The details on how it works from the website for those reading this chain.

"how does this work

k-id, the age verification provider discord uses doesn’t store or send your face to the server. instead, it sends a bunch of metadata about your face and general process details. while this is good for your privacy (well, considering some other providers send actual videos of your face to their servers), its also bad for them, because we can just send legitimate looking metadata to their servers and they have no way to tell its not legitimate. while this was easy in the past, k-id’s partner for face verification (faceassure) has made this significantly harder to achieve after amplitudes k-id verifier was released, (which doesn’t work anymore because of it.)

with discord’s decision of making the age verification requirement global, we decided to look into it again to see if we can bypass the new checks. step 1: encrypted_payload and auth_tag

the first thing we noticed that the old implementation doesn’t send when comparing a legitimate request payload with a generated one, is its missing encrypted_payload, auth_tag, timestamp and iv in the body.

looking at the code, this appears to be a simple AES-GCM cipher with the key being nonce + timestamp + transaction_id, derived using HKDF (sha256). we can easily replicate this and also create the missing parameters in our generated output. step 2: prediction data

heres where it kind of gets tricky, even after perfectly replicating the encryption, our verification attempt still doesn’t succeed, so they must also be doing checks on the actual payload.

after some trial and error, we narrowed the checked part to the prediction arrays, which are outputs, primaryOutputs and raws.

turns out, both outputs and primaryOutputs are generated from raws. basically, the raw numbers are mapped to age outputs, and then the outliers get removed with z-score (once for primaryOutputs and twice for outputs).

there is also some other differences:

XScaledShiftAmt and yScaledShiftAmt in predictions are not random but rather can be one of two values It is checked that the media name (camera) matches one of your media devices in the array of devices It is checked if the states completion times match the state timeline

with all of that done, we can officially verify our age as an adult. all of this code is open source and available on github, so you can actually see how we do this exactly."

Same here, been hating on Discord from day one since you are the product with free services.

I do a significant amount of computing on my desktop, but yeah, social media, and by that I mean only Lemmy. I really only use on my phone when I’m away from my computer.

No just voice channels, I’m glad they have them but it was completely missing from their marketing on the website. Just says “text channels done right” and there isn’t a single line about voice support

Edit, found a reddit post from about a month ago which is copied below. So it looks like it barely supports voice so far.

"Apparently The voice chat feature has been brought back in stoat

It only works in the desktop version though. Mobile devices you’re going to have to wait a bit longer though.

Otherwise the quality of it is really really good but you will experience a massive delay in your voice being sent through the voice medium. It’s about 800 millisecond delay even with the fastest speeds. But at least it’s something. "

GitHub issue on the topic

No VOIP? That’s the only reason I ever use discord, when my friends force me to so I can talk while we play games. Guess teamspeak is still king

The point is the need for more and more data storage is never going to stop.

You’re completely right, but it is still better than the current option by most measures for sane people.

“oh great, competition in a market with no competition. Horrible.”

Intel has already been making discrete GPUs for two generations and they are very cheap and aren’t the most performant but fantastic for the price.

I’d rather a non-US player enter the market like moorethreads, but because of us capitalist assholes, handicapping China competition for a long time they aren’t going to be able to make cards that are up to our performance standards till the 2030s probably

Gotta be as bad as america in some aspects

The original comment said Google, instead of Bezos, I have no idea why they edited their comment to this. Maybe they are thinking of Microsoft, who recently handed over encryption keys, but they don’t make phones anymore, lol.

As another said, a Pixel with Graphene OS is likely the most secure device you can have, even against an Apple product. Cellebrite, the software a lot of governments use to break into these phones can’t get into a Pixel device before first unlock with Graphene OS. I believe a number of Apple products are the same thing as they can’t be accessed before first unlock or lockdown mode, but your data is more secure in the hands of an open source developer than a massive capitalist company.

Also, a notable feature of GrapheneOS is automatic reboots after no use for any arbitrary time value you want, so your phone will always be in a “before first unlock” state if some steals it like the government. They also have lockdown mode as well, not sure how that works technically on Android beyond disabling biometrics.

Im pretty into self hosting and have a number of public facing services like 4get and SearXNG, those two don’t use that much data. Also host immich for myself and family to replace Google Photos. Some of the bigger data hogs.

Archive warrior - I run a Docker container that constantly scrapes, compresses, and uploads whatever data the internet archive team wants most. I’ve had it running for a couple years now and they’ve had me scraping Telegram. That does a couple hundred gigs a month.

I2P Router - The invisible internet project, it’s sort of like Tor, but in my opinion more secure and better because it uses garlic routing instead of more centralized servers. Although it’s way less popular than Tor and seems most people use it for torrenting. Either way, I recently started hosting a router because governments around the world are cracking down on freedom of speech and censoriship, and increasing their surveillance powers. So I want to support the network and help it grow, this by itself does ~1TB of upload and download a month. Everyone in the world should start pivoting to more secure and decentralized internet solutions like this. Fuck the government.

Linux ISOs torrents - I love Linux, what can I say?

Backup server - I have an off-site Raspberry Pi backup server at my friend’s house that I do nightly backups of my important data to. So just depending on how much I’ve built up since the last backup that can be modest in size.

Otherwise we have a sort of high bandwidth household with video content consumption.

Well, I guess they saw this legislation coming and are already trying to comply.

I can’t remember which vehicles, but I’ve seen some cars that have flush handles but are still mechanical. You push on one side and it mechanically pivots the handle out that you grab and pull. So you can still do the exact same thing for beauty standards/aerodynamics, just using a different design philosophy that is probably safer. Maybe it’s rivian I’m thinking of?

I disagree. A very high CRI warm white is just as good as daylight in the kitchen. And better way less ugly

I just have many hobbies that I cycle through continually. I might start a project in one hobby and end up not touching it and finishing it for six or nine months because I’m doing other hobbies.

When the law won’t hold these pigs accountable, the people will, eventually.

The closest we have come to god

I know this is 6 months old but I just wanted to share my experience which was negative, I just got diagnosed and my psychiatrist wanted to try Atomoxetine before a stimulant. I was only on 20mg for two weeks, it raised my resting heart rate by 30 - 40 bpm. My resting heart rate was literally 100 bpm because of it, blood pressure also sky rocketed. It made me depressed and took away my libido. I hated that shit.

But it gave me cool vivide dreams every night. It works well for some people.

Love to see this