Why is Persona deemed to be trustworthy?
Foxipso
VRChat has determined Persona can be trusted with a photo of your face and government ID. Persona is a VC-backed (arguably "tech bro") San Franciscan tech startup that's only existed since 2018. They operate out of a shared space behind a bar: https://maps.app.goo.gl/t5ebyhr9oTUhupMf9
Their privacy policy says (as I read it) that they explicitly have permission to take your personal information (selfie, photo of your government ID) and store it for years, and can and will send it to "vendors, agents...companies we've hired to provide customer service support..." and to "law enforcement [and] other government agencies."
They say they'll use your personal information "to understand you and your preferences to enhance your experience and enjoyment" and for the purposes of "marketing, including to communicate with you about new services, offers, promotions, rewards, contests, upcoming events, and other information about our services and those of our selected partners..." and for "advertising, including display [sic] advertising to you..."
Their privacy policy site also uses clickjacking to prevent you from copying the text of their privacy policy: https://withpersona.com/legal/privacy-policy
These doesn't seem like the actions of a legitimate and trustworthy company, and there aren't enough guarantees that you won't be literally doxxing yourself. PII is extremely valuable and there's an entire industry of brokers that facilitate the sale and transfer of people's personal information--not to mention the risk of hacking, accidental disclosure, or a new and untrustworthy company being sloppy or reckless. These days AI can train off a photo of your face, and scams and identify fraud are extremely common.
Personally, the only times I've had to provide a photo of myself holding an ID are for once-in-a-lifetime financial transactions. Never for a video game or social media. VRChat is willing to take the chance of making this de-facto-mandatory (i.e., the community normalizes it and it results in a greatly degraded experience if you don't comply)? The ask is a severe imposition and an invasion of privacy without adequate concern that the chosen data broker is trustworthy. Even the announcement incorrectly claimed your PII would be handled in accordance to the GDPR, but the company is actually based out of California, where regulations are far less strict, and fines far less burdensome.
Log In
YukiDeer
Not only that, Persona doesn't allow any ways to verify for people without an ID, which is a pretty big amount of people. Asylum seekers and undocumented people are defacto not able to access all of VRChat, no matter their age.
AkiraWolf32
Granted VRChat has EU servers, id suggest they find a different vendor for Age Verification, this is a bad look.
AkiraWolf32
GDPR can and WILL fine companies doing this recklessly.
Read the actual GDPR before making claims.
AkiraWolf32
Might be late, but Persona has had multiple data breaches, it is NOT safe.
Red2Blaze
This has been called a while back, I really hope VRChat does give a better option, I don't wish to be limited to what I can do
DeadManParty
I'm glad you were warning about this back then.The use of the word tech bro is absolutely a thought killing affair. But your concerns are in the right place.
DeadManParty
Tech bro? That's your complaint? Here i'm I was singing that persona was a european union based business... and that's what it would be beholden to, if any data went through.And it's still beholden to the g d p r but we all know that with chat control and other age verification sweeping through the legislation of the world.... because of far right and far left interests...
Also they can demonize the normal person, while the governments of the world can abuse children and traffic them with no accountability...
How do we separate rumor from reality?
And better yet, how do we go to the a c l u and other rights organizations and to give them money? So they can fight this?
Donate to the Woodhull freedom foundation
the_real_j
oh, and of course, it got worse: https://vmfunc.re/blog/persona (https://ghostarchive.org/archive/Ak8tZ)
°sky
this has been a concern of mine since the announcement - i would not mind verifying my id if a company was located and operated within the eu with some form of europa agency watching over it.
ideally, vrchat would work with government agencies to use the tools provided by said governments to verify rather than use private for profit companies.
『Gecko』
Yea, definitely not gonna use this service, especially the fact that "posting a selfie + gov ID UNEDITED" is ringing my alarm bells, hell, I don't want to display my name and other sensitive information, while it's all about the age exclusively, on top of that to a company located in the US, which has already class action lawsuits (data abuse) against it, being in charge of this service.
Couldn't VRC find any better company, which is ONLY in the business for verifications without the cluster duck of storing and selling (/ abusing) data for their own profit? Like wth?
『Gecko』
As long as VRC and Persona are not verifying the deletion of the data right away after verifying the user's data for the +18 badge, this will hinder lots of users from using that service. I don't want my sensitive data to be stored by a company with an already existing bad reputation.
DeadManParty
『Gecko』
Where is that class action?Because I really wanna see it.
DeadManParty
『Gecko』 that's the thing all hash data from h verification has something because they have to quote unquote Reverrify people.
Apparently, the chuds on twitter have been talking about this. For months if not years.
Being concerned about data, privacy and all the like
Load More
→