Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
jen729w 3 days ago

> normalising people uploading identification documents and hence lead to people becoming victims of scams

We've long lost this war.

I'm in Italy, staying at my 3rd Airbnb. I was surprised when the first asked me, casually, to drop a photograph of my passport in the chat. I checked with Claude: yep, that's the law.

(I'll remind you that Italy is in the EU.)

On checking into this place last week, the guy just took a photo of our passports on his phone. At this point I'm too weak to argue. And what's the point? That is no longer private data and if I pretend that it is, I'm the fool.

rtpg 3 days ago | parent | next [-]

I'm pretty sure in most places in the world if you are travelling from abroad you are asked to share your passport, and have been for a very very very very long time.

The difference between sending it over a chat and handing it over to a clerk (who then photocopies it or types in the data into the computer) feels almost academic. Though at least "Typing it into the computer" doesn't leave them with a picture, just most of the data.

fn-mote 3 days ago | parent | next [-]

> The difference between sending it over a chat and handing it over to a clerk (who then photocopies it [...]

The difference is that the paper copy is local and only accessible to the hotel (and any government employee that might come knocking).

The digital version is accessible to anyone who has access to the system, which as we know well on HN includes bureaucrats (or police) with a vendetta against you and any hacker that can manage to breach the feeble defenses of the computer storing the data. That computer isn't locked down because the information is not valuable to the person who holds it; they're paid to satisfy a record-keeping law, not maintain system security.

> at least "Typing it into the computer" doesn't leave them with a picture, just most of the data.

Agreed, except now uploading a scan is the easiest way to file the data.

rtpg 3 days ago | parent [-]

Good points.

I do agree that "not without a warrant" is a pretty load-bearing thing and it _should_ be tedious to get information. When a lot of info is just so easy to churn through that can activate new forms of abuse, even if from an information-theoretical point of view the information was always there.

And it's not even just about public officials. All those stories of people at Google reading their exes emails or whatever (maybe it was FB? Still) sticks to me.

jen729w 2 days ago | parent | prev [-]

Yeah but previous attack vector:

- Fraudster has to bribe hotel staff, or get on staff and then work there and steal documents. Tricky.

New attack vector:

- Fraudster rents out Airbnb. Trivial.

zmmmmm 3 days ago | parent | prev [-]

Well, even there, you're doing a transaction worth hundreds to thousands of dollars probably.

This pretty much lowers the bar to any random website on the internet can ask for ID to do something as trivial as look at a photo.

In a world where social engineering is the last unsolvable security vector, this is significant even if it is just a matter of degree.