The real and robust method will be generating artificial video input instead of the real webcam. I really don’t think any platform will be able to counter this. If they start requiring to use a phone with harder to spoof camera input, you will simply be able to put the camera in front of a high resolution screen. The cat and mouse game will not last long.
> you will simply be able to put the camera in front of a high resolution screen
Are you sure it's that simple? How high does the resolution need to be for the camera to not be able to tell? And I'm sure there are sublet clues. Remember, you can't modify the photo or change the camera.
I don't understand why (mostly) young people put so much effort into remaining customers of a service that is actively hostile against them and that they do not like. Does the convenience of remaining on a service you don't like the management of outweigh the mild effort to find an alternative solution?
Is this not easily patched by the provider encrypting and signing the whole payload? I would have thought that would be table stakes for an identity provider.
Age verification itself isn't such a bad thing. I feel most people are more angry about having to verify their actual identity. Every ad provider knows your address and complete identity every time you log into anything though. I guess its the illusion of anonymity that's so popular.
I suspected something along these lines was possible when I looked at this provider a couple months ago.
If I recall, I had a fairly decent view of their various checks because it was delivered completely unminified, including a couple amusing sections and unimplemented features. (A gesture detector with the middle finger gesture in the enumerable commented out, for example...)
Another attack vector that I speculated upon was intercepting and replacing their tflite model with ones own, returning whatever results required.
Additionally, I believe they had a check for virtual camera names in place, as checks would quietly fail with a generic message in the interface, but show the reason as being virtual camera within responses. (Camera names are mutable though, so...)
57 comments
[ 3.8 ms ] story [ 61.2 ms ] threadAre you sure it's that simple? How high does the resolution need to be for the camera to not be able to tell? And I'm sure there are sublet clues. Remember, you can't modify the photo or change the camera.
{"error":"error parsing webview url"}
Edit: Apparently my discord account is in some kind of A/B feature test that uses a different verification provider, Persona
narrator> And that's when he discovers his account has now been hacked...
;)
If I recall, I had a fairly decent view of their various checks because it was delivered completely unminified, including a couple amusing sections and unimplemented features. (A gesture detector with the middle finger gesture in the enumerable commented out, for example...)
Another attack vector that I speculated upon was intercepting and replacing their tflite model with ones own, returning whatever results required.
Additionally, I believe they had a check for virtual camera names in place, as checks would quietly fail with a generic message in the interface, but show the reason as being virtual camera within responses. (Camera names are mutable though, so...)
Apparently Twitch doesn't like Mozilla Firefox...