| ▲ | gus_massa 3 hours ago | |||||||
I'm not sure about France, but here in Argentina all this info is assumed to be public. If you want a credit at a bank or shop, they ask for a physical copy of the national ID [1], probably a photocopy too, an electricity or water bill and perhaps other paperwork that is hard to get (verified phone number???). [1] Do you want my number? It's inside this list: | ||||||||
| ▲ | vladvasiliu 2 hours ago | parent | next [-] | |||||||
It's supposed to be identifying information here. Usually, you can just send copies of those documents, which means that if you're looking to impersonate someone, you can easily produce fakes. And since everyone and their grandmother asks for these, people don't bat an eye and send them. The coup de grace of security in France is signatures, though. Now, since you can't produce a physical signature over the internet, they'll ask for your phone number and send you a text with a code. Once you've entered it on their web form, you've proved undoubtedly you are who you say you are. | ||||||||
| ▲ | jerf 2 hours ago | parent | prev | next [-] | |||||||
"Do you want my number? It's inside this list:" You might find it interesting to learn a bit about information theory. The entire purpose of your specific number is precisely to identify which number in that list is yours. Having the list of all possible numbers is irrelevant. Conceptually you can model that as everyone has that, all the time. But that's not enough to do anything with, because having that list entire list means you have zero information. If you say "it starts with an 8", you've eliminated 90% of the possibilities. Now you have log2(10) bits of information, but you haven't nailed it down yet. For each additional number you give you give that many more bits until you nail it down. This is a common misconception people have. I remember someone who claimed to have copyright all possible melodies by virtue of having printed them out and thus enumerated them. But that is meaningless, because the entire job of naming a specific melody is precisely the nailing down of which one you mean. Expanding the list of possibilities you might mean is actually a reduction in the amount of information, despite the superficial appearance of listing more numbers out, and when you expand the possibilities out to "all possible instances of the thing" you're actually at the minimum of information, not the maximum. | ||||||||
| ▲ | dspillett 2 hours ago | parent | prev | next [-] | |||||||
> in Argentina all this info is assumed to be public Same here. You can probably can find my address and phone numbers fairly easily from my name by a number of methods. That doesn't mean it isn't bad when an organisation spews out, or allows to be sucked out, huge numbers of people's data. With a leak like this it is practical to try scam everyone the list, searching for each person's details individually, and having to enumerate those people in the first place⁰, would mean no such attack would scale in a way to make it worthwhile bothering¹. -------- [0] This seems strange when you first think it, but: the most important thing being on such a list says about you, is that you are a real existing person, whose identity could be exploited somehow. That fact is what makes any other information valuable. [1] except for high-worth targets, which is why spear-phishing is a thing | ||||||||
| ||||||||
| ▲ | 2 hours ago | parent | prev | next [-] | |||||||
| [deleted] | ||||||||
| ▲ | 3 hours ago | parent | prev | next [-] | |||||||
| [deleted] | ||||||||
| ▲ | Traubenfuchs 3 hours ago | parent | prev [-] | |||||||
If you are that unconcerned, why do you not provide us with your information right here and now? | ||||||||