Comment by ltbarcly3

Comment by ltbarcly3 6 days ago

20 replies

View on Hacker News

Presenting government ID to random entities is literally what government ID's exist for. Paranoia about this is silly.

Additionally, intentionally aiding someone (especially a minor) in circumventing the law is very likely to not be legal, especially when legality is largely determined by a jury, and especially^2 when the facts of the case against you are the most egregious that the government can find, especially^3 when you are profiting from it. It will be something like a 12yo using your service to access something absolutely shocking, and you or someone else will be forced to read a detailed text description of it in front of a jury. This doesn't even begin to address civil liability.

I'm not saying what you are doing is 'wrong', I'm saying you should talk to a lawyer who specializes in this sort of thing before you are forced to.

pas 6 days ago

showing a plastic card in a store to buy the yearly Cum Companion Calendar or whatever is one thing, because the clerk likely is not a savant with eidetic memory, whereas online there's this little thing happening called data processing which starts with the only thing we usually don't want with our ID. copying.

Reply View 2 replies
  • HappMacDonald 6 days ago

    I wonder what the legality would be for the brick and mortar stores (especially the big chain ones) to just start asking customers for ID and then swiping them through scanners that can do all of the eidetic memory work for them?

    Reply View 1 reply
    • sitkack 6 days ago

      Kroger already does this, they will get sued for millions and millions of dollars when they have a data breach.

      Reply View 0 replies
Squeeeez 6 days ago

> Paranoia about this is silly.

Having had to deal with some clients with slightly sensitive data, I wish. Photocopies and printed screenshots lying around in the open, CC data copy-pasted manually to other fields or to generic excel sheets because otherwise "it disappears and we can't book late fees" etc. Not even only the "random third-party" companies vetted and specialised in ID verification, but then they get a new support contract down the road, and a fourth- or fifth-party agent who had the cheapest offer now has remote admin access to those desktops.

Probability is low, true. But all it takes is one compromised access.

We all choose our battles probably.

Reply View 0 replies
prism56 6 days ago

Is it though? Unfortunately this could have been implemented much better with a decentralised approach.

Its not the showing the ID its having it potentially tied to your accounts and usage. Having your ID tied to your selfie which could be leaked.

Reply View 0 replies
protocolture 6 days ago

>Presenting government ID to random entities is literally what government ID's exist for.

Wrong lmao. All forms of Government ID are PII and should be treated as sensitive.

https://www.esafety.gov.au/young-people/protecting-your-iden... Heres basic information from a government looking to enact these same laws.

>Nearly every app, social media platform or website asks you for at least some personally identifiable information. But this data can be stolen or misused. That’s why it’s important to keep it as private and secure as possible. If you have to share it, make sure it’s only used by trusted services with your knowledge and consent.

Wow thats great advice.

Reply View 0 replies
smallnix 6 days ago

Please post a link to a picture of your national ID. /s

Reply View 13 replies
  • ltbarcly3 6 days ago

    I've had to upload my ID card to send money, open a bank account online, verify my identity for a dating app, book an international flight, and ironically to register for the app to have an electronic version of my id on my phone, and weirdly to pay a traffic ticket (why do they care who pays it?), get a discount on my Amazon Prime subscription, and finally to reset my password for my ID.me login for government websites. So all of those are 'fine' I guess, but god forbid you upload it to a third party verification service (the same one that was used for one or more of the above cases where I uploaded my id) to watch pornography, that's where we draw the line?

    You are being absurd.

    I don't agree with this requirement, but I'm also not so dishonest that I would pretend that it's a security issue.

    Reply View 12 replies
    • HappMacDonald 6 days ago

      So think through what you've just said.

      If you were able to do all of those things to prove your identity using your ID.. then any identity thief with a copy of your ID could use it to impersonate you in every one of those venues.

      That means that somebody else can send your money wherever they wish.. create bank accounts to perform nefarious deeds that tie back to you.. book flights, and subscribe to services on your dime or on a stolen credit card behind your name so that after the chargebacks all debt collection activity aims at you. And finally convince the government to send your tax refunds to them.

      In light of this what is absurd about being parsimonious with who and how we share copies of our ID, and why should virtually every website online be deputized into keeping copies of them to provide dog standard content services that might not always be suitable for all audiences?

      Reply View 2 replies
      • ltbarcly3 5 days ago

        Yea, I guess you thought through the fundamentals of security better than banks, payment providers, and governments. Well done.

        Reply View 0 replies
      • sitkack 6 days ago

        Bro already has a disease, doesn't care if everyone else gets it too. What kind of argument is ... I already sent my ID all over the internet multiple times?

        Reply View 0 replies
    • jofla_net 6 days ago

      Its not the 'voluntary' services that may or may not want to see your ID, its the existence of any and all Mandatory legislation, which would be a nightmare.

      This is a tech site so I imagine the average user has some deeper understanding than most(technically), but I guess imagination is off the table.

      What this would do (requiring all sites) is basically be the end for any and all attempts against identity fraud protection. Indulge a bit of imagination for a moment. If EVERY site is now required to do some form of verification, than everyone's infrastructure now becomes prime targets for PII and troves of identity information, and wherein amazon, banks, and ID.me can be considered to be at or near the top (i'd hope) for keeping their machines tied down, the reality is that EVERYONE'S servers ARE NOT so will maintained. They WILL be attacked, and shims inserted to steal such identity information, as people have ZERO idea, as they're being shunted around to all thees angel-invested ID startups, as to what is or isn't legit, during signup. Wholly, identical pages/domains, as are often seen to steal traditional PCI information, will now be repurposed to this. Its not that the reputable ones are likely to fall, its the small vendors who don't understand that once a customer is EXPECTED to fork over ID to sign up, any hiccup in the process will be unnoticed, and it'll be ripe for abuse if the server/service is ever compromised.

      Reply View 5 replies
      • ltbarcly3 6 days ago

        ID verification is done by 3rd parties. Nobody wants to hold a photo of your ID because it's a compliance nightmare. You aren't uploading your ID to some porn site, you are uploading it to some real-person verification company.

        Reply View 3 replies
      • SoftTalker 6 days ago

        It would be a great thing, because it would finally force us to have somthing better than "I can present a piece of plastic with my picture and some numbers on it" as proof of identity.

        Reply View 0 replies
    • scarface_74 6 days ago

      You don’t see the difference between it getting out some place I travelled to, opened a bank account to, etc than if I visit grandmamidgetporn.com?

      Reply View 2 replies
      • ltbarcly3 6 days ago

        Nobody uploads their ID to some porn site, they work with some reputable id verification company.

        Reply View 1 reply
        • scarface_74 6 days ago

          Out of curiosity, I wanted to see how the five most popular porn sites handled age verification since I live in Florida. One of the states that require it. I started here (safe for work - just list of the most popular websites overall - not porn sites)

          https://conversion.ag/blog/top-websites-in-the-world/

          Do any of these alternatives seem like something you would want to use?

          #10 doesn’t require any age verification.

          #12 doesn’t allow you to sign in at all unless you are a creator

          #14 no verification needed

          #25 requires you to use your Google or Twitter account or an email address.

          #61 requires you to log in with your Google account.

          #69 wants you to upload your drivers license or passport to a site called

          https://saas-onboarding.incodesmile.com/multimedia214/flow/6...

          Reply View 0 replies