Preface – If I’ve linked you this article, your ID checks can be spoofed in minutes, it’s privacy invading and well beyond your responsibilities in running a server.
About a year ago I went ahead and wrote an article against the common practice on Discord servers to IDs as a form of evidence. In Fort Fennec, we don’t do ID checks, because they’re painfully stupid.
Since then, the problem really hasn’t gone away, in fact it had proliferated and now we are in a situation where many particularly large servers have taken up using it, and it’s becoming a widespread practice. The reason why it’s being picked up so frequently is due to watching other people do it, rather than actually weighing up the merits of the system.
Tom Scott had made a particularly relevant video where he mentions signing up to a bank account, and requiring not only a picture of his ID but also a video of him holding it up and waving at them. To actually achieve the purpose of identifying someone in the current age, you need even more than a picture of an ID.
That’s not particularly news to anyone who had read my previous article, where I make an I.D. that you can use to bypass this trivial barrier. In wake of this, some servers have been requesting timestamps or extra things in the background for the I.D. like writing admin names on a piece of paper.
This doesn’t work either, the process to circumventing it is simple and could take less time than some people would take to do it legitimately:
- Write the required things on a piece of paper, then place any card on top of it.
- Take a picture with the same angle as your pre-prepared fake ID
- Photoshop the fake ID onto the card you have on the piece of paper.
- (Optional) Doctor the image quickly to simulate a cheaper smartphone camera
This can of course also be done with GIMP, a free program.
As mentioned in the previous article, server owners attempt to justify this by suggesting all data but date of birth be censored out, but this actually just makes it easier to doctor the ID and hide the editing work done to prevent reverse image searches.
You could start requesting selfies, but then the ID must then also contain a picture of them, and people are going to object harder. Spoofers will still manage to doctor photos and win this.
Let’s make this perfectly clear. If you have ID checks, your server already has minors in your NSFW channels who used a fake ID.
The truth is that ID checks are the problem and not the solution to the minor issue. Minors who are dead set on hiding are going to bypass your system, particularly if you make it clear that the system is out to get them. In Fort Fennec we allow them to get complacent so that they can be caught and roles restricted, all without having to start collecting up IDs that could be later used for nefarious purposes.
Let’s take this to the nuclear level with a scheme:
- A minor creates a server with NSFW channels, pretends to be an adult and invites their friends, who are in on the scheme
- The minor puts in an ID collection policy, and collects ID images to allow access to NSFW channels.
- All of the minors later use the harvested IDs to bypass future servers. Minors can even get people they are collecting IDs on to put in timestamps and write anything they want as ‘verification’.
If you’re thinking to yourself “Almost nobody will ever do this, we’re safe” remember that providing the ability for schemes like this to work increases their frequency and their effectiveness.
Really, the only people you’re blocking are minors who’ve never seen the system before (and they won’t be fooled twice) and people who genuinely protest to you harvesting IDs from them.