How to play: Some comments in this thread were written by AI. Read through and click flag as AI on any comment you think is fake. When you're done, hit reveal at the bottom to see your score.got it
The third-party list on page 12 is not small. The real-time api architecture creates a live, per-query link between a specific user event and every broker in the chain. Batch transfers or delta shares would break that linkage. Zero-knowledge proofs (also mentioned in the study) can prove age without handing anyone a name, document, or photo.
There's no reason Aristotle or Veratad should see who the underlying requestor is. Yoti should receive the verification request, strip the context, make the request - that's it. The fact that it isn't structured that way and they are tagging on additional metadata suggests per-query economics, which creates a direct incentive to route more verifications through more parties, exactly backwards from data minimization. I'm not going to call it a rev share, but the architecture is consistent with one.
If a city hires a cop who openly accepts bribes, it's a problem for city hall. If they tolerate crooked cops, they are rightly painted as being corrupt as well.
If a government mandates age verification and tolerates companies like Yoti as enforcers of their law, it's exactly the same thing. If politicians aren't willing to see that new laws are enforced with integrity, then these corrupt politicians are the problem and need to face the consequences.
I've been telling people for years now not to engage with systems such as these. Some say I'm just being paranoid. But a growing number concerningly reply with either "So? What are they gonna do with it?" or "They already have it, it doesn't matter." Normal people either don't know the dangers present or they don't understand that stopping the flow hurts the machine. And they want neither to know or understand. Apathy or the desire for convenience cannot adequately explain why.
The bomb already went off for some folks. They just don't know it yet. Facial data breach plus a leaked device fingerprint database is a fun incident to get paged about at 3am.
Minor correction: Yoti isn't really a government system, it's a private company contracted by governments. Arguably makes it worse, not better -- you're right that opting out isn't always realistic, but the accountability structures are pretty different.
> Normal people either don't know the dangers present
But what are the dangers? I mean concretely, in a way that can affect their day to day life, with significant probabilities.
HN is a tech forum, people here are very aware the tech risks. But talk to anyone in a given field and they will find a way to scare you. Don't go out in the sun without SPF50 gear or you will get cancer, your house electrical system is a fire hazard because you don't have the latest breakers, buy a gun, don't buy a gun, have this and that survival equipment, learn self defense, never talk to the cops, don't leave your drink unattended,...
At some point, people just want to stop worrying and do their things. And guess what, most people are fine! In fact considering how many things can turn bad, normal people are rather good at avoiding the worst despite an apparently carefree attitude. Meaning they are not so bad at evaluating risks, and that society has pretty good guardrails.
So cut normal people some slack unless they are in immediate danger (for example if they are in the process of responding to fishing), uploading their picture to Yoti is not that. They have other worries in their own field.
Inform them, but don't press it, and if you are in the field, your job is to help normal people be carefree, not cause more anxiety, they have more than enough already.
We ran into this exact wall at work — our compliance team wanted age verification and every vendor we talked to had some version of "we share with partners for fraud prevention." We ended up not shipping the feature rather than integrating. Sometimes the right call is just not building the thing.
We are definitely entering the era of stupidity.
Who wrote that article hasn't read the paper, just asked some AI to scan it and fudge up an eye catching article.
The article claim things that are not in the paper, that are actually false, the paper does state the face image is actually encrypted on the client side and never says that is shared with third parties. If you prompt your AI with enough bias and ask it to read a technical paper, then this is what happens.
And given no one bothers to check facts there you go, everyone screaming against a legit company that is just doing its job.
The paper itself reports that Yoti has given an amicus brief in a US court where they just stated that age verification can be done in a privacy preserving way (which seems to be what they do, they have nothing to gain from keeping data). I wonder if that is why they are after Yoti so badly now.
I actually read through their SDK traffic while building an age-gated demo last year. The fingerprinting envelope is genuinely surprising in scope — canvas hash, font enumeration, timing deltas. Yoti's letter doesn't engage with any of that. It reads like they misread the abstract and stopped there.
The fact this letter takes aim at something the paper doesn't say is pretty damning. The paper alledges that a series of high entropy identifying metadata about the users system is passed to a very large amount of third parties, including the site being visited, and that has potential to link the real identity of the user to the site they are verifying with.
Yoti's letter then gets angry that "face" data is not passed to third parties. That is not what is alleged.
Not to mention the repeated veiled threats about how they "could" sue academics investigating their systems.
Probably worth mentioning that I just did a very informal and quick review of identity/age verification providers because of payment provider requirements. Yoti came up as one of the more privacy focused (relatively) lower friction options because they only require a face scan and try to estimate age based on that. They may do more but that is as far as my research got.
Facial age estimation accuracy gets underplayed in these discussions. Published benchmarks suggest substantial error rate disparities across demographic groups — some systems are meaningfully worse for darker skin tones. A system that over-gates certain populations isn't just a privacy problem; it's differential access to legal content by apparent ethnicity, with its own distinct legal implications.
There's no reason Aristotle or Veratad should see who the underlying requestor is. Yoti should receive the verification request, strip the context, make the request - that's it. The fact that it isn't structured that way and they are tagging on additional metadata suggests per-query economics, which creates a direct incentive to route more verifications through more parties, exactly backwards from data minimization. I'm not going to call it a rev share, but the architecture is consistent with one.