If there’s any one group of people in our society I’d support having always-on cameras, (like Larry Ellison, soon to be part owner of TikTok claims all people should have) it would be law enforcement agents.
You do not get to wield that much power over people without personal sacrifice.
“It’s a violation of my privacy!”- you’re on the job and have the power to ruin or even end someone’s life. Deal with it. Privacy for the governed, not for the wielders of government power.
And to quote an especially important part about one of the Author’s views from that Wikipedia article:
(emphasis added)
Subsequently, Chenoweth has noticed that both nonviolent and armed resistance have been decreasing in efficacy since 2010, concluding that this is the result of authoritarian regimes learning from history, coordinating with one another, and training their armies and police to discourage defections within their ranks. Consequently, Chenoweth has advised that civil resistance movements take these changes into account and alter their tactics accordingly.
To quote even more from this publication, also by one of the authors. (emphasis also added)
The 3.5% participation metric may be useful as a rule of thumb in most cases; however, other factors—momentum, organization, strategic leadership, and sustainability—are likely as important as large-scale participation in achieving movement success and are often precursors to achieving 3.5% participation.
New research suggests that one nonviolent movement, Bahrain in 2011-2014, appears to have decisively failed despite achieving over 6% popular participation at its peak. This suggests that there has been at least one exception to the 3.5% rule, and that the rule is a tendency, rather than a law.
Large peak participation size is associated with movement success. However, most mass nonviolent movements that have succeeded have done so even without achieving 3.5% popular participation.
The key point is this:
The 3.5% figure is a descriptive statistic based on a sample of historical movements. It is not necessarily a prescriptive one, and no one can see the future. Trying to achieve the threshold without building a broader public constituency does not guarantee success in the future.
The very people who publicized this theory in the first place have been repeatedly, publicly trying to clarify that this is descriptive, not prescriptive, yet if you ran with the wording of 50501 and other related movements, you’d think that 3.5% is a magical number that if you pass, the administration instantly backs down. (source: 50501 - Hands Off protest statement: “History shows that when just 3.5% of the population engages in sustained peaceful resistance – transformative change is inevitable.”, emphasis added ofc)
A lot of these protests, especially in bigger cities, have all kinds of booths at them too. The one near me had like 6 for just one congressional candidate, one for a mayoral candidate, and multiple for revolutionary socialists/communists, along with people walking all over the rally handing out fliers about a general strike.
Tons of people sign up for these things, or even if they don’t sign up to strike/canvass, end up changing their voting habits accordingly. A lot of local stuff can be really impactful, since a lot of the policies most directly felt by people are local policies (e.g. is the pothole in front of your house fixed? Is your rent expensive? Is there visible poverty on the streets? Are the buses slow?) rather than federal ones (e.g. “we cut billions in research grants but you’ll only really start noticing the overall effects yourself many years from now”)
I do wish we could just get all the people going to things like this to head over to ICE facilities and block 'em day and night, but it’s a good consolation that they’re taking some other actions regardless.
Navidrome’s alright, Jellyfin has, in my opinion, a bit of a better UI, but not by a huge amount, and it’s handled my metadata a bit better.
Oh, of course the legislation is to blame for a lot of this in the end. I’m just saying that Discord could have already partnered with a number of identity verification services that do already have this infrastructure up and running, with standardized and documented ways to call their APIs to both verify and check the verification of a user.
At the end of the day, Discord chose to implement a convoluted process of having users email Discord, upload IDs, then have Discord pull the IDs back down from Zendesk and verify them, rather than implementing a system where users could have simply gone to a third-party verification website, done all the steps there, had their data processed much more securely, then have the site just send Discord a message saying “they’re cool, let 'em in”
In my opinion, they’re still somewhat at fault, because this was them failing to find and configure their software to work with a third-party identity provider who’s infrastructure was built to handle the security of sensitive information, and just choosing to use email through Zendesk because it was easier in the meantime. A platform that I should note has been routinely accessed again and again by attackers, not just for Discord, but for all sorts of other companies.
The main problem is that legislation like the Online Safety Act require some privacy protections, like not collecting or storing certain data unless necessary, but they don’t require any particular security measures to be in place. This means that, theoretically, nothing stops a company from passing your ID to their servers in cleartext, for example.
Now compare this to industries like the credit card industry, where they created PCI DSS, which mandates specific security practices. This is why you don’t often see breaches of any card networks or issuers themselves, and why most fraud is external to the systems that actually process payments through these cards. (e.g. phishing attacks that get your card info, or a store that has your card info already getting hacked)
This is a HUGE oversight, and one that will lead to things like this happening over and over unless it becomes unprofitable for companies to not care.
These were images of people’s ID’s, along with photos of their faces to check for a match, not stock photos or even just real selfies on their own.
These were photos submitted via the compromised support provider (Zendesk) via the Discord support portal.
Automated age verification via their partner (k-ID, which has its own issues) is a separate system, which was only available to some users. Other users had to contact Discord support manually and submit photo ID, which went through Zendesk, which was then compromised in this breach.
Additionally, for the automated process, it’s the video selfie that’s on-device and never transmitted, but photos of your ID and selfie photo are transmitted, just supposedly deleted afterwards. Those ones are *not included in this breach, as far as we’re aware, as it’s an entirely different third-party with wholly separate infrastructure.
Great article, would highly recommend anyone with the time give it a full read through.
Wikipedia is incredibly valuable, and insanely well edited and put together, and we’re all lucky to have something like it available for free.
It counts as protest, but not sustained protest, which is usually a decisive factor for if a protest will succeed in affecting anything. Even if every employee of a company left for a day, if they all came back the next day and resumed working, it wouldn’t be hard for the business to get back up and running, then just put systems in place to account for that in the future, but if those employees strike for months, suddenly all the business’s systems begin to fail without maintenance, customers leave because of no service, and the business goes bankrupt.