I'm somewhat knowledgable on privacy topics, pasting my answer to another comment:
The EDPB has explicitly ruled on that, when it comes to age verification^1, you should delete: "Trust models are crucial to prevent data breaches in age assurance contexts [...] once the user's age is verified, no record of the personal data used for the age assurance process is kept".
The EDPB has explicitly ruled on that, when it comes to age verification^1, you should delete: "Trust models are crucial to prevent data breaches in age assurance contexts [...] once the user's age is verified, no record of the personal data used for the age assurance process is kept".
They most likely weren't allowed to keep it past the verification per GDPR art.5. Once the passport has been verified for whatever purpose they needed it ("age verified to be > 18yo on 2026-06-12" or "identity verified to be XXXX YYYY"), there is no legitimate use for the passport photo and details anymore, and they should delete it.
> Zero password protection on document storage systems
>
> No encryption for sensitive identity verification data
>
> Public URL access with no authentication requirements
>
> No access logging or monitoring systems in place
Pretty much the bingo of secure storage, even CTF demos make it less obvious. Storing a document that they have no business keeping in the first place, with no security whatsoever.
This comparison makes no sense. When you buy a ticket to a concert you fully expect to be allowed access to said concert. If it gets cancelled because this or that studio owns some random right you fully expect to be refunded.
> I was already renting stuff when video tapes were a thing
Good for you. These guys also propose rental with a rent button, and a purchase button for what you'd expect be purchasing the movie. Do you still not see what the issue is and why the debate on what word means is anything but sterile?
> Or are you just happy being outraged and will go back to your daily life afterwards ?
Wow, this is gratuitous and extremely belittling. I hope you feel good smelling your own farts.
I sent many an email from [email protected], the veneer of the terminal helping, my friends were quite impressed by how good a hacker I was. Good olde days when many DKIM/SPF weren't a thing yet and SMTP servers weren't even authenticated.
I work on the receiving end of media processing nowadays, and the overlap of variety in formats, codecs, and configurations is frustrating. No two encoders work the same way, and they often "innovate" in fun and varied ways that almost feel like renewed attempts to make decoders crash.
I find interesting the systemic explanation of Bruce Bueno de Mesquita and Alastair Smith in "The Dictator's Handbook"^1: In any publicly traded company, if the executives (or the board) are not ready to do whatever it takes to maximize profit, they will be replaced by people who are. It becomes a selection process creating tyrants. If you're lucky (as employee, customer, or human living on the same planet), whatever it takes might be aligned with employees and customers' interest. When times are bad, whatever it takes has no limits, it becomes a question of survival or progression for business leaders.
I'm curious to see how much that maps with what you identified in your new book! Patagonia is private and under the control of a few benevolent dictators ; Costco and Nordisk are a bit more surprising, I'm keen to know more.