[allworknoplay]

Oh! You're the company who -- when I was requesting the non-consensual tome of personal data that Sift keeps on me (and basically everyone else in the US and other coutries) -- refused to accept my straight-faced selfie and instead specifically insisted over and over again that I need to look "joyful or happy" and try again.

I get (in retrospect, after research) that you're asking for a real-time face pose change for better identity verification, but do you realize how dystopian it feels when someone is fighting with an opaque bureaucracy and the process demands that they smile about it?

You should try expressing a rationale up-front so it's not so Orwellian.

[ericlevine]

Completely understand and sympathize with that. We absolutely can (and will) do a better job of conveying the intent of the different checks here. The pose change requested is randomized, but I get that this can be frustrating.

I know you already get this, but for posterity, the idea here is to make sure the person submitting their ID is actually in front of the computer (and can react to a prompt). Attempting to use a still photo is a common way a bad actor may try to circumvent these protections. Obviously correctly identifying someone in the case you described is extremely important given the sensitivity of some of these data access requests.

Orwellian isn’t exactly the vibe we’re looking for, though, so we can do better here.

[1996]

So you require someone's PICTURE to deliver the data you gathered on that person? To further augment your digital stash? Or train your models to recognize said person? (after which you delete the picture, logical - storage space costs money)

I hope I'm wrong somewhere.

If I'm not, I don't think I want to do business with you, or to ever have my ID checked by you if it means you'll get to keep my data- then ask me for an up-to-date picture to improve your collection when I object to that.

[sinalet]

So the purpose of taking a picture of yourself is to make sure that the photo as depicted on the ID matches the person who is completing the flow. This is important as a stolen ID should not be usable for the purposes of online identity verification. We’re not in the business of selling your data, but of providing a secure, privacy-oriented way for businesses that have to perform ID checks to do so. In the situation described above, we’re providing identity verification services for Sift in the context of the data subject access requests they’re receiving.

[allworknoplay]

As OP in this thread, this is a complete mis-read of the situation; you should re-read the other comments and consider removing this one.

[1996]

They say the photo is to make sure someone is not using a copied ID - I believe them. Makes sense.

They say the photo will be removed - I believe them. GPDR, California laws, good will, storage is expansive, etc.

What I won't trust anyone with, is what they will do with the data created from this photo that is not the photo itself.

[allworknoplay]

That's really nice to hear -- thanks for the reply! A "Why do we ask this?" link would probably be optimal.

I do get the aim, but it took me a while --- I'd wondered if it was simply data collection for more classifier training or something, which felt like a dodgy extra ask along with a verification service (even if it's the same strategy as recaptcha).

[ben1040]

>when I was requesting the non-consensual tome of personal data that Sift keeps on me

I hope Berbix has a plan here for the fact that when sketchy companies use their service, it will make them look sketchy by association.

[sinalet]

We're rather selective in terms of which customers we serve given that we see the verification of someone’s identity as a privilege rather than a right.

With respect to Sift, we see them as good stewards given their narrow focus of preventing fraud as opposed to data brokers that sell your data to ad networks, hedge funds, etc.

Sift has taken a privacy-conscious approach to responding to data access requests by ensuring the individual is in fact who they say they are. We’re proud to help them prevent fraudulent access to sensitive personal information.