Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
alright2565 8 hours ago

ID is much easier to forge, it's just a flat 2-d shape. None of the physical security features come through in images.

TheDong 6 hours ago | parent | next [-]

In functioning states, the ID contains a chip with a private key that can be used to sign a message, and ID verification would not be an image of the ID card, but rather holding your phone's NFC reader to the card and signing a message from the site.

In Japan, there are already multiple apps which use something like this to verify user's age via the "my number card" + the smartphone's NFC reader.

It's more or less impossible to forge without stealing the government's private keys, or infiltrating the government and issuing a fraudulent card.

Of course, the US isn't a functioning state, the people don't trust it with their identity and security and would rather simply give all their information to private companies instead.

notpushkin 5 hours ago | parent [-]

> In Japan, there are already multiple apps which use something like this to verify user's age via the "my number card" + the smartphone's NFC reader.

Does this also leak your identity to the app?

charcircuit 5 hours ago | parent [-]

There is not a way to share just your date of birth. After providing your PIN it can read more than just your date of birth.

klausa 2 hours ago | parent [-]

That's... partially true.

If you use the _digital_ MyNa card (e.g. the one in the Wallet.app; not the plastic one); the iOS SDK lets you only request the "is user more than XX years old" flag; without getting the actual identity: https://developer.apple.com/documentation/passkit/requesting...

Now, AFAICT nobody actually does this, but the technical ability is there.

junon 8 hours ago | parent | prev [-]

When I had to prove my passport for my bank over a video call they told me to rotate it around in the sunlight to show that it had the holo-whatever ink. So I wouldn't put it past them.

digiown 8 hours ago | parent [-]

A call requires a human, which is inherently not scalable. And even humans have trouble distinguishing AI content these days.

ziml77 7 hours ago | parent | next [-]

And it's not like Discord actually cares. They just care about appearing like they care. Something to keep the heat off of them from regulators and angry parents.

krisoft 7 hours ago | parent | prev [-]

A “video call” perhaps requires a human, but the type of test described need not be a video call. One can imagine a network trained to distinguish a fake id card from real one from a video recorded where the user is asked to move the card such that the holograph is glinting in the sunlight.