Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
ok123456 5 days ago

We need to stop allowing companies that are not directly engaged in financial services to request government IDs.

Facebook shouldn't legally be allowed to demand an ID any more than this disaster of an "app."

Now tens of thousands of people will be subject to identity theft because someone thought this was a neat growth hacking pattern for their ethically dubious idea of a social networking site.

Revisional_Sin 5 days ago | parent | next [-]

Unfortunately for some of us, the UK has gone the opposite direction. We now have to verify our age (or use a VPN) before accessing certain websites.

https://theconversation.com/porn-websites-now-require-age-ve...

throwawayq3423 5 days ago | parent [-]

This is fine if you have a secure tool to access. It's not okay if you just try to spin up your own solution.

cedws 4 days ago | parent [-]

There is no "secure tool", there is no secure way to verify ID online right now, none of these companies can be trusted to do it properly. Just last week a bunch of my personal info was implicated in a breach of a background check company who supposedly knew what they were doing.

A private way of doing this is absolutely 100% viable with some cryptography and government support. Apparently nobody gives enough of a fuck to even try.

As for the UK's new 'porn ID' law, people are going to die. People will take their own lives when their porn browsing habits are inevitably leaked. Private companies cannot be trusted to keep their hand out of the cookie jar, they WILL link peoples' histories to their real IDs.

throwawayq3423 3 days ago | parent [-]

How hard would it be to securely receive an image, securely check that image against a database, return an answer, and then delete the image securely?

Of all the things we do, it doesn't sound that difficult, to be honest.

1123581321 5 days ago | parent | prev | next [-]

A secure Know Your Customer API would be a useful service for Apple and Google to provide to developers. It could scan the ID and reveal individual pieces of information with permission to the application or multiple applications. Forgive me if it already exists and this app just wasn’t using it.

arianvanp 5 days ago | parent | next [-]

Apple is launching such a service in iOS26

https://developer.apple.com/videos/play/wwdc2025/232/

1123581321 5 days ago | parent [-]

Ah, nice that it's a web standard. Looks like Google is as well. https://developer.chrome.com/blog/digital-credentials-api-or...

Link to the related web standard https://www.w3.org/TR/vc-data-model-2.0/

EnderWT 5 days ago | parent | prev | next [-]

This is mDL (mobile driver's license) here in the US, but it's a new technology and not widely available or adopted yet. https://www.nccoe.nist.gov/projects/digital-identities-mdl

1123581321 5 days ago | parent [-]

Interesting; thanks. That should connect to browsers' Digital Credentials API the other user mentioned.

ok123456 5 days ago | parent | prev | next [-]

Or we could deny providing "app" developers with any such information.

codedokode 5 days ago | parent | prev [-]

I am not going to show my ID to Google, especially given that it is a foreign company with dubious data collection history.

ronsor 5 days ago | parent [-]

You are going to show your ID to at least one foreign company with dubious data collection history, because the government will eventually force it on you.

killerstorm 5 days ago | parent | prev | next [-]

There are verifiable credentials protocols which would let a site to check something (and prove that they checked it) without de-anonymizing the user.

It can be done with fairly basic cryptography. But the infrastructure around it would grow only if there's a demand. Otherwise people go with lowest denominator.

octoberfranklin 5 days ago | parent | prev | next [-]

The crimes of creating or posessing a fake ID are distinct from the crime of knowingly using one, an act which has the peculiar name "uttering".

Simple solution: decriminalize uttering to any person who is not an employee of the government or a regulated bank.

sigwinch 5 days ago | parent | prev [-]

Shouldn’t a single mention of sex details make this a pornographic site, and thus subject to 18+ non-anonymous registration?