Age Verification Feedback

While age verification seems to be a requirement in the age of the modern internet, persona as a company has shown they cannot be trusted with user data, especially with a recent breach in privacy. This breach has even resulted in discord dropping it as vendor. Not only has persona had that breach, it has collected data and has been accessed by things LIKE openAI and puts people on a WATCH LIST. Please, vrchat, if you care about your userbase's safety and the longevity of your platform, it is genuinely in your best interest to find another means to age verification. This is an invasion of user privacy, and while I can respect wanting to maintain safety for adults and minors, there has to be an alternative to persona! sources: https://cybernews.com/privacy/persona-leak-exposes-global-surveillance-capabilities/ https://www.therage.co/persona-age-verification/

VRChat has determined Persona can be trusted with a photo of your face and government ID. Persona is a VC-backed (arguably "tech bro") San Franciscan tech startup that's only existed since 2018. They operate out of a shared space behind a bar: https://maps.app.goo.gl/t5ebyhr9oTUhupMf9 Their privacy policy says (as I read it) that they explicitly have permission to take your personal information (selfie, photo of your government ID) and store it for years, and can and will send it to "vendors, agents...companies we've hired to provide customer service support..." and to "law enforcement [and] other government agencies." They say they'll use your personal information "to understand you and your preferences to enhance your experience and enjoyment" and for the purposes of "marketing, including to communicate with you about new services, offers, promotions, rewards, contests, upcoming events, and other information about our services and those of our selected partners..." and for "advertising, including display [sic] advertising to you..." Their privacy policy site also uses clickjacking to prevent you from copying the text of their privacy policy: https://withpersona.com/legal/privacy-policy These doesn't seem like the actions of a legitimate and trustworthy company, and there aren't enough guarantees that you won't be literally doxxing yourself. PII is extremely valuable and there's an entire industry of brokers that facilitate the sale and transfer of people's personal information--not to mention the risk of hacking, accidental disclosure, or a new and untrustworthy company being sloppy or reckless. These days AI can train off a photo of your face, and scams and identify fraud are extremely common. Personally, the only times I've had to provide a photo of myself holding an ID are for once-in-a-lifetime financial transactions. Never for a video game or social media. VRChat is willing to take the chance of making this de-facto-mandatory (i.e., the community normalizes it and it results in a greatly degraded experience if you don't comply)? The ask is a severe imposition and an invasion of privacy without adequate concern that the chosen data broker is trustworthy. Even the announcement incorrectly claimed your PII would be handled in accordance to the GDPR, but the company is actually based out of California, where regulations are far less strict, and fines far less burdensome.

Please update VRChat's login data to let the users track where their logins are coming from, both for the staff and for the common VRC user. Doing this will catch a few people whom have at least said their accounts have been hacked as well as catch those whom sell their accounts with significantly strange login data. Kind of like that one "Find My Device" for Google but for VRC users.

They scan your ID against 250+ sources, not to mention keeping a record on you for years after you verify, while having your whole ID and SO many data breaches.

I read the reason why VRC put age verification behind VRC+. They said age verification is expensive. I call BS on that. Maybe it is expensive, maybe it isn't, I honestly don't know. But you can't tell us you're unable to process that information without being paid. "We can't trust your government issued ID is real unless you give us your credit card info and pay us a monthly fee" is the absolute worst Looney Tunes logic I've ever heard. Remove age verification from payment requirement. Period. Because this isn't about cost, it's about greed

The age verification service "Persona" requires an entirely unredacted government-issued identification to grant verified age status for VRChat. I find this unacceptable. In my case, in exchange for VRChat receiving verified age information, Persona receives my: Name, first and last, Address, Driver's License Number and class, Sex, Height, Weight, Eye colour, Hair colour, Signature, and barcodes that can be used to find the same or more information about me. All so VRChat can have the one data point on the card they care about: Date of Birth. I will make concessions for the use of Height, Weight, Eye colour, Hair colour, and the photo on the ID with an accompanying self photo for the sole purpose of verification. The balance of what is required versus what is ultimately used is egregiously skewed. And while VRChat's contract with Persona stipulates that any identification data obtained by Persona must be deleted upon completion, there is comparatively little risk to Persona keeping the wealth of information illegally. Should a breach occur, users that have had their personal data exposed would be left fighting for the rest of their lives against Identity theft and fraud, while Persona would likely only be served a monetary fine. The risk versus the reward is far too unbalanced against the user. As for how likely it may or may not be that Persona is holding such data illegally, I would like to make note that Persona is based in the United States of America, and you don't have to look very hard to find the state of professional accountability for wealthy companies backed by powerful people in that country. Suffice to say that I do not trust Persona with my identification information, and am upset that the age verified features will be unavailable to me due to this. I implore VRChat to consider other avenues of age verification that do not require such extreme overreach of personal data collection. Regards -Aranethon

https://kotaku.com/discord-palantir-peter-thiel-persona-age-verification-2000668951 Thiel is the majority owner of persona the age verification provider for vrchat and he has been seen in the epstien files. https://en.wikipedia.org/wiki/Peter_Thiel Not only that, he has a notorious history of privacy violations and is currently helping ICE agents with the capturing of families and american citizens. I implore the devs to seek a new verification provider as association with somone like that puts the trust users have in vr chat at risk.

General feedback I need yall to hear, 1, I feel as if you do not priotise support and protection for kids and minors on this platform and what ID verification yall have is locked behind a paywall. I've met countless groomers and predators on the app over my 6 years and I've reported them aswell as my friends did yet they had no account bans or anything done. But as soon as my a friend jokinly reported his friend for ''having autism'' the report wasn't even read or anything instead the friends account was banned without reason. 2) optimisation, I run on quest 2 and I am aware support for that has probably ended but regardless quest 3 users will in no doubt in time suffer the same issues of memory and ram being clogged because avatars and worlds are under optimised. Please make this a requirement when publishing a avatar or at least let add more settings to disable features on the vrchat game. 3) Why is vrchat dating apps and sexual worlds permitted onto a hangout social app for 13+ and it isn't a private instance thing since they're all over popcorn palace and other world promoting this stuff. Not to mention isn't pirating movies illegal in some cases how are popcorn palace and other movie worlds allowed to be around.

You said it was secure. You lied just as horribly as Persona has been lying through their asses. Personally Identifiable Information IS NOT SECURE!!! FIND A NEW ALTERNATIVE THAT ACTUALLY CARES ABOUT USER TRUST AND SAFETY AND DOESN'T FORCIBLY INVADE PRIVACY OF USERS!!!

i tried verifying with my face, they said it was done and successful. But then on my profile it wasnt showing that i was 18+, it was only saying thats i was verified. Please fix it