11 comments

[ 5.2 ms ] story [ 53.8 ms ] thread
I've long been a big fan of Porkbun, switching over to them from namecheap who I supported from back in the SOPA era. But today Im very frustrated. A friend of mine was required to go through Age ID. This is in Australia and is despite there being no legal requirement to ask for Age ID on domains in Oz.

Yes Age verification for social media was recently enacted into law; but I think we should expect that good companies don't self opt into additional systems of surviellance until such time as they are legally compelled and at the very least have exhausted other options.

It stings harder as I had porkbun pegged as one of the companies standing up for users and pushing back against a surviellance web. Angry and frustrated.

The title is "Why Does Porkbun Require ID Verification for Some Accounts?", and there's no suggestion that it's due to age, the reason given is abuse and fraud.
See what Zuckerberg is talking about, like right now on internet wide compulsory "Age" ID verification, this unforced move by porkbun very relevant.
"Porkbun requires ID verification" is a better title.
That's not selling out. They explain that it's to combat abuse and that this was not their first choice.

By all means move to a different registrar, but deliberate honestly. They are not requiring ID/face scans for the same reason Discord and Roblox are, as your framing suggests.

Sorry to be clear. When you are arbitrarily ask to verify your account not with email verification or robots stuff or a myriad other options; when they reach for age verification as the first thing; and giving up ur gov ID is the only way forward desk okey this never being the best approach to fraud prevention going right back, then yeah this is selling out.
The title here seems both editorialized and inaccurate?

They’re asking for IDs as an anti-fraud measure, not an age check.

Drill into the current news cycle. Zuckerberg is pitching an 'age verification required' internet. LinkedIn and now Porkbun are both falling in line, pre-emptivley. No this is not a done deal. We need to squark if we dont want this.

Legislation is one thing, this is a bad faith move, just dressed up as normal business. It's not.

Who isn't collecting biometric data using shady sites nowadays? Even Hetzner wanted to match my id with a selfie using some really shady site that almost certainly violates gdpr… What's next, will I have to send a stool sample to view posts on Twitter?? Funny how that's not even unlikely nowadays, with slippery slope becoming less of a fallacy and more of a universal law…
Is this a domain registrar? I would think giving them your id would be in your interest...
Similar to LinkedIn's "verified" process, Porkbun uses a 3rd party: veriff.com. https://www.veriff.com/privacy-notice.

It appears that Veriff's data retention is set by their customers (in this case Porkbun). Porkbun's policy says that this information is deleted as soon as they have verified that you "pass." They aren't quite as explicit as saying that they require Veriff to delete it that quickly.

Unfortunately there's a giant loophole in Veriff's policies (emphasis mine):

  (5) Fifth, we store Personal Data only for as long as the retention of data is required by law, a contract *or is necessary for the provision or development of our Services or required for protecting us against legal claims.* At the end of the retention period, we shall permanently erase the Personal Data or anonymize it.