Looks to me like they’re essentially redirecting the request from the normal api to do age checks to their own api, and just saying “Sure, they’re an adult” to discord (since that is all the “proper” api tells them).
Wait… Those amateurs [at discord and the age check company] didn’t even think of signing the check in any way and then verifying the data they get send back? That’s not even hard to implement?!
Well, as I added in the edit. I think they do a bit more and actually fool the verification site since they don’t send the whole image, they do the work locally (which is good, for privacy). So they fake valid looking metadata and then presumably get a signed result back which they dutifully pass on to discord.
Wait… Those amateurs [at discord and the age check company] didn’t even think of signing the check in any way and then verifying the data they get send back? That’s not even hard to implement?!
Well, as I added in the edit. I think they do a bit more and actually fool the verification site since they don’t send the whole image, they do the work locally (which is good, for privacy). So they fake valid looking metadata and then presumably get a signed result back which they dutifully pass on to discord.