I’m extremely avoidant of anybody that even ask for ID. If any private business asks me, I say I don’t have a driver’s license and usually get away with it
I’m extremely avoidant of anybody that even ask for ID.
I don’t even give them my phone number when getting a haircut.
What!? One of the thousands of separate and individually “secured” systems that you have to give your information to on a daily basis failed? But how could this be? Everyone knows having 1747627994 points of possible failure is the only way to ensure digital security!
Sovereign identity and Solid are the way. But governments will have to play a role in large scale implementation.
For some reason people seem to trust commercial organizations with misaligned incentives over governmental bodies.
To be fair, some people have less reason to trust their government with their data, then others.
There are varying degrees of trust in authorities in the world.
For nations with high confidence and trust in the authorities, this feels like a no-brainer.
Agreed. Although confidence and trust sometimes misalign with actual actions and results.
Eu is working on a digital wallet that would (among other things) help with this.
Afaik It has a tiered information/identity structure, where the lowest level is: “is this a human being” (as an alternative to captcha)
Then you could have age. (Just “is this person above %age”) Response would be just yes/no
Then spesific age, nationality etc etc.
You get the prompt, where it says what data they are asking for and you can concent or decline.
The source of authority would be the nation you are a citizen of, the origin of data would be obscured through EU proxies, and data would only be transferred if you approve the transaction from your app.
It’s a pretty big and ambitious project and could eventually lead to a lot easier transfer of sensitive data, where you are in control of who gets what and less need to store local copies of sensitive data. (An example usecase is for instance confirming a prescription to a drug for a pharmacy while traveling abroad).
Biggest risk as i see is people confirming data request without scrutiny. There needs to be mechanisms to aggressively revoke the ability to ask for data if abused. And I would assume the requirements to what org can ask for high tier data are really strict.
Going to be interesting to see what comes of it.
For some reason people seem to trust commercial organizations with misaligned incentives over governmental bodies.
Governments have a monopoly on legal violence.
The hotel check-in system, called Tabiq, is maintained by the Japan-based tech startup Reqrea. According to its website, Tabiq is used in several hotels across Japan and relies on facial recognition and document scanning to check guests in.
They left an S3 bucket open.
this is why other s3 compatible servers like garage intentionally ignore admin commands to leave a bucket open, it’s simply not possible as there’s no valid reason except developer laziness
This is surely a joke post, please tell me this is not actually the cause… *reads article*… it’s the cause… *sigh*
So is this legally different than making a photocopy of your passport? Since that is supposedly not allowed but in the moment you are asked you are obviously going to comply as you really need a place to stay. If it is not I hope this company gets into the legal drama they deserve.
Not allowed where?
My Nigerian scammer has a copy of my passport. Nbd
I’ve gotten to the point I don’t care anymore. All of my data and info is already out there. Been leaked and sold by so many times and waya. Not like I can do anything about it. Just hope that of the millions of other id’s out there mine isn’t the one someone uses.
His is why digital ID is bad.
No. A properly managed eid system like the EU digital wallet would be better.
You would not hand over any document to the hotel. They would ask the central authority server if you are who you claim. You would get a prompt to confirm that you allow the hotel to confirm your identity. The server would respond, yes you are indeed that person. End of transaction.
No data would be left to whatever security standard (or lack there of) that the hotel has. No critical documents stored on their end.
Whatever happened to just here is my money I will stay here and be done? Why does the hotel need to give a shit who i am that I am staying?
Laws requiring Hotels identify their guests. This is a requirement for several reasons.
Some of which are visa requirements for foreign visitors, making it harder to use fake guests to launder money, in addition to several other uses of hotels by criminals (including prostitution) leaving a paper trail for authorities to follow up on.
Been awhile since I have been to the EU, that sounds like something stupid they would do. I imagine it would be France and Germany mostly.
Several countries I have been to recently I haven’t even talked to anyone at the hotel, which is nice. I don’t have to see the front desk at all, and the bell hop doesn’t care.
Again, why can’t I just pay and stay? It may be laws, but I am sick of this bullshit. People should be able to travel without state violence used against them.
And as we can see here, gathering information by the hotel is a horrible idea.
I’ve edited my response to include some of the reason some countries require the Hotels to identify their guests.
It can also be a liability/insurance requirement in case of fires or other accidents.
Many countries have several mechanisms to have a certain control of the movement of foreign nationals within their borders. Especially if they have problems with unofficial immigration.
I might not agree with all of the mentioned rationales, but at least a few I can understand why someone, somewhere considers it a “good idea”
What happens if someone steals your phone?
Even if that was a vulnerability, they’re never going to steal a million phones at once
Lastly if you are asking how you would deal with getting new credentials. There would be a mechanism similar to when you first get the electronic id where your previous device gets deauthorized and you authorize a new one.
All of these are allready solved problems at this point. We do this all the time with other credentials like online banking etc.
This varies by country, but in Norway for instance all of these things are already solved and online/phone banking is both safe and the most common way of doing things.
Loss/theft of phone is at worse a few phone calls and security questions to get it deauthorized (a properly secured phone would not be any significant hazard as mentioned in other responses) and authorizing a new device can be done with mail/SMS combo identification pr by showing up to a local office if you wanna do it that way.
Are you asking how you would confirm without your phone or asking about someone stealing your credentials or impersonating you?
To the first I’d ask how do you confirm identity if someone steals your wallet? But also, I’d probably be able to confirm with my watch as well.
To the second, my phone would be a brick before they ever got it unlocked.
It of course requires on device lock, like a pin or biometrics.
Also anyone with a nibble of security awareness will have their phone properly secured so it cannot be opened by anyone else.
(My phone requires face match, fingerprint or 6 digit pin. Additionaly it locks up to only accept the pin if it moves out of range of my smartwatch. It can also be remotely locked further, traced, and even remotely wiped)
If you run your phone without security pin or fingerprintint lock, this would be the least of your worries if your phone got stolen.
How are your banking apps secured?
