Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
alwa 5 hours ago

I for one would appreciate the option to put an ID on file ahead of time, at least for important stuff like this. I like digital-only accounts for play, but for work stuff with real-world consequence, I’d like to link it to a real-world identity system…

Not unlike the signature cards banks used long ago, I guess.

Sure, maybe somebody motivated could defraud the government into issuing them a replacement ID in my name. But that’s big boy crime, not a casual “bribe a retail employee to SIM swap” kind of undertaking.

Sure, there are issues of access to government ID systems, and I know anything touching government names / “show me your papers” raises hackers’ hackles—I’m not saying require it, just that I’d choose it if it were a MFA option of last resort.

eterm 5 hours ago | parent | next [-]

That's how you turn 2fa into single factor authentication ( The ID ).

GitHub is such a large attack vector for the whole planet, that I understand their stance.

GitHub support a "recovery code" more secure than government ID. Print it out, store on USB, store on QR, etc, and stick it in at least one secure safe.

nerdsniper 5 hours ago | parent | prev | next [-]

The issue is less about having an ID on file, and more about verifying ID. In a world of excellent real-time deepfakes, how would GitHub verify ID at scale?

A fake ID is pretty easy to create, along with a fake face for a video chat where you can hold up your fake ID.

filearts 5 hours ago | parent [-]

An idea might be to require a financially meaningful deposit to pursue an account recovery like this. The deposit would be forfeit if the identity verification failed.

Though now that I write this, it creates a perverse incentive for a company to collect deposits and deny account recovery.

joshmn 5 hours ago | parent | prev [-]

> I for one would appreciate the option to put an ID on file ahead of time, at least for important stuff like this.

I'm at that point of agreement. I don't want to say "national SSO ID" because that can get really Orwellian obviously. Being able to put an ID on file is a reasonable ask.

em-bee 5 hours ago | parent [-]

a passport is orwellian? i don't really get this fear of government issued IDs. if your government is so bad that it will abuse IDs for surveillance, then your government is the problem, and not having a national ID is not going to protect you.

xp84 an hour ago | parent [-]

Someone explained this to me the other day in a way that helped me understand the concern better.

Not already having a ton of easy and effective choke points on the whole citizenry (which such a card would eventually grow into due to its usefulness) is a safeguard against wannabe tyrants being confident they can crush dissent easily and thus to them seizing power in the first place. Just like I wouldn’t steal a car with a manual transmission because I know I wouldn’t be able to drive it successfully, and certainly not well enough to outrun the consequences.

If I were a fascist I’d be a lot more brazen if I knew that I could switch off every dissenter’s ability to travel, work, or even buy food, in an instant.

shermantanktop 7 minutes ago | parent [-]

What if you were a fascist who exercised influence over Experian and TransUnion, the airlines, and of course the TSA? The horse has left the barn already.