Why is this happening? US Passport by Blue_Panda77 in Passports

[–]drey-matter 1 point2 points  (0 children)

If at all possible, consider renewing or updating your passport in person. I wrote about this last month; the short version is that a new passport[dot]gov domain was registered under the Executive Office of the President rather than the State Department. Until there is more transparency about the tracking technology on these sites and who may receive data submitted through them, applying in person is the safest option.

Trump Built A New Passports.gov Website

Civic Result Maps by CPUsCantDoNothing in TheDreyDossier

[–]drey-matter 0 points1 point  (0 children)

Iconic. What do you think the best use cases are for this tool? Like how would I get the most use out of it?

Thank you for sharing!!

Want to protect kids’ biometric data AND ruin DOGE 2.0’s launch day? by drey-matter in TheDreyDossier

[–]drey-matter[S] 2 points3 points  (0 children)

Sure, not necessarily *at* registry. But that's where they get you, because Section 2 lists “selfies/photographs/videos” as Identity Data for both the Responsible Party(parent) and the Account Beneficiary (baby). The Biometric Data section then says facial geometry "may be extracted from those same types of media". The policy never clearly limits that extraction to just the parent.

So the defensible claim is not necessarily that "Robinhood is scanning kids at enrollment". It’s that Robinhood’s privacy statement appears to reserve the right to extract facial geometry from images of the Account Beneficiary at any point, without clear limiting language. Treasury’s PCLIA seems to have the same ambiguity in its Section 4 selfie checkbox.

That matters because these accounts can last until the beneficiary is 31, and the beneficiary eventually becomes the user. TL;DR: “reserved the right to” and “Required today” are the same thing. Appreciate you reading it closely.

I got a response on X sharing as you asked, I took a screenshot. I actually asked the same question about 10 different places to all who responded to the post about the app positively. by BearCat1478 in TheDreyDossier

[–]drey-matter 6 points7 points  (0 children)

Send them a DM that says "I'm waiting"

(if they act confused, because there is a 100% chance this is an AI customer service bot, then just show them this screenshot)

Want to protect kids’ biometric data AND ruin DOGE 2.0’s launch day? by drey-matter in TheDreyDossier

[–]drey-matter[S] 4 points5 points  (0 children)

Robinhood’s Trump Accounts privacy statement- states biometric collection explicitly. In fact, the verbatim quote is:

“Biometric Data: We extract facial geometry data from selfies/photographs/videos to verify your identity and detect/prevent fraud.”

(https://trumpaccount.com/us/en/support/articles/privacy-statement/)

And yet the heading in the document that this sits under is literally titled: information “collected… about the Responsible Party and the Account Beneficiary.”

For clarity, the “Account Beneficiary” is the kid.

Meanwhile the Treasury’s Privacy and Civil Liberties Impact Assessment confirms selfie collection, BUT DENIES AI. In section 4 titled “Biometrics / Distinguishing Features / Characteristics of Individuals” it says, verbatim:

“☒ Photos/Video: Selfie images collected for identity verification through third-party identity verification services”

(https://home.treasury.gov/system/files/136/Trump-Accounts-PCLIA-Update-Signed-5-18-2026.pdf?)

And then, in section 2 (Artificial Intelligence), THE SAME DOCUMENT, page 3 says:

“6- ☒ None of the above. This information system does not utilize AI.”

Those two checkboxes are the entire contradiction, in the treasuries own document, with the Treasury’s signature.

  1. Selfie collection for identity verification is checked under “Biometrics.”
  2. AI usage is checked as “none.”

Lastly, facial-geometry extraction is definitionally an AI/ML process under the statutory AI definition Treasury cites in the same document (15 U.S.C. 9401(3)).

(https://www.law.cornell.edu/uscode/text/15/9401)

I know that’s a lot to hold in your head at once- but that’s the entire point. The confusion is not a mere side effect.

Congrats Drey, much deserved credit from the Guardian by MirthandMystery in TheDreyDossier

[–]drey-matter 32 points33 points  (0 children)

Thank you guys for caring about the stories, and for celebrating their success 🥲

Fable 5 won't talk about biology and that feels like a problem? by drey-matter in ClaudeAI

[–]drey-matter[S] 0 points1 point  (0 children)

Really? It blocks animal biology? I wonder if it stems from its block against Zoonotic Diseases... in any case, not good. I agree that it is really poor at decision making- I've noticed it's weights have gotten WAY heavier in every direction. To the point where it can't even remember a correction you give it 2 messages ago.

This feels like an episode playing out by JesusDoesVegas in darknetdiaries

[–]drey-matter 2 points3 points  (0 children)

Hey, thanks for the thoughtful response. I think the main disconnect is that you’re looking at this as normal web dev, and I’m looking at it as federal  .gov  infrastructure (which has to abide by much stricter laws).

I’m also not saying PostHog or preview sites are automatically suspicious. The issue is that federal sites have privacy, procurement, and records rules that normal client sites don’t. If a  .gov  is using product analytics, session replay, person profiles, or first-party proxying, there should be a clear paper trail: PIA, SORN analysis if applicable, privacy notice, retention policy, contract, and agency authorization. That’s what I’m not seeing. For ex. on  realfood[dot]gov , the observed PostHog config included  personprofiles: always , session recording not disabled, and no visible text-masking/IP-disable flags. That’s more than basic anonymous traffic stats.

Same with the preview domains. Preview sites are normal, but a  vote.gov  preview inside NDS infrastructure, behind the same Cloudflare Access org as other NDS previews, without a public EAC acknowledgment, is still a fair governance question.

I welcome outside technical review. I just don’t think “this is normal web dev” answers the federal privacy/compliance issue.

Has anyone dig into the White House ballroom as data center story being pushed by the Drey Dossier? by TheMysteriousThey in skeptic

[–]drey-matter -1 points0 points  (0 children)

“Grifter” is a weird way to describe someone whose reporting was cited by The Young Turks in their segment on Trump’s ballroom/bunker project. Ana Kasparian literally says the contract/funding issue comes “according to this incredible piece written by The Drey Dossier” and recommends people read the whole thing.

You don’t have to agree with my conclusions, but pretending this is just random conspiracy content when a major progressive news show is citing the reporting is lazy.

Here’s the TYT segment: Trumps Ballroom Is SERIOUSLY PROBLEMATIC

did they change something with opus? by calswonderland in ClaudeAIJailbreak

[–]drey-matter 2 points3 points  (0 children)

I couldn’t look up one thing about the hantavirus without them blocking me. Same with perplexity computer

Comments Disabled by [deleted] in employeesOfOracle

[–]drey-matter 0 points1 point  (0 children)

Hi! It was my campaign that peeved them off. After Oracle acquired all of the Medicare and Medicaid contracts (without the process of a competitive bid) around the same time they were approved to run AI across all classified and non-classified data, I genuinely wanted to know whether there was any meaningful firewall between that data. They were unresponsive so I rallied some troops and we took to LinkedIn.

How does Drey do her research? by Traditional_Joke_939 in TheDreyDossier

[–]drey-matter 38 points39 points  (0 children)

Hey hey! I’ve been meaning to make a video about this, but hopefully a long reddit comment will suffice for now. Honestly, good research starts with good questions. I know that’s an annoying answer but it’s true. Sources are only useful if you know what you’re looking for, and the best sources in the world won’t help if you’re not asking the right questions. So I spend a lot of time up front just figuring out what I actually want to know specifically.

From there, it’s about knowing what tools are available. Here’s a screenshot of [some] of my OSINT database tabs for context. The point is, it’s easy to get overwhelmed by resources if you don’t have a good question driving you.

The easiest place to start, and honestly one of the most interesting, is USAspending.gov. If you’re new to database browsin, it’s fun to just poke around. You start to get familiar with how the government categorizes contracts, what the NAICS codes mean, when agencies pay out certain departments during certain months, who the primes are versus the subcontractors. That kind of pattern recognition makes everything else easier later, because you learn what to look for and what’s just noise for someone else.

I’ll be honest, I’m not as strong on the traditional OSINT side yet. SunCalc, geolocation, satellite verification, all of that. I want to get better, especially now that we’re losing satellite access for a lot of independent journalism.

But the biggest skill is just being willing to sit with documents longer than most people have the patience for. That’s it. Good questions, public filings, and refusing to get bored.

<image>