Today saw the full introduction of the requirements outlined in the Online Safety Act in the UK, requiring “robust” age checks for users to access adult content online. People have already managed to find ways around at least some of these verification requirements after *checks watch* less than 24 hours.
Earlier today, our James stumbled across people using Sam Porter Bridges selfies to bypass Discord’s age verification, from this post from DanySterkhov on X.
Naturally, we thought to take this infiltration method for a spin. The result? (Cue Deux Ex music.) James was able to bypass the new verification system and exfiltrate key NSFW data without alerting the system to intrusion. (They did it in the name of science).
Basically, it worked! We’re enjoying smutty Baldur’s Gate 3 fanfics on Discord again. Not that we couldn’t anyways, we’re all 18 or older here. Nor are we telling you to circumvent these restrictions. Adult content is for adults. But it is a fun hack, and a good way of keeping your actual face far away from Discord’s age verification system, K-id.
K-id is able to verify users in one of two ways: Face Scan or Scan ID. The latter is fairly self-explanatory, but the former uses checks to verify how old you look to see if you’re good to view whatever adult content you’re hoping to view. Discord essentially demands age verification for the following:
- When unblurring or changing settings for the Discord Sensitive Media Filter
- When changing Message Request settings
- When trying to access age-restricted (18+) channels
Now, K-id claims it does not permanately store any video selfies or personal identity documents after a user’s age is confirmed, so sayeth the Discord support page. That means it’s not the end of the world if you did upload your actual face, in theory, though I understand some aren’t too comfortable with that prospect either way. That also means it won’t know you used Sam Porter’s face once you’re verified, as it has no way of ‘checking the records’, so to speak.
The method requires using a phone for the Discord age verification, opening Death Stranding’s Photo Mode, and preparing a close up of Sam Porter, played by one Norman Reedus.
The K-id Discord ID verification is designed to weed out would-be imposters, and asks user’s to open and close their mouth to verify they’re a real person. Thanks to Kojima’s attention to detail, that’s easy enough in Death Stranding, as ‘Sam’s expression’ bar lets you pick through facial expressions. This requirement for facial movement appears to weed out, say, using an image of a game character on the cover of PC Gamer magazine, but it’s not much of an issue for games or even AI to circumvent.
We weren’t sure whether it would work for us because Sam was wearing his otter cap in our James’ save file, but it worked just fine, and took about thirty seconds from start to finish. Thirty seconds for infiltration, and another thirty for Baldur’s Gate 3 fanfic data exfiltration.
Now I suppose we shouldn’t take the UK government’s age verification requirements to have amounted to nothing because of this. It is just one of many possible age verification methods used across websites to answer the UK government’s call for more stringent measures. It might not be so easy with other solutions.
But it’s at least something to consider, along with the threat the bill might pose to our privacy thanks to vagaries of the language surrounding online encryption, as we shuffle ever closer to the gates of the digital panopticon. Still, I guess it tries to stop some people from seeing things they shouldn’t, which isn’t a bad thing; it’s just difficult to get a bead on whether it actually will achieve that, and doesn’t water down UK citizens’ privacy too much in the process.
