Here is a link to a NYT article discussing the same event: <a href="https://archive.is/jDz48" rel="nofollow">https://archive.is/jDz48</a><p>I found the following bits interesting:
“There have been hacks of age-verification providers,” said Mr. Shaffer, a lawyer for the challengers.
Justice Alito responded, “There have been hacks of everything.”<p>And:
Justice Alito, who is 74, said some forms of age verification are painless. “When I try to buy wine at a supermarket, they require me to show an ID,” adding that “I’m flattered by it.”<p>Anecdotally, I just tried to sign up for OnlyFans subscriber account because some friends setup a content creator account as a sexy joke for their friends.<p>The signup process is particularly onerous and invasive of privacy. It requires age verification by government issued ID, and facial recognition via a user submitted selfie. This is for subscribers, not content providers…<p>OnlyFans presents a popup disclaimer stating that:
“You will now be redirected to our age estimation service
Your id is only used to verify your age and will be deleted after 24 hours”<p>However, it sends this data to a third party (Ondato) and requires you to not only submit a government ID, but also (maybe its just for my specific location) submit a photo of your face, so that it can run facial analysis to compare the two. Furthermore, in the terms for this third party service is the following language:<p>- “Where permitted by applicable law, Ondato will retain face recognition data from the age and identity verification process in order to later authenticate your identity.”
- “You may withdraw your consent to Ondato’s retention for such purposes (and request that Ondato delete this data) by contactingprivacy@onlyfans.com . We will relay such requests to Ondato.”
- “Where Ondato has identified possible fraud attempts (such as the use of fake or otherwise manipulated documents) Ondato will maintain a record of such attempts, including face recognition data, for the purposes of detecting unlawful activity and preventing access to the Website.”<p>(1) Ondato site states that “user data storage depends on every client’s Service Agreement.”(1)<p>(2) OnlyFans actual privacy terms say nothing about deleting ID data after 24 hrs, or any specific time period. It instead states the following:<p>“We determine the periods for which we normally retain Personal Data as follows:<p>Providing our Services:
Where we need to use Personal Data to provide you with our Services, or specific parts of our Services, we will retain your Personal Data for the lifetime of your account or as long as necessary to provide you with the relevant feature or functionality of our Services.
Trust and safety:
If you have (or we reasonably suspect that you have) violated our Terms of Service, or where we otherwise need to retain information to identify and report illegal activity or protect the safety of our users and third parties, we will retain certain Personal Data for as long as necessary to conduct our investigations, assist with any investigations by law enforcement or non-governmental authorities (e.g. NCMEC), and enforce any removal of offending users or content.”<p>So in other words, they (including the third party provider Ondato) are essentially allowed to keep your government ID, selfie, and facial analysis data as long as they want, at their sole discretion. I understand keeping content creators safe, and preventing abuse of minors, but use of the site is not worth the risk of my personal data getting breached or used for other purposes (as laws change or as OnlyFans internal policies change).<p>It’s frustrating that the SCOTUS justices are so out of touch with privacy and modern technology.<p>(1)<a href="https://ondato.com/faq/" rel="nofollow">https://ondato.com/faq/</a>
(2)<a href="https://onlyfans.com/privacy" rel="nofollow">https://onlyfans.com/privacy</a>