The idea dates back to when the social platform had its old, familiar Twitter name and is part of Elon Musk’s plan to turn Twitter (now X) into “the app for everything”.

“Based on your consent, we may collect and use your biometric information for safety, security, and identification purposes,” the updated policy reads.

Biometric data can be extracted from both the identity card and the image for matching purposes.

“This will additionally help us tie, for those that choose, an account to a real person by processing their government issued ID. This will also help X fight impersonation attempts and make the platform more secure”, X said in a statement, TechCrunch reported.

Although X hasn’t specified what it means by biometric information, it is usually used to describe a person’s physical characteristics, such as their face or fingerprints. X also hasn’t provided any details about how it plans to collect it.

Last month, ex. Twitter was named in a proposed class action alleging that the company improperly captured, stored and used Illinois residents’ biometric data, including facial scans, without consent.

“We may collect and use your personal information (such as your employment history, educational history, employment preferences, skills and abilities, job search activity and engagement, and so on) to recommend potential jobs for you, to share with potential employers when you apply for a job, to enable employers to find potential candidates, and to show you more relevant advertising,” the updated policy reads.

Perhaps this would largely reassure users and even make people like the idea of collecting this type of data. But is there something deeper behind this? It remains to be seen.

In the meantime, some interesting facts about biometrics:
Did you know that since ancient times, different nations have used biometrics for recognition and identification. In Babylon, China, Japan, Assyria, etc. fingerprints were used in making commercial transactions, marriage and other contracts.

And more…
The first attempt at a biometric relatively new identification system was created by Edward. Р. Henry and Francis Guilton included a fingerprint identification method, and the method itself was called – “fingerprint copy”. Interestingly, it was introduced first in India in 1876 and then in England in 1901, and within a few years was successfully integrated in almost all countries of the world.

The security weaknesses were discovered and reported by Japanese security researcher RyotaK, who in the past has disclosed critical vulnerabilities in the Homebrew Cask repository and Cloudflare’s CDNJS library. He was awarded a total of $3,000 as part of the bug bounty program.

The list of three vulnerabilities is as follows –

Vulnerability in Legacy Document Deletion on PyPI – An exploitable vulnerability in the mechanisms for deleting legacy documentation hosting deployment tooling on PyPI, which would allow an attacker to remove documentation for projects not under their control.

Vulnerability in Role Deletion on PyPI – An exploitable vulnerability in the mechanisms for deleting roles on PyPI was discovered by a security researcher, which would allow an attacker to remove roles for projects not under their control.

Vulnerability in GitHub Actions workflow for PyPI – An exploitable vulnerability in a GitHub Actions workflow for PyPI’s source repository could allow an attacker to obtain write permissions against the pypa/warehouse repository.

Successful exploitation of the flaws could result in the arbitrary deletion of project documentation files, which has to do with how the API endpoint for removing legacy documentation handles project names passed as input, and enable any user to delete any role given a valid role ID due to a missing check that requires the current project to match the project the role is associated with.

A more critical flaw concerns an issue in the GitHub Actions workflow for PyPI’s source repository named “combine-prs.yml,” resulting in a scenario wherein an adversary could obtain write permission for the main branch of the “pypa/warehouse” repository, and in the process execute malicious code on pypi.org.

On Tuesday, Pornhub announced more details on how it plans to address abuse on its platform, including expanding its human moderation team, a transparency report, and introducing biometric technology to verify users who upload videos. This announcement came after claims that the platform hosted child sexual abuse material. Many major payment processors including Visa and Mastercard suspended services to Pornhub indefinitely following those allegations. Consequently sex workers who use the platform for income said this will deffinitely harm them.

https://twitter.com/the_dylanthomas/status/1356753730914291713

The announcement clarified that the verification will still be limited to people in Pornhub’s Model Program, and will be done by Yoti, a digital identity verification company, by providing a current photo and government -approved identification document. According to the statement:

“Yoti will check the validity of the ID document and match the user’s ID document to their photo using secure biometric technology“.  

Pornhub promised more details about how verification would work in the new year—while fetish and trans creators wondered if identity verification would exclude them from using the platform. On a Twitter post of the trans performer Dylan Thomas, Yoti clarified the current situation and linked the announcement of the partnership from 2019 that says the organizations are working together to make the process of proving one’s identity more inclusive.

Other portions of the expanded policies include details about how moderators will “regularly monitor search terms within the platform for increases in phrasings that attempt to bypass the safeguards in place.”

A Motherboard investigation in 2020 found that Pornhub users could bypass the platform’s moderation efforts with slightly modified search terms. Platforms like Facebook and YouTube have been criticized in the past about their poor labor practices for moderators who have to view violent or sexually explicit content all day.

“Much like Facebook, Instagram, Twitter and other tech platforms, Pornhub seeks to be fully transparent about the content that should and should not appear on the platform,” Pornhub said in the statement. “This report will be the first of its kind among adult content platforms, setting the standard for transparency and accountability in the industry.”

Motherboard reached out to Visa and Mastercard to ask if the expanded policies will affect their policies on payment suspensions. Visa said that the suspension for Pornhub remains in effect until it completes its ongoing investigation, Mastercard did not respond.