Comment by smallnix
Comment by smallnix 6 days ago
Please post a link to a picture of your national ID. /s
Comment by smallnix 6 days ago
Please post a link to a picture of your national ID. /s
So think through what you've just said.
If you were able to do all of those things to prove your identity using your ID.. then any identity thief with a copy of your ID could use it to impersonate you in every one of those venues.
That means that somebody else can send your money wherever they wish.. create bank accounts to perform nefarious deeds that tie back to you.. book flights, and subscribe to services on your dime or on a stolen credit card behind your name so that after the chargebacks all debt collection activity aims at you. And finally convince the government to send your tax refunds to them.
In light of this what is absurd about being parsimonious with who and how we share copies of our ID, and why should virtually every website online be deputized into keeping copies of them to provide dog standard content services that might not always be suitable for all audiences?
Its not the 'voluntary' services that may or may not want to see your ID, its the existence of any and all Mandatory legislation, which would be a nightmare.
This is a tech site so I imagine the average user has some deeper understanding than most(technically), but I guess imagination is off the table.
What this would do (requiring all sites) is basically be the end for any and all attempts against identity fraud protection. Indulge a bit of imagination for a moment. If EVERY site is now required to do some form of verification, than everyone's infrastructure now becomes prime targets for PII and troves of identity information, and wherein amazon, banks, and ID.me can be considered to be at or near the top (i'd hope) for keeping their machines tied down, the reality is that EVERYONE'S servers ARE NOT so will maintained. They WILL be attacked, and shims inserted to steal such identity information, as people have ZERO idea, as they're being shunted around to all thees angel-invested ID startups, as to what is or isn't legit, during signup. Wholly, identical pages/domains, as are often seen to steal traditional PCI information, will now be repurposed to this. Its not that the reputable ones are likely to fall, its the small vendors who don't understand that once a customer is EXPECTED to fork over ID to sign up, any hiccup in the process will be unnoticed, and it'll be ripe for abuse if the server/service is ever compromised.
Not what I'm saying. At any time before the legit handoff, there can be a decoy which users would be blissfully unaware of, shimmed in. How many times do domains change again during the singup process of whatever service you're using (page to page)? Thats a huge security issue, as it messes with what users expect, and they dont take notice one bit. At the very least its an opportunity to confuse users not to realize that the main service shouldn't hand-off at step 3, rather step 7. The other option is services verify themselves (backend), but again, thats worse.
Designing secure services are not 'just' one and done by any means, this whole thing boils down to whether security is a trivial, and a done thing or a very hard problem, and it has always been a very hard problem.
Its one thing to hand over credit cards with very little liability and a charge back ability, its totally another to use irrevocable IDs which cant be resent in the mail in a few days. Then theres the inter-nationality angle. I refuse to use overseas services, who dont recognize a 'drivers license' and want my passport. Sorry, not going to be stuck somewhere because my passport gets leaked and now we need to vist the only embassy 7 hours away before i return home (with kids in tow). Universal Id requirement is a cozy idea but it opens far too many incompatibilities, not to mention country-to-country.
It would be a great thing, because it would finally force us to have somthing better than "I can present a piece of plastic with my picture and some numbers on it" as proof of identity.
You don’t see the difference between it getting out some place I travelled to, opened a bank account to, etc than if I visit grandmamidgetporn.com?
Out of curiosity, I wanted to see how the five most popular porn sites handled age verification since I live in Florida. One of the states that require it. I started here (safe for work - just list of the most popular websites overall - not porn sites)
https://conversion.ag/blog/top-websites-in-the-world/
Do any of these alternatives seem like something you would want to use?
#10 doesn’t require any age verification.
#12 doesn’t allow you to sign in at all unless you are a creator
#14 no verification needed
#25 requires you to use your Google or Twitter account or an email address.
#61 requires you to log in with your Google account.
#69 wants you to upload your drivers license or passport to a site called
https://saas-onboarding.incodesmile.com/multimedia214/flow/6...
I've had to upload my ID card to send money, open a bank account online, verify my identity for a dating app, book an international flight, and ironically to register for the app to have an electronic version of my id on my phone, and weirdly to pay a traffic ticket (why do they care who pays it?), get a discount on my Amazon Prime subscription, and finally to reset my password for my ID.me login for government websites. So all of those are 'fine' I guess, but god forbid you upload it to a third party verification service (the same one that was used for one or more of the above cases where I uploaded my id) to watch pornography, that's where we draw the line?
You are being absurd.
I don't agree with this requirement, but I'm also not so dishonest that I would pretend that it's a security issue.