Stripe Atlas Vendor Leaked SSNs(twitter.com) |
Stripe Atlas Vendor Leaked SSNs(twitter.com) |
"... we need a new personal identifier, SSNs are all stolen at this point"
Though identity and authentication should be different things, as an identifier the only real problem with SSNs is that we should be using UUIDs instead.
The hard part is authentication, which should have a far more secure process than merely knowing 9 digits everyone (re)uses.
Identity: mjevans on news.ycombinator.com
Authentication: is allowed to post as (Identity), is allowed to vote on things, etc.
Identity alone should not imply authorization, when someone is asking for a proof of identity what they really want is a record that you are actually an identity (authorization).
But the authentication problem is the tricky part though, governments don't have a reliable way to authenticate their citizens today and even if you have a good will intent to fix this, that can be hijacked by people with less saintly motives. See India or China for how that might not go well.
Yours might not but mine (Norway) seems to work quite well.
There should be multiple identity providers, mostly governments and organizations who already have lots of info about you, for example banks. This already works in Poland and several other european countries. Such organizations should verify that you are you the way they currently do, and give you a way of authorizing yourself, i.e. sms, mobile app, one time passwords etc. If someone needed to verify your identity, they would go through your chosen org for authentication. This approach has several benefits.
1. You can provide as much or as little info as you want. The info you provide could include true/false assertions. For example, a porn website could just ask the org whether your age >= 18, without the need to know your exact birthdate,. Same for citizenship, disability, criminal record etc.
2. You can easily integrate that with other services, for example payments or even a secure communication channel, letting companies contact you without learning any details about you. There could even be a secure shipping service, where the company selling you the product only gets a special qr code to stick on the package,. Only one shipping company would get your real address, the rest would just know the next leg of the route.
3. You could provide instant "not a robot" verification, without any captchas, without any personal data and without any hassle. The authorizing org would just give the requestor a token, different for each visit, that they could send with a "add to blacklist request". The next time a blacklisted user would try to log in to that service, their org would refuse to provide the token.
4. Ability to provide legal accountability without rewealing anything. The authenticating org would just provide a token to a service. The user could do whatever they wished, but, in case they'd do something illegal, the police could just force the org to actaully reveal who was behind that token.
Of course, the system would have to be regulated by a global body of governments or organizations. Each org would have certain resoponsibilities, i.e. allowing you to port your id to somewhere else, not requesting more data than necessary, honoring blacklists etc. If that system existed, implementing a safe, seamless online and real0-life experience would be trivial. Just imagine if it would be trivial to trace each website, each comment, everything to a real person with a court order, while not giving most companies any data whatsoever.
On one hand, it would be incredibly useful to only ever have to deal with one service or standard for identities (and that could include the possibility of making things easier for identity theft products to do their job) but it brings with it these other risks around centralizing that kind of information.
If you offered a "isOver18" call to avoid exposing an actual age or date of birth record, you'd have to offer a whole range of others for a lot of legitimate needs (isOver21 for alcohol sales, isOver59.5 for some retirement account stuff, isOver55/60/65 for senior discounts, etc).
You could chain a bunch of those to at least pull a marketing-sufficient age category, and potentially a full age or DOB depending the number of such functions offered.'
If the identity providers asked users each time for consent a verification request cane in, that could limit that abuse pattern, but I suspect it would be the sort of thing where users got notification fatigue very fast and just start clicking "don't ask me again".
I think we already have that: Google ;)
The only difference is that Google doesn't provide identity verification, only identity validation when you have previous knowledge of a Google account being associated to a user account.
If you solve that, you'll unlock an entire business model centered around "anonymous entities that can be regenerated at any time using a biometrics booth at the mall and a secret passphrase known only to you".
There are some limits in linking it to existing identifiers like names or SSNs. However, that doesn't matter because due to its nature, the phone leaves a trail. Any serious abuse can be punished.
SSNs are account numbers, and only account numbers, for your social security benefits, not an all-purpose resident identity number. they've only been co-opted to be such identifiers because everyone wants to piggyback on, and not additionally pay for, the extra measures the SSA has taken to uniquely identify workers when granting the numbers so we can't easily steal each others' retirement benefits.
tl;dr: SSNs are (financial) account numbers, not people identifiers, and should be treated like bank account numbers (for example).
Edit: And for people who think I'm making this up, the GAO literally inquired with the IRS about the fraudent ssn use matter.
Edit 2: Lots of metric input but no comments. If you're browsing idly, let this be an example of HN culture for you.
Haven't got a letter yet but would be super easy for me to check my inbox...
Even if you hash them, it's not that hard to make a 10^10 - 1 rainbow table.
It's the same problem with IPs (v4). You simply cannot store them at all if you care about your customers' privacy.
https://ago.vermont.gov/blog/category/security-breaches/
There's 63 pages.
Looks like it was the vendor ‘Legalinc’.
As I texted a tech friend of mine: if I’m receiving a physical letter from a leading tech co like Stripe, then it’s at least a moderately serious issue.
they’re all leaked now and people borrow them for things that would never show up on your credit report
hope you don’t get framed! Good luck
Here I am posting a picture of Winnie The Pooh which I know Xi Jinping absolutely loves: https://ohmy.disney.com/wp-content/uploads/2016/01/Pooh.jpg and my "social credit" is presumably now at zero.
Thankfully I am not in China, never will be, so even if the Chinese social credit system hates me I can still take a train, get on a plane, etc.
The three types of tuples would include:
An identity (E.G. a person at an address).
Proof that you are that person at that address.
A list of things you're allowed to do at that address (IRL laws, or for a computer account publishing as that address/etc).
University of Notice of Data Breach to Consumers
https://ago.vermont.gov/blog/2019/10/02/university-of-notice...
Since we are talking about introducing a new identity system, isn't it easier to resolve the problems you mentioned than to introduce something new?
If somebody commits a serious crime, the joined location of the phones will reveal the true identity unless somebody invests an amount of effort that's equal to buying a new passport.
Intelligent agencies have failed to keep their phone usage cleanly separated. It's not that easy.
E.g. if you want to avoid progressive income taxes by registering several companies, your burner phone stands out because it doesn't have any other contacts. That will be further investigated.
Then you need the name of a living person who doesn't use a mobile phone to register it because otherwise, he would operate two phones at two different places. Another red flag.
They're not great without supervision and they're completely hopeless remotely.
In your estimate, how large a percentage of biometric security implementations follow your description?