LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Ginernet "Made a Decision": Upload a Selfie or No Control Panel for You!

This is a bizarre and disappointint sequence of events.

Ginernet recently revamped their control panel.  They sent a notice to their customers that they’ll need to use the new panel to manage their VPS.

So far, so good.  But here’s the twist: if you don’t complete KYC (know your customer), which involves uploading a selfie of yourself, you will not be able to access the new panel!  Deadline is July 13, 2026.

In compensation for surrendering your biometric data, they’ll give you a €5 credit.

You can’t make this stuff up.

From LowEndTalk member @zGato‘s post:

Ginernet

@zGato asked for more details and was told:

Identity verification: This has nothing to do with your specific account or any issue; it’s a new feature of the updated dashboard that we’re requesting for all accounts for security purposes. It’s a one-time process, conducted by Didit (a European provider that complies with the GDPR; we do not store images or biometric data). In addition to strengthening your account, it enables password recovery using your face (in case you ever lose your password), and we’ll credit you with a bonus balance once you complete it (you’ll find it in the Dashboard, in the bonuses section). If the deadline passes, no services are affected: your VPS servers continue to operate normally; only access to the control panel is restricted until you complete the verification.

Ginernet later back-pedaled some:

Regarding the verification process itself: we truly appreciate your feedback, and we want to let you know that we’ve updated the procedure. We no longer ask for your ID card or any other form of identification: we wanted to make it more streamlined, striking a balance between privacy and functionality. The standard verification process consists solely of a selfie that takes just a few seconds (to verify that you’re a real person, not a bot), without any documentation whatsoever. What is certain—and we won’t tell you otherwise—is that your ability to manage your account through the new Manager will be limited if you don’t complete the verification by the deadline. This is an anti-fraud measure that we apply to all accounts equally, with no exceptions.

And this info can be stored for up to 10 years and be used to train AI models. Details and links on LowEndTalk.

A Decision Was Made

Not unexpectedly, LowEndTalk exploded at this news.  Giernet posted:

We understand that facial checks make some people uncomfortable. That is completely understandable, and we are not going to pretend otherwise.

But let’s put things into perspective. In the physical world, there is always a minimum level of visibility: you walk into a shop, a hotel, or a data center, and someone sees you come in. Honestly, every day we are surrounded by cameras in streets, shops, and building entrances, recording us without us knowing where that footage ends up, who stores it, or for how long. Most people do not even think about it. On the internet, however, that basic visibility does not exist: anyone can register with a disposable email address, a fake phone number, a stolen card, and a VPN, and start using real infrastructure without being accountable to anyone.

In our business, this is not a theoretical problem. We manage real network infrastructure: our own IP space, VPS nodes, and contracts with providers. When these services are abused, it is not “just an account”. It means DDoS attacks, phishing campaigns, or card fraud. It harms our real customers, our reputation with providers, and, from time to time, ends with the police asking questions.

So we made a decision: accounts in the new Manager must pass a simple liveness check.

So to be clear, this is not some new onerous government regulation they are forced to comply with and are regrettably implementing.  This is something they chose to do for their own benefit.

Sure, there are bad actors and sleazy scammers who sign up at VPS providers.  But that’s been happening for 20 years.  This is not a new risk.  Requiring a face scan – which is sent to a third-party that says they’ll use it for AI training – is really appalling, particularly where the obvious alternatives such as an in-person visit or a phone call are now allowed.

Plus, the fact that the selfie you upload to Ginernet will be used to train Didit’s AI models unless you take action to opt-out is really appalling.

One thing that Gineret and LowEndTalk do seem to agree on in their post:

If you prefer to use a provider that does not ask you to identify yourself at all, that is a completely legitimate preference, and there are plenty of them on the market.

Are you a Ginernet customer?  What do you think of us?  Please comment below or in the LowEndTalk thread!

1 Comment

  1. jhay's avatar
    jhay:

    Surely a permanent no, regardless of ANY offer they may post!
    seriously?
    3rd party with AI learning is being talked beautiful by saying “WE don’t store your immage”?
    WORSE, WE pass it on to a 3rd party (for profit???).

    I pay with a valid CC (= I am 18+ and legit! )
    Any provider have similar ideas… I will run!

    THANKS for the background Research!

    BTW: I would consider being locked out of the CP a BREACH of contract!!!

    July 9, 2026 @ 2:40 pm | Reply

Leave a Reply

Some notes on commenting on LowEndBox:

  • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
  • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
  • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

Your email address will not be published. Required fields are marked *