenever I am asked for age verification I just start the virtual camera, select it at the age verification website and it immediately passes it (most of the time). MKBHD was just the first person that I could come up with that records extremely high res video.

Who runs this site? There doesn't appear to be any information on this. A whois search returns nothing illuminating.

So... is it part of the parable they're trying to tell that they're seeing who will go against the exact sort of advice they're giving? Or does this -just happen to be- the kind of shady data gathering that they're warning against?

to quote the site itself, "We spent a generation teaching people the first rule of the internet: never give out your real identity to strangers."

I'm quitting Claude AI because of https://support.claude.com/en/articles/14328960-identity-ver... .

This and every post like it hurts the cause. Don't argue "Resist!" like a child, argue with an alternative.

You're not bringing anything to the table other than teenage angst, ensuring nobody takes the _very valid and terrifying concerns_ seriously.

Instead, suggest a feasible alternative. Bonus points if it works better, cheaper, and safer.

> They are built to know who you are: your name, your date of birth, your document number, your face. This is not age verification at all. It is forced identity tracking.

This doesn't have to be the case. https://www.w3.org/TR/digital-credentials/ seems a sensible system where you can have a single identity provider (hopefully someone you trust) who can then verify things like "is this person over 18?" without givin away any excessive information to a third party. Hopefully it gains some traction.

Thank you, ChatGPT, very interesting.

I agree with the article, but the LLM-isms cheapen it by two orders of magnitude.

The phrase "people will not just [...]" comes to mind here.

The amount of people that let the TSA take a scan of their face when going through airport security - even when the signage clearly says you can opt out - proves that this effort, while noble, will fail.

I (and the family members I am with) always opt-out, but every time I look around, I am the only one doing it. If I had to guess, I'd put a compliance figure somewhere around 98%+.

Here is a good article on it: https://medium.com/womenintechnology/you-can-and-should-opt-...

Your face is already everwhere. Your supermarket records it as you check out. Every retailer records it as you enter the store. The state has it. The Federal government has it if you have a passport or other federal ID. Your mortgage company probably required it when you digitally "signed" your loan application. Socials have it from all the selfies you've posted. It's a lost cause.

I wouldn’t mind as much if it was entirely in house gov run. They realistically know a lot about me already - incl blood donations so could get dna even.

Outsourcing this to random ass for profits is a problem though.

Here in the US, there’s a giant database of faces the government uses to ID people with an app. In the UK, they want this same level of invasive policing. Technology will always be used nefariously by police agencies until someone stops them, which no one will. No one, politically, wants to come out and “restrain policing” but that’s how the rich will position it so they can sell more flock cameras, more app platforms, more tech to the ever bottomless pockets of government. We are in a Thiel world.

So does this mean that, say, Apple actually doesn't have access to our FaceID data? Otherwise there'd be no need for no laws: just force Apple, Google, etc to share face information with "the government". Well, I guess technically "they" would probably need some kind of law to do this anyway. I feel like tons of people use various kinds of FaceID-type technologies for unlocking their phones, laptops, etc. So it would make sense if "they" already had all of our faces.

I personally don't use FaceID because I'm not thrilled about having my face scanned with utmost precision. BTW, I'm looking at my phone typing this and I know my phone has its face-scanning device pointed right at me. Is it sending "them" my face data all the time? Or sometimes? I can't tell. What if I'm showing something on my phone to another person? Is it going to scan their face too? Maybe, maybe not.

The battle is lost, technological determinism is an unstoppable force.

Once the camera was invented the die was cast.

"Technological determinism is the theory that a society's technology drives the development of its social structure, cultural values, and history."

I completely agree with this, but my banking apps, my broker, my health insurance, my simcard provider all already require my face for identification.

The problem is that for most people, facial recognition is just another method of account verification. Sometimes worse than alternatives, but also sometimes more convenient, and convenience wins over privacy if people are not actively made aware of the consequences.

I.....

love the idea, but if you aren't from a Shengen country you can't get into Shengen countries without a fingerprint scan and a face photo at the airport:

https://travel-europe.europa.eu/ees/data-held-by-ees

No way to opt out of the scan.

That's kind of a bleak vision.

I wonder how the author would explain that the ID and age systems we already have – cigarette dispensers, liquor stores, club entry, driver's license, to name a few – work "kind of fine" though.

They've got mine... Fly to Canada and your face gets scanned. I forgot this event and was surprised, walking through an American airport flying to another domestic location, that my picture and name appeared on an airline's screen without input. Not a government screen, mind you. I forget the exact context but the feeling persists. Very unnerving.

How is this different from sending my government ID to access things like Stripe, Robin Hood, etc?

It seems that without legal obligation things will continue to go this route.

Maybe this is making a slightly different point (i.e. the usage of immutable physical features as "passwords", which I agree is largely useless), I think we're just entering a post-privacy era. Being around 40, I willingly fed the machine (Facebook) with hundreds of pictures during university, and had I not, my friends would have more than made up for it. It's absolutely possible to photograph every person you pass by every day, and Facebook most certainly has the keys to identify most all of the people. That dystopian combination means that unless you're welling to move to a largely uninhabited place, each of our whereabouts can be largely resolved with technology available _today_ at a completely reasonable cost.

Not only that, almost everyone on this forum walks around with a device that shares their identity and location with unscrupulous companies (cell phone carriers) whose data is available en masse to the government. (N.B. I have an iPhone and appreciate and even _trust_ all the privacy work put into it; however, the cell phone tower thwarts location tracking, and participation in social networks thwarts face tracking.)

I've long thought that rather than try to limit the information about us, we ought to _flood_ the Internet with information about us. Make the data available untrustworthy.

Or, accept it. So long as it remains in the hands of corporations and not solely the government, it guts both ways — a senator can no longer be publicly opposed to same-sex equality legislation while engaging in a homosexual relationship themselves.

AI seems to be pushing us down the former road.

An unpopular opinion for this site probably, but all the same arguments apply to gun control and civil liberties in general.

In the united states, the first amendment (what this post is primarily concerned about) and the second amendment are equally important rights, and we should be just as judicious about applying restrictions to the second as the first.

Instead, you see attacks on the 2nd in the name of "safety, verification, age assurance. A small step to protect children". The exact same playbook used against civilian gun ownership will be rolled out against the first amendment, the 4th amendment, etc.

Civil rights and protections should be expanding, not contracting, and the primary focus point for the last 30 years (and the playbooks that will be used elsewhere) are being tested on the second amendment.

At Disneyland, there are separate park entrance lanes that don't use facial recognition software. I like that I can opt-out passively there.

At TSA checkpoints at the airport, you have to actively ask to opt-out.

I'm always worried that actively opting-out puts you on a government list and there could be later, much larger ramifications, so I passively opt-in to blend in with the masses.

this would be more convincing if it wasn't ai written.

A while back I opened a bank account for my daughter. All that I needed was to scan my face, then the bank got everything from the department of home affairs (South Africa)

That means my goverment already has my face, with all my details associated with it. Bit Orwellian but there we are.

I will give them faces, just not my faces.

https://news.ycombinator.com/item?id=45081323

I'm sympathetic to this but this page is preaching to the choir. You didn't sell me in the first paragraph.

Are you allowed to do this in places like airports?

I like that how in the same place that they have been trying to "protect the children" for like a decade [1], they have also had a real rape gang epidemic [2]. It's almost like they are, in fact, not really trying to protect the children.

[1] https://en.wikipedia.org/wiki/Online_age_verification_in_the...

[2] https://en.wikipedia.org/wiki/Grooming_gangs_scandal

Hilariously, a commenter asked me for a citation for the epidemic. Commenter: you're not mr current events are you?

I particularly like the form at the bottom for collecting your email address and adding it to a big list.

EDIT: looks like it's gone now. Gonna count that as a win.

Who is the author?

Okay, but then they lock my bank login behind face verification.

Now what?

I am against this but acting like LinkedIn isn’t basically a database of pictures is naive.

You want to date your pic ends up on a server.

That’s just the way this works.

If we're going to have self-censorship due to everything we say online tied to our real identity can we at least get some shiny buildings and high speed trains out of the deal too? I've been online since early 2000s internet and for all the soapboxing about freedom of speech over the years it seems a foregone conclusion that we'll get the same surveillance state as those other "less free" countries else without anything to show for it.

it may benefit: children, social media, marketing, police state, ai, data brokers, and many others

does it benefit you?

Is there even an option at the airport to refuse face scanning? I assume that signs you up for a one way trip to a cavity search.

TSA does it, Customs does it when entering the USA after a trip too.

This article is spot on. It's a red line for me. Biometrics are not great for security but definitively bad for privacy. I would move to a federal ban on biometrics outside of intelligence agencies.

Why would you cite a Bloomberg reference in the article? Are you completely tone deaf on open source software and private ownership and use of 3d printers? FFS don’t direct traffic towards an opponent of free software.

This article is AI slop

I verified my age with Apple by clicking one button and Apple said it assumed I was 18 based on the age of my Apple account (2011).

I guess I’m lucky to be in the cohort that avoids the face scans, and I feel a bit dirty about enabling this, but so far — even living in the UK — the privacy concerns have not manifested for me as I thought they might.

To me, the most disingenuous framing of the “protect the children” narrative is not “children can’t access the stuff,” but “adults can access the stuff, once they provide their biometrics.” The default is to deny access.

Can we start a trend of wearing ski masks and other face coverings in public?