I am fascinated by this. I guess when there is no universally recognized ID it feels weirder?
I mean, sure, by all means withhold info from social media platforms, but if it’s one where you’re going to have your real name and your whole-ass work history on public display, surely verifying your ID is trivial? You could absolutely google the info in a LinkedIn page and find a bunch of additional info anyway.
I get it intellectually, it’s a taboo now, just like it’s a taboo to have people find out your address or phone number when it used to be publicly listed until a few years ago. It’s just weird that it’s still a taboo for the services where verifying your ID is presumably a feature, not a bug.
It’s less about verifying ID, and more about trusting them to be responsible with the documents.
If they have a human assess the ID right away, and delete the file once that person’s identity has been assessed, that’s probably safe. But let’s face it, they probably store it somewhere, and when they inevitably get hacked now everyone’s driver’s license (with their state ID number, address, and DoB) is for sale on the dark web. There is enough info on your State Drivers’ License to open credit accounts, particularly if you forge some documents as well.
Well, I guess I’m glad we have fairly secure documentation. Not that fraud doesn’t happen, but given how ubiquitous and easy to find that info is the real value is in the document itself, which is minted very much like paper money is and is pretty hard to falsify or forge.
Like many other issues this is the kind of issue I find is fairly well solved.
Nnnope. Presumably because I have secure government ID minted like paper money, containing a digital certificate and pretty hard to falsify or forge.
Look, I’m not saying it doesn’t happen, I’m saying it’s a useful tool to mitigate it. I’ve definitely shared my official ID online for things. It’s even used for preorders sometimes in high demand items or concert tickets to prevent scalping and effectively limit amounts per person. It kinda works.
They dont steal your ID by cloning your passport, they steal it by getting just enough Personally Identifying Information to be able to start up credit cards and other loans that are tied to your credit history, without your knowledge. By the time you find out, they’ve run all the credit lines to the max and then you have to go around to all those companies and prove you didn’t make all those charges. Then you have to get all of your account numbers changed, because you don’t necessarily know what the hacker has compromised.
Most of the information necessary for opening accounts is on your driver’s’ license. Pretty much the only thing it is missing is your SSN. And in some cases, a valid state license number can be used in place of that
Yeah, but that’s the point, with universal secure ID all of those actions require showing your universal secure ID. You can’t just give people enough information that sounds or is legit and get a loan, you need to provide your ID and have it verified.
And hey, if somebody that holds a copy of your ID leaks it you’re only at risk for a bit of time, because these things expire and each new one you get looks different. It’s very hard and not worth it to forge these for that reason, and if somebody went to the trouble of doing that you could easily prove it doesn’t match the original you hold.
Fraud and identity theft obviously still exist, but it normally involves getting older people to sign things they didn’t mean to or getting people to share their information through social engineering. But just finding your info online and generating enough debt to create a massive problem? That seems hard and reversible.
My biggest gripe is that it’s done through a third party, Persona ID.
They make you agree to another set of terms and conditions which opens you up to even more 3rd parties.
I consent to Persona collecting, using, and utilizing its third-party service providers to process my biometric information in order to verify my identity for fraud prevention, in accordance with the Persona’s Privacy Policy. Your biometric information will be stored for no longer than 6 months.
Were this limited to just Microsoft I might have caved.
Its one of the challenges that seriously doesn’t seem to have an easy solution. Like the closest I can think of is a centralized authority that the service can send a identity verification request to that, then the user can sign into the centralized authority and confirm “yes I am the person you requested to verify”
This would also help with annoying employment verification where I have to bring every document needed to steal my identity to my new employer for them to scan and digitally store indefinitely then return said documents to my safe
My question with that is one of usability. Where I live our ID has digital certifications in it and you can theoretically use it for online authentication. It’s just a mess of a system, so people tend to pick other options.
I mean, it works… it’s just that it’s hard enough to use that you often are given alternative tools for verified ID and most people use those because they’re more convenient than the solution that is meant to be the convenient standard. It’s a once and future XKCD strip.
The authenticated, secure, universal ID card is pretty handy still, though.
I am fascinated by this. I guess when there is no universally recognized ID it feels weirder?
I mean, sure, by all means withhold info from social media platforms, but if it’s one where you’re going to have your real name and your whole-ass work history on public display, surely verifying your ID is trivial? You could absolutely google the info in a LinkedIn page and find a bunch of additional info anyway.
I get it intellectually, it’s a taboo now, just like it’s a taboo to have people find out your address or phone number when it used to be publicly listed until a few years ago. It’s just weird that it’s still a taboo for the services where verifying your ID is presumably a feature, not a bug.
It’s less about verifying ID, and more about trusting them to be responsible with the documents.
If they have a human assess the ID right away, and delete the file once that person’s identity has been assessed, that’s probably safe. But let’s face it, they probably store it somewhere, and when they inevitably get hacked now everyone’s driver’s license (with their state ID number, address, and DoB) is for sale on the dark web. There is enough info on your State Drivers’ License to open credit accounts, particularly if you forge some documents as well.
Plus it’s fucking microsoft.
Well, I guess I’m glad we have fairly secure documentation. Not that fraud doesn’t happen, but given how ubiquitous and easy to find that info is the real value is in the document itself, which is minted very much like paper money is and is pretty hard to falsify or forge.
Like many other issues this is the kind of issue I find is fairly well solved.
Let me guess, you’ve never had your identity stolen, have you?
Nnnope. Presumably because I have secure government ID minted like paper money, containing a digital certificate and pretty hard to falsify or forge.
Look, I’m not saying it doesn’t happen, I’m saying it’s a useful tool to mitigate it. I’ve definitely shared my official ID online for things. It’s even used for preorders sometimes in high demand items or concert tickets to prevent scalping and effectively limit amounts per person. It kinda works.
They dont steal your ID by cloning your passport, they steal it by getting just enough Personally Identifying Information to be able to start up credit cards and other loans that are tied to your credit history, without your knowledge. By the time you find out, they’ve run all the credit lines to the max and then you have to go around to all those companies and prove you didn’t make all those charges. Then you have to get all of your account numbers changed, because you don’t necessarily know what the hacker has compromised.
Most of the information necessary for opening accounts is on your driver’s’ license. Pretty much the only thing it is missing is your SSN. And in some cases, a valid state license number can be used in place of that
Yeah, but that’s the point, with universal secure ID all of those actions require showing your universal secure ID. You can’t just give people enough information that sounds or is legit and get a loan, you need to provide your ID and have it verified.
And hey, if somebody that holds a copy of your ID leaks it you’re only at risk for a bit of time, because these things expire and each new one you get looks different. It’s very hard and not worth it to forge these for that reason, and if somebody went to the trouble of doing that you could easily prove it doesn’t match the original you hold.
Fraud and identity theft obviously still exist, but it normally involves getting older people to sign things they didn’t mean to or getting people to share their information through social engineering. But just finding your info online and generating enough debt to create a massive problem? That seems hard and reversible.
My biggest gripe is that it’s done through a third party, Persona ID.
They make you agree to another set of terms and conditions which opens you up to even more 3rd parties.
Were this limited to just Microsoft I might have caved.
Its one of the challenges that seriously doesn’t seem to have an easy solution. Like the closest I can think of is a centralized authority that the service can send a identity verification request to that, then the user can sign into the centralized authority and confirm “yes I am the person you requested to verify”
This would also help with annoying employment verification where I have to bring every document needed to steal my identity to my new employer for them to scan and digitally store indefinitely then return said documents to my safe
The EU is trying to make an “eID”
https://www.consilium.europa.eu/en/press/press-releases/2023/11/08/european-digital-identity-council-and-parliament-reach-a-provisional-agreement-on-eid/
If only they would make an eJobplatform.
My question with that is one of usability. Where I live our ID has digital certifications in it and you can theoretically use it for online authentication. It’s just a mess of a system, so people tend to pick other options.
I mean, it works… it’s just that it’s hard enough to use that you often are given alternative tools for verified ID and most people use those because they’re more convenient than the solution that is meant to be the convenient standard. It’s a once and future XKCD strip.
The authenticated, secure, universal ID card is pretty handy still, though.