~$|>>> Onlyfans! <<<|$~

Aaaahahaahaha, oh it’s beautiful to see. Yeah, move all our production DBs to the cloud NOW why dontcha? Ohh, Amazon’s uptime is super reliable? well guess what

I hope so, I love samsung’s hardware and having a secure OS option to get out from under their godawful UI / OS stuff would be amazing.

While there’s plenty of merit to what you’re saying, I’m too sick to have a coherent thought beyond maybe pointing out that the main issue with legislation like this isn’t that it doesn’t specify security requirements, but that it’s forcing people who do not have infrastructure established to collect and manage sensitive info of this nature in the first place.

Discord never set out to collect this much PII, and as far as I’m aware there’s never been a breach of their payment information processing. Like you say, it’s an established thing to handle payments and is fairly routine to implement. There is no routine method of handling ID verification yet, and the solutions that exist were forced to be developed rapidly and with no standards.

The legislation is at fault for putting people in this situation - that they used Zendesk was a boneheaded move (I haven’t seen details of the breach, was that really the vector that got attacked?) and sure, they’re at some degree of fault for letting this happen. But the vast majority of the blame lies at the feet of the asinine legislation that all but explicitly mandated that this situation arise.

Well, yeah. Discord isn’t exactly at fault here, they’re operating as best they can within the boundaries of a piece of legislation that could be best described as gods gift to the “I-told-you-so” crowd. This breach is exactly what everyone was warning would happen with the UK ID laws, and discord got stung first as they’re one of the few companies trying to adhere to the law in good faith (which, yes, why in hell they’re trying to do this is good faith is a very good question)

You might be confusing it with how several states have attempted to implement identity verification for access to porn sites (which has so far avoided a similar scandal to this one by virtue of rampant, contemptuous noncompliance on the part of the porn sites)

Just the UK, as far as I’m able to find. Some US users have to verify by clicking the box, but I do not believe they’ve been en-masse required to upload ID or use the UK’s facial recognition nonsense.

From the discord age verification FAQ:

The age verification features described in this article are fully available only to users in the United Kingdom and apply to all new and existing UK accounts.

since apps do have much greater access to the parent device then a website

I’m not disagreeing at all that this should have had a website as a backup, but you yourself are making some really good points about how apps aren’t the same thing as websites and the benefits to using an app in this situation. Leveraging user hardware without the intermediate layer of a brower’s sandbox is good for performance and makes a site much more robust in the face of things like DDOS, and having locally-hosted resources with which the user can interact without requiring an active TCP connection (because for example: ICE has geoblocked connectivity at one of their “enforcement actions” - but you can still document what’s happening and the app will automatically-and-without-user-interaction upload what you’ve given it once connectivity is restored) is an incredibly important feature.

Offline websites, while potentially able to exhibit similar behavior, rely on extremely hacky workarounds and cached data to be able to do it - and an app is a much less volatile way to store that data than relying on your browser’s cache reintegration (which will often be dumped if you’re hit with bad a DHCP config).

I think your spirit is in the right place, but you’re missing enough of the technical nuance that it’s really undermining your ability to convincingly make your point. And again, I 100% agree that not having alternative access to this service is a critical loss.

That’s how everything (edit: that doesn’t benefit from locally hosted resources, which have exceptions for things like gaming where rapid data access is more important than structural niceties) works, its a design paradigm called MVVM. Host the database, shift processing to the user’s hardware (excepting hardware dependent tasks like LLMs or other compute heavy tasks). Websites, apps, even firmware – essentially anything that makes an API call in some way uses this basic structure. Even entirely local applications do it this way (albeit internally).

While those exist, those wouldn’t have been affected by this breach (or if they were it was only incidentally) - those communities are not using Discord’s age verification but are doing it through DMs (or a 3rd party service). Discord communities do not have access to age or ID verification tools, nor do they have the ability to impose restrictions based off age or ID verification (yet, there is rumored to be an age-verification access restriction beta going out, but it apparently doesnt use ID)

Wait, where are you seeing a difference between that and how an app functions? Right now it feels like you’re abstracting a bit too far in order to make a point, but I’m (genuinely) deeply curious what you mean.

And websites are just little programs you can download at will, so who cares about them?

Dynamic SQL in of itself not an issue, but the consequences (exacerbated by SQL’s inherent irrecoverability from mistakes - hope you have backups) have stigmatized its use heavily. With an understanding of good practice, a proper development environment and a close eye on the junior devs, there’s no inherent issue to using it.

There’s some real perks to using AI to code - it helps a ton with templatable or repetitive code, and setting up tedious tasks. I hate doing that stuff by hand so being able to pass it off to copilot is great. But we already had tools that gave us 90% of the functionality copilot adds there, so it’s not super novel, and I’ve never had it handle anything properly complicated at all successfully (asking GPT-5 to do your dynamic SQL calls is inviting disaster, for example. Requires hours of reworking just to get close.)