Dad stuck in support nightmare after teen lied about age on Discord
- Thread starter JournalBot
- Start date
RickRoyLeonPrisZhoraRacha
Ars Scholae Palatinae
There is nothing more heartbreaking than to watch your child/nephew/niece break down in tears that they've lost their friends/contacts when they did absolutely nothing wrong. Remember, their brains aren't developed fully, nor do they understand (FFS, look at the missing children for centuries!) that there are predators on these platforms...whether to abuse, steal or harm others. And these platforms are about monetizing users, not protecting them. Plus now, parenting (no wonder population in decline) is more difficult in monitoring or access to the internet. Its no longer, "be home for dinner" as your child walks 1/2 mile to friends house. While you can supervise, enable "parental controls", did they teach that in school/college, you as a parent are responsible. Get off that smartphone and raise your family! -off my soapbox
Upvote
25
(30
/
-5)
This isn't true the way it used to be. Parents these days are millennials, Xers and Gen. Z. It's not the Boomers anymore.
Upvote
32
(39
/
-7)
There are schemes they could implement to verify that users of a site are over 18 without forking over your personal information to that site.
Upvote
25
(27
/
-2)
As someone who is relatively competent I can tell you that "parental controls" are often broken (Apple controls suck, Microsoft's largely sucks, Nintendo does a good job) and if you want to do it for real you need good 3rd party tools and you need to lock down things at the network level. If you're in a situation like me with a very smart AuHD kid committed to the fight over video games, it's a battle where everyone loses.
I'll never forget learning that he'd figured out my Apple Watch passcode and used that access to get my Microsoft password from Lastpass and used that to access all EVERYTHING from my desktop PC, and that he'd been sneaking around with full control of everything for several months, sending me token requests for time to keep me unsuspecting... He was 10.
Or when he was sneaking in a Chromebook from school and using my USB-C dock to connect it to our network via ethernet because I had the wifi locked down. I think he was 14.
Upvote
80
(81
/
-1)
How could the site positively confirm a person's age without someone surrendering their government ID?
Upvote
1
(8
/
-7)
It would be easy to develop an AI bot to recognize behavior that indicates an account has been hacked - e.g., share a malicious link, solicit financial information, solicit login information. And these are just some simple rules. AI excels at recognizing patterns. Train it on the posting behavior of known hacks and it becomes much more effective at recognizing problems.
But I guess there's no profit in that.
But I guess there's no profit in that.
Upvote
14
(15
/
-1)
While you are correct about which generations are parents now, don’t underestimate how many younger-than-boomer people are technically incompetent. People often assume that anyone born since around 1975 is a “digital native”, but it really isn’t true. Yes, they will generally be more used to it being around, and even with using it, but it doesn’t mean they’re any more technically adept or competent. This misunderstanding leads lots of IT product designers to make bone-headed assumptions about what their users will know. And many of the people — including younger ones — who don’t know what the question or warning in front of them means will simply ignore it and consequently make a “wrong” decision.
As someone who used to work in user interface design (including user testing) and IT retail, I assure you, the average young person knows far less about technology than people assume.
Upvote
61
(62
/
-1)
"Once Frey realized his daughter had been hacked, he assumed that Discord would promptly intervene, recognizing that many minor victims on her friends list could be harmed the longer the attacker kept control".
It sounds to me that they were trying to be good citizens and prevent further harm to others. Maybe I'm super naive to believe everything I read, but there was an article in the last year I read about extensive rings of people extorting minors on social media to get them to provide CSAM of themselves. From this article, they themselves were subject to an extortion attempt to recover the account. Without knowing the extent of her friends list or if they even had alternate means to contact all of them, we don't know if they could warn everyone.
Upvote
28
(28
/
0)
I have my own support sob story here.. When my son was born I opened a Google account to reserve a sensible name for him in the future. When he was old enough I gave him the account to use. In the duration Google changed their policies and to their credit there was an near-automatic system to correct the age. Great, it a proper minor account and it gets linked to the parental supervision.
Now step in Fitbit. He had a kids Fitbit device and it was working great. Then Fitbit forced an upgrade to Google accounts. No problem right? Somehow Fibit thinks his account is an adult account and you absolutely cannot pair a child Fitbit device to an adult Google account. Lots of stories on the internet about this exact problem. Crying children at Christmas when the parents can't make their Gift work. Fitbit support couldn't fix it or perhaps understand what was wrong. We ended up throwing out the Fitbit. Years later it is still broken.
Support said make a new Google account. No, I'm not doing that, he already has stuff in his account I want to keep, and you certainly can't have Fitbit use a different Google account from the Android phone's base account!
Writing this motivated me to look at the current state of affairs, perplexity says I have to remove the Fitbit service from the google account, wait 90 days and then it might start working again. So at least they recognize the problem..
There is a story in our local news, Meta decided to randomly cancel one of the local restaurants Instagram accounts. They never got it back. Lost all the marketing they had done, no recourse.
Sigh, it's dystopian.
Now step in Fitbit. He had a kids Fitbit device and it was working great. Then Fitbit forced an upgrade to Google accounts. No problem right? Somehow Fibit thinks his account is an adult account and you absolutely cannot pair a child Fitbit device to an adult Google account. Lots of stories on the internet about this exact problem. Crying children at Christmas when the parents can't make their Gift work. Fitbit support couldn't fix it or perhaps understand what was wrong. We ended up throwing out the Fitbit. Years later it is still broken.
Support said make a new Google account. No, I'm not doing that, he already has stuff in his account I want to keep, and you certainly can't have Fitbit use a different Google account from the Android phone's base account!
Writing this motivated me to look at the current state of affairs, perplexity says I have to remove the Fitbit service from the google account, wait 90 days and then it might start working again. So at least they recognize the problem..
There is a story in our local news, Meta decided to randomly cancel one of the local restaurants Instagram accounts. They never got it back. Lost all the marketing they had done, no recourse.
Sigh, it's dystopian.
Upvote
40
(42
/
-2)
I get the feeling you do not understand the complexity of the intersection of pervasive technology and parenting. Even if you have your own kids, what you propose is simply too draconian and unworkable for many families.
Upvote
22
(28
/
-6)
Imagine if we got an actual presidential candidate who had data privacy as the tent pole to their entire campaign?
I wonder if they'd get JFK'd before or after winning the election.
I wonder if they'd get JFK'd before or after winning the election.
Upvote
4
(9
/
-5)
So they say they will automatically set people BACK to being teens based on their review of accounts - and following the new age-gating rules - but they also say that they CAN'T do that once an account is created?
Then in this case they prove that they CAN they just don't WANT to.
It should just be a flag, which it looks like it is. I mean they have to be able to reset the account to be "of age" when they do become 18.
They just don't want to disentangle it from all the additional bs the account got associated with.
Also, why did she need to say she was 18? If you only need to be 13 why didn't she just only say one year was different? Did all of her friends lie then?
And throwing it back saying "well, she wasn't even supposed to BE here" is just top level BS. You didn't have a plan in place for situations where people would -gasp- lie?
Then in this case they prove that they CAN they just don't WANT to.
It should just be a flag, which it looks like it is. I mean they have to be able to reset the account to be "of age" when they do become 18.
They just don't want to disentangle it from all the additional bs the account got associated with.
Also, why did she need to say she was 18? If you only need to be 13 why didn't she just only say one year was different? Did all of her friends lie then?
And throwing it back saying "well, she wasn't even supposed to BE here" is just top level BS. You didn't have a plan in place for situations where people would -gasp- lie?
Upvote
20
(20
/
0)
jm_leviathan
Ars Scholae Palatinae
I recall briefly using Discord for voice chat in World of Warcraft, like, a decade ago? When I hear about it now, it sounds like it's become Facebook or something. Kids these days...
Last edited:
Upvote
8
(10
/
-2)
Upvote
-18
(8
/
-26)
This seems to be par for the course for nearly all services these days. Last year an elderly family member lost control of an email address tied to a bunch of paid services. Surprisingly AOL actually offers support and helped with the account recovery, but a bunch of other services offered no help at all. The only way to cancel some services was to do a CC charge back which triggers a TOS violation and account closure.
Teaching that family member to use a password manager and 2FA is something I wouldn't wish on anyone. Ultimately with their knowledge we setup another device with all their credentials that we control to monitor notifications and emails.
Teaching that family member to use a password manager and 2FA is something I wouldn't wish on anyone. Ultimately with their knowledge we setup another device with all their credentials that we control to monitor notifications and emails.
Upvote
15
(16
/
-1)
Indeed. Start a new account with correct information and have your friends block the old account. Lesson learned and move on with life. Also, although the Dad claims to be tech savy, he utterly failed to teach the importance of 2FA.
Upvote
1
(15
/
-14)
Parents should teach the habit of using a password manager and storing the mismatching security questions and answers in said database. Said password manager should only be ran locally as well.
Upvote
-14
(8
/
-22)
Upvote
36
(36
/
0)
The best way to "intervene" is to be proactive, not reactive. If you're reacting, you're already fucked.
And it's NOT THAT HARD. The trick is to assume all new contacts are soul sucking vampire zombies and treat them accordingly. And that's it. Everything else should follow. I mean, it's not like us old fucks are just out of the cradle. We've seen some shit. So tell them that NO ONE can be FULLY trusted.
Ever. Anywhere.
As it SHOULD be everywhere, and especially on the Internet, trust is earned. That applies to all ages, all genders, all everything. It should be a VERY high bar to clear, and never given unconditionally. And anyone who asks you for any PII for any reason should be treated like they have the plague.
If that's the attitude people used all the time online, a lot less of this shit would happen.
It's not about what they say or do that should set you off. It's that they exist in the first place and are talking to you. Be suspicious, always.
Upvote
20
(21
/
-1)
Isn't this more likely to be part of the teen by default policy that's been widely reported on?
I wouldn't dispute that this tension is there (for every platform), but I'd like to see a more substantial argument that it's sweepingly true of Discord, which remains mainly subscription based so far as I'm aware. Neither the author, nor the EFF spokesperson have shown their work to get to this conclusion.
Upvote
-5
(2
/
-7)
If he’s only using 2 emails he’s got it pretty easy. I use a different email for every single website/service I use, including one dedicated to discord (a domain I own).
Upvote
-5
(4
/
-9)
It sounds like the hacker enabled two-factor authentication, which might have made email recovery impossible.
Upvote
11
(11
/
0)
IMO, not relevant to the story.
And frankly, while it's not ideal to lie about your age online, it's also (as the article pointed out) pretty damn common - and that's not totally bad either. My concern here is that she said she was an adult, not an older teen. But kids in the tween/teen age range want to push boundaries, to interact with their friends in ways parents can't directly monitor, to break some rules and feel like they're in control of some part of their life. That's age-appropriate, developmentally.
I'm not trying to suggest there shouldn't ever be consequences for any of this, but this also isn't a case of a kid doing something extraordinarily wrong. It's pretty par-for-the-course behavior for a teen.
Upvote
40
(42
/
-2)
I really hate that the show-your-ID/AI-enabled-verification approach is being positioned as a solution to all this.
The underlying concern is real, and is made worse by platforms' realization that it isn't necessary to invest in actual customer support.
But the problem isn't one that will be fixed by us all agreeing to send images of sensitive and personally identifiable information to be ingested by huge tech companies and whatever AI hook-in they're using this week. No, that'll just give them more data to sell/abuse.
The underlying issue is that they really don't give a damn about individual user experience, because that's not where the money comes from. And I don't see that changing with the age-verification stuff; that's 100% a way to provide plausible deniability for the companies while profiting off user data.
The underlying concern is real, and is made worse by platforms' realization that it isn't necessary to invest in actual customer support.
But the problem isn't one that will be fixed by us all agreeing to send images of sensitive and personally identifiable information to be ingested by huge tech companies and whatever AI hook-in they're using this week. No, that'll just give them more data to sell/abuse.
The underlying issue is that they really don't give a damn about individual user experience, because that's not where the money comes from. And I don't see that changing with the age-verification stuff; that's 100% a way to provide plausible deniability for the companies while profiting off user data.
Upvote
32
(32
/
0)
Site generates a token like this:
{ hash( site + userid + secret_salt ), age >= 18 }
User gives the site to some kind of trusted holder of personal information (say, your state DMV). If the rule is true, the DMV signs the token. The user then returns the signed token to the site. The site then checks the signature against the public key for the DMV.
The site knows the user is over 18 but nothing else about their identity, the DMV knows they verified the someone ages but doesn't know why/for what site. Because you're the one handling the token, you can see the information they're asking to be verified.
This is incredibly easy to implement. There are a buch of existing information-holders that could implement this (DMVs, Login.gov, credit bureaus, etc.) with pretty small amounts of effort. The scheme could also be used to verify all kinds of information and could be used by anybody.
Upvote
18
(20
/
-2)
Wrong. The platform is a machine and no machine takes anything "seriously." It responds according to its design, and if its designers didn't anticipate your particular situation, too bad and good luck. A human in the loop might take your situation seriously, but because humans are cost centers which hit shareholder value humans are to be avoided in any startup with ambitions of "scale."
This is the Machine we're building folks. Perhaps the anarchists have a role here after all...
Last edited:
Upvote
13
(14
/
-1)
Lesson learned. Actions have consequences. Not always right away.
Upvote
-14
(4
/
-18)
Indeed. A stupid world that we (by some definition of "we") are actively making stupider by the day.
Upvote
-3
(2
/
-5)
Well the guy was apparently more concerned about letting the minor engage with her "pals" on Discord. Right.
Upvote
-13
(5
/
-18)
I would create a separate google account specifically for the fitbit. first.last.fitbit@gmail.com or something similar. Have that email account automatically forward to his real email account, sync calendars, etc.
Nothing says you have to get rid of the old account when you create the fitbit account.
Upvote
10
(11
/
-1)