:

YOTI AGE CHECKS LEAK FACIAL PHOTOS TO THIRD PARTIES

INDUSTRY DESK1 MIN READ
TUE, MAY 26, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Yoti's age verification service shares facial photographs and device fingerprints with third-party companies, raising privacy concerns for users seeking age-gated content access.

The age verification platform transmits biometric data beyond its direct operations, according to findings shared on tech forums. Users undergoing Yoti's age checks unknowingly have their facial images and device identifiers distributed to external parties. The practice affects anyone using Yoti for age verification across websites and services. Device fingerprints—unique identifiers tied to hardware and software configurations—are collected alongside facial data. Yoti's data-sharing practices lack prominent disclosure at the point of verification. Users attempting to access age-restricted content face the choice of submitting biometric data with limited transparency about downstream recipients. The revelation prompted 112 points of discussion on Hacker News, with 24 comments addressing privacy implications. Questions emerged regarding consent mechanisms and regulatory compliance under GDPR and similar frameworks. No statement from Yoti was immediately available regarding the scope or purpose of third-party data sharing.

■ SOURCES

Hacker News

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

4H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

4H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

7H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

9H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.