:

YOTI AGE CHECKS LEAK FACIAL PHOTOS TO THIRD PARTIES

INDUSTRY DESK1 MIN READ
TUE, MAY 26, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Yoti's age verification service shares facial photographs and device fingerprints with third-party companies, raising privacy concerns for users seeking age-gated content access.

The age verification platform transmits biometric data beyond its direct operations, according to findings shared on tech forums. Users undergoing Yoti's age checks unknowingly have their facial images and device identifiers distributed to external parties. The practice affects anyone using Yoti for age verification across websites and services. Device fingerprints—unique identifiers tied to hardware and software configurations—are collected alongside facial data. Yoti's data-sharing practices lack prominent disclosure at the point of verification. Users attempting to access age-restricted content face the choice of submitting biometric data with limited transparency about downstream recipients. The revelation prompted 112 points of discussion on Hacker News, with 24 comments addressing privacy implications. Questions emerged regarding consent mechanisms and regulatory compliance under GDPR and similar frameworks. No statement from Yoti was immediately available regarding the scope or purpose of third-party data sharing.

■ SOURCES

Hacker News

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

A Cambridge study reveals that terrorist organizations including Boko Haram and ISIS are using ChatGPT, Claude, and Gemini to plan attacks and develop weapons. Safety filters designed to prevent such misuse have repeatedly failed.

JUST NOWAI Desk

The Australian Cyber Security Centre has issued an alert about coordinated exploitation of vulnerable content management systems and plugins worldwide. The campaign targets organizations using outdated or unpatched CMS software.

2H AGOAI Desk

Artificial intelligence discovered a critical security vulnerability in Linux kernel code that human developers overlooked for over a decade. The bug could allow unauthorized root access to systems.

7H AGOAI Desk

Researchers have demonstrated a new attack called 'Ghostcommit' that hides prompt injections in PNG files to fool AI code reviewers and agents into exposing repository secrets.

9H AGOAI Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.