In a widely shared post on X, security consultant Paul Moore claimed to have uncovered a “serious privacy issue”. He said that the source image of the passport, ID or selfie used to collect a user’s biometric data was not encrypted and could not be properly deleted. “Leaving the original image on disk is crazy and unnecessary,” he wrote. “I don’t think anyone disputes the need to protect children from online harm, but this really isn’t the solution.”