OpenAI also has this kind of check. What is especially bad is that if you fail the verification process, they won’t let you retry – you are permanently locked out from the top models. They aren’t clear about this upfront during the process, so make sure the lighting is good when you scan your ID!
https://help.openai.com/en/articles/10910291-api-organizatio...
That's almost certainly just bad engineering/bad business. Not to say it wasn't an active choice, I'm sure it was. It just shows how extreme the power imbalance is between end users and big business that they have 0 desire to do things correctly and end users have 0 impact on correcting that thinking.
OpenAI has notoriously terrible engineering. Look no further than the numerous Reddit threads and YouTube videos about people trying to give them money for their services and being denied. Users routinely have to try a number of credit cards, a number of web browsers, a number of devices, and a number of physical locations.
I’m not talking about sketchy prepaid cards from weird banks on a VPN in a country the United States doesn’t do business with. I’m talking about Americans getting their Chase cards rejected on their home wifi in Ithaca.
When this initially happened to me, I assumed it was a one off thing, but I was shocked to have found out that it’s been going on for at least six months, probably longer.
>OpenAI has notoriously terrible engineering.
Wasn't AI supposed to solve this? /s
They dogfooded.
Turns out it wasn't dogfood.
https://stonetoss.com/comic/recycling/
Anthropic is no better if the yardstick is complaints about these topics on reddit. The main thing Anthropic seems to add above and beyond OpenAI is overbilling (that also gets the talk-to-the-hand treatment).
I changed my macos system password and haven't been able to log into the macos chatgpt app since. It cant save the auth to wherever it tries. So bad.
I had immense trouble buying api quota as a startup with a brex card and a C corp.
Thankfully, OpenAI's check is not required if you use their models through OpenRouter!
This didn't use to be the case (OpenRouter's OpenAI access used to be bring-your-own-key), but they've reached some sort of deal with them a couple months ago, and now you can access all the GPT-5 series models on OR with no verification at all.
From that page:
> At this time, retries are not supported. You can continue using OpenAI’s platform with your existing access.
That's ridiculous, especially as their list of reasons that verifications can fail include "There was a technical issue during submission".
Looks like they don't want unlucky people on their platform.
I didn't know this. Looks like I dodged a bullet - being totally blind meant the chance of issues was high but luckily it worked. It triggered the id check while trying to get computer use to work for an installer running as admin on windows. Actual reverse engineering I got it to do in the past didn't trigger it.
Yep this is what caused me to switch to Anthropic from OpenAI a few months back, couldn't use any model newer than GPT-4 even if I paid for credits, unless I did a biometric check. I guess I'll move to perplexity or deepseek or something if anthropic flags me for the same.
GLM-5.2 has been very good
The cost on Deepseek is so low, it's no wonder it's the top on open router. You can even use it from other vendors like cloudflare.
I got an email from OpenAI letting me know I won’t be a teenager anymore next week. It’s so exciting to have AI roll back my age by more than half!
I then looked at their age verification and it used that problematic company so I cancelled out.
Anthropic does not allow... "Digital or mobile IDs."
Why on earth not?
Many such IDs are designed for local physical verification, like proof that the mobile phone owner is above certain age or has a valid driving license, they are not designed for remote verification.
> Many such IDs are designed for local physical verification, like proof that the mobile phone owner is above certain age or has a valid driving license, they are not designed for remote verification.
This is incorrect, the Digital Credentials API[1] is designed so that identity information can be remotely verified in a cryptographically secure manner.
There is no reason Anthropic could not use the DC API for this in countries and states that support digital identity, I assume they simply aren't because they threw this together at the last minute and simply out-sourced it to Persona.
[1]: https://www.w3.org/TR/digital-credentials/
> they threw this together at the last minute and simply out-sourced it to Persona.
They could have vibe-coded their own verification system that uses DC APIs. It shouldn't take long, assuming that Anthropic still has access to Fable. /s
> they won’t let you retry
Why would they care about _you_ when they have just a bit short of a billion users and they are up for a huge IPO? Of course they won't even bother implementing a retry.
Anthropic claim that if you have a verification issue, they will give you support; remains to be seen what that will actually come down to
If you haven’t talked to Anthropic support yet you’re in for a surprise. I’m an engineer at a company with an enterprise contract, Anthropic people in our slack and it took me a month to get a response on my support request, I just decided it wasn’t worth it and bought a second phone number rather than wait.
> OpenAI also has this kind of check.
Indeed, that's what motivated me to get an OpenRouter account!
That is a really terrible design.
I dealt with a few instances of online ID verification recently, and in my experience, they don't close your application when your photo is not clear. They mark it as "awaiting customer response" and kindly ask you to upload again.
Claude couldn't vibe code that loop.
Or make a new account?
You risk being silenly flagged and get nerfed responses. Somehting like shadow dumbed down.
That’s quite a claim. What’s your source for this?
Fable's model card provides the following as a relevant reference
https://xcancel.com/ClaudeDevs/status/2064949876463645026
That’s totally unrelated. The post I was replying to claimed that if you create a new account with OpenAI and that gets detected, your whole account gets silently “nerfed”.
That is not in any way related to Fable (visibly) being switched to a less strong model if you’re trying to discuss certain topics.
> That’s totally unrelated.
i disagree, but it seems clear, from how you put it, that there's no point explaining the why
> That is not in any way related to Fable (visibly) being switched to a less strong model if you’re trying to discuss certain topics.
We're talking about it being invisibly moved to a weaker model if it looks like you're distilling (which is best detected through something that is at least partially a reputational / account metric).
Now, Anthropic stepped away from this, but it highlights one more kind of systemic risk you're exposed to when you're not running the model yourself.
It demonstrates that:
1. Anthropic certainly has the ability.
2. They’re willing to use it silently.
And this thread is about OpenAI.
They already reversed course on that decision a couple of days later. Trivial to find a source, but Fable is also rather notably not available to the public right now, so it's not actually a relevant threat.
excuse me but, is this trivial source you're referring to the url included in the post you're responding to, or did they reverse back to the original intent of keeping refusals quiet?
So ... like reddit! :)
Thankfully I don't depend on any of such services. It would make me rather angry.
HN also has shadowbans. If your preferences have showdead=yes, you might see some.
That's a decent moderation, shadowban is a totally different thing. AFAIK, your karma is enough to vouch that Flagged topics or comments and return that piece into a regular displaying.
There's no difference between shadowban and moderation, shadowban is a moderation tool.
Shadowban and community-driven moderation are different poles. Former is a tool of shallow narcisses, latter is the best moderation strategy possible in the clearnet. Come on, commenter.
Reddit is the only platform that actually tells you that you are shadowbanned, so at least they are upfront about it, but their appeal system sucks. My friend just appealed every day for just over 600 days and finally got their account un-shadowbanned.
Reddit doesn't tell you you're shadowbanned. You are thinking of regular banned.
No, they have fully banned and shadowbanned. If you are shadowbanned you can login and check the appeals page but your posts and comments will no longer be visible. If you are fully banned you cannot log in.
That is called "muted". It is not a shadowban, by definition.
It doesn't say that your posts and comments are invisible - they just are.
"It only took two years for my friend to appeal a Ban"
If you're willing to wait a couple years, I dare say a few services might have changed their minds by then, so it's too early to judge.
Most of them don't even have a reasonable appeals process at all :(
Isn’t that definitionally impossible? If they tell you about it then it’s not a shadow ban.
I guess it depends on the definition of shadow ban.
In Reddit's case it means you can continue to post and comment, it's just that your posts and comments are no longer seen by others.
Reddit doesn't tell you about that.
No they don't and if they do tell you that means you have been banned.
That is an inherent and unavoidable risk regardless, as things stand if you want access to frontier models you are at the mercy of their providers.
The whole point of an identity check is that they know exactly who you are. If you tell them who you are and you fail the identity check, you can’t simply create a new account because when you go through the identity check for a second time you’ll still need to tell them exactly who you are, at which point they can match the new account to the original failure.
So I’ll just automate failed verifications for everyone I want to lock out?
An empty account and an account with a year of history have very different weights in this - most people already have an account tied to their legal name, paid for with a credit card in that same legal name. Throw in some geo-location, browser fingerprinting, etc. to disambiguate the surprisingly rare case of two customers with the exact same name.
For a paid product, it's really not that hard to already have a fairly solid idea of what's going on - this just ensures that a responsible adult has gone through a clear process of signing off on the identity for this specific service, rather than a kid with their parent's credit card.
> to disambiguate the surprisingly rare case of two customers with the exact same name
I see you have an uncommon name.
My first+last are shared by about 20,000 people in the US. From 2005-2020 I was unable to check-in for airlines online or even at the kiosk at the airport. I had to wait on line for baggage check-in despite never checking a bag, and they'd take my ID into the back room and delay me for 15 minutes and whisper and glare at me the whole time. Thankfully I can finally fly like a normal person again.
When I worked at a large company, there were four other people with the same first name, middle initial, and last name.
There is nothing surprising or rare about two customers having the same name.
No me, well me too but not that bad, but my wife. Sometimes in the 200x era on green card, she will always get called for secondary inspection. Oh you entered this airport on this date. How are you re-entering without going out. "Well we did not. Not traveled for a year." But you did. All bags searched, more q&a and then they let her go. A couple of times they mentioned that the other person with the same name had the same date of birth. But the passport / green card number had to be different, no? I guess it took them that half hour to figure out and maybe the 200x AI matched by name and date of birth :)
But the sequel: a few years later I get a bill from a hospital for copay for delivery/childbirth. I call to contest ... we did not even live there any more, did at some point of time but years apart ... but they are adamant that my wife gave birth, at that hospital, on that date, in that city, and maybe she never informed me :) it was almost that weird. I don't act on it and give them a statement that it is not me/my family. Then another bill (or a final notice) a couple of years later. And then finally something clicks ... I used to work in a team where when I moved out, someone replaced me and his name was also same as me. Reach out to him, and his wife's name is same as mine, and they lived in the same city we lived in.
So someone somewhere fat fingered the wrong account when searching by name. He acknowledged the account (and childbirth) and paid up. I unfortunately did not ask him about his wife's date of birth to solve the immigration mystery.
My suspicion has been at my past employer's HR or legal department mixing up files
AFAIK, many governments use name+surname+DOB as the unique identifier for a person, E.G. when looking up somebody who doesn't have any documents on them, or initiating a document recovery process if you've been robbed and don't remember anything else.
It's rich that the cohort that sees identity verification and real names policies as necessary and meaningful also doesn't seem to understand the first thing about identity and names.
It just has to chill your speech. It doesn't have to not mess up your life, as long as it chills your speech.
If I told them who I was and then failed to verify that, they don't know who I am because they think I'm lying about who I am. Otherwise what stops me DoSing Sam Altman's account by saying I'm him and then failing to verify?
> If I told them who I was and then failed to verify that, they don't know who I am because they think I'm lying about who I am.
They know who you claim to be. It’s not like they just delete all information about you when you fail verification. They are perfectly capable of seeing that two separate accounts are both claiming to be the same person.
> Otherwise what stops me DoSing Sam Altman's account by saying I'm him and then failing to verify?
For Sam Altman in particular? The fact that he’s the CEO. For people in general? Do you have their passport / driving license, and other details needed to attempt the verification process?
Fun fact, if you're celebrity you get a special customer support phone number at most major corporations EG Apple because "Hi I'm Taylor Swift" gets tried a lot.
How do they get the customer support number to that celebrity?
E.G> when Taylor Swift wants to call Apple right now, how would she know what number to call?
Incidentally, https://people.com/pope-leo-was-hung-up-on-by-bank-customer-...
I presume you get connected somehow when opening up a high-value account at a participating bank. If that account has some sort of concierge service, I presume that’s how special numbers for other companies might be distributed.
Pope Leo is not that rich, and had lived outside the US for many years (he came up in the church hierarchy of Latin America), so it’s not that surprising that he ran into this situation.
Link: 403 Not Allowed
Of course not, that's why I fail verification as them. If I had their passport I'd pass verification as them.
>Do you have their passport / driving license, and other details needed to attempt the verification process?
You do not need real documents if your goal is to get the person locked out by using fake documents.
As a relatively enthusiastic OpenAI user ...
what did you do to trigger a verification process?
They require verification to access the more capable models through their API. It's not required for "consumer" usage, which also includes things like the Codex CLI authenticated via oAuth.
Yes it is, they will trigger it over security related questions.
It can trigger it's self, when it decides it needs to try lots of different options to get clicks into an installer running as admin. There's basically nothing you can do to prevent it.
It's frustrating that I can't find docs that even pretend to answer this question. Maybe it's my fault, maybe I overlooked it? I hope so.
To me, without documented use cases where you might/likely/certainly trigger identity verification, how can I properly limit my curiosity as someone who will gladly stay on the safe side for SOTA cloud model use? I'll happily stay away from these topics if I'm informed on what they are, even if the docs are vague.
Does anyone have insight into the answer to this? What API calls? What user behavior? What topics should I let go unanswered (or converse about with local LLMs) if I want to avoid losing access to the tooling?
The thought that they don't/won't publish this document should scare everyone. That leads to "because I said so" service refusal that is a very slippery slope.
I do understand that all businesses are allowed to refuse service to me in the USA, from food trucks to AWS, and that's fine with me. But at least tell me your rules and extra verification trigger criteria so I have a chance of not using your service in a way that concerns you.
or you can scan you retina using sam altmans device and get access immediately /s
Why did you provide an ID to use an LLM... You're a mark