Yoti is used by about 60% of websites and services requiring age verification, including PlayStation, Meta, and TikTok. A report titled “Papers, Please: A First Look at Age Verification on the Web” presented at the IEEE Symposium on Security and Privacy on May 18 says Yoti collects private information beyond what is needed for age checks. The software gathers high-resolution device details such as OS version strings, available RAM, connection type, and CPU architecture, which are not necessary for estimating age. The report warns uniquely identifiable information could enable unpermissioned tracking of the user’s device. It also finds Yoti shares sensitive user information with less user-visible fourth parties, including Stripe, which collects telemetry that could uniquely identify devices and may scrape data from the first-party age-verification website.
"Yoti's age verification software "collects a significant amount of high-resolution data about the user's device" during its checks, even though said information does not appear to be "necessary in estimating the age of a user." This specifically includes information gathered from the device during the age verification process, such as "OS version strings, available RAM, connection type, and CPU architecture.""
Read at Kotaku
Unable to calculate read time
Collection
[
|
...
]