Though I applaud the effort to get age right and protect players, I'm not sure I'll ever be comfortable having me or my child scan our photo ID and selfie to upload it as part of a login flow to an application.
I would much prefer my government to take on responsibility for providing this sort of service as they do e.g. driver qualification.
Once upon a time the usual thing to get OK'd to rent a van (e.g. for students who are moving house) is you rock up to the rental place with the legal documents showing you're entitled to drive. You're relying on the fact that the person renting you a van doesn't much care and isn't keeping the exact details from those documents.
But although you can do this today, obviously the documents get scanned into a permanent data repository, so, that's not great. But, the UK government added a site so you can prove you're you, and get codes, which for a limited period show someone that yup, this person is legal to drive and so on.
They do this for right to work too. Although, annoyingly only for foreigners. If you're a citizen, you can't prove right to work this way, you need to be like "Look, I'm a citizen, here's proof" to your employer. But if you are foreign you can just go "Check this URL, your government says I'm entitled to work here" and they needn't know whether that's because your husband is a "Cultural Attaché" to the Russian Embassy, or you've got special refugee status, or you're actually an Italian and you just speak and look Russian for some reason, just that you're entitled to work here.
I in general agree to a sort of governmental (or even inter-governmental) services for lightweight identity verification. Lightweight in a sense that these services do not give any new personally identifiable information to clients, they are only given cryptographic proofs. If implemented very well, it may be usable for a whole lot of applications other than just age verification.
However a partial or faulty implementation of the concept can be very dangerous. South Korean websites used to receive a Resident Registration Number (RRN, 주민등록번호) for all imaginable reasons, including just catching double registration. RRN was and remains crucial for identity verification and it is estimated that virtually every SK national has been subject to multiple accidents that exposed their RRNs before such practice is forbidden. After that the Accredited Certificate of Authentication (공인인증서, nowadays the Recognized Common Certificate 공동인증서) is in place, which was another travesty that is based on X.509 but with non-standard practices based on ActiveX. Nowadays age and identity verification is commonly done with mobile phones, and there are multiple such services mostly run by CICs and telcos. This did dramatically reduce the use of RRNs and is much more convenient for typical people, but if you do not own SK mobile phones (e.g. you are foreigners) you can't use them and there are frequently no fallbacks. Also I generally don't trust the security of those services.
In Canada we have https://verified.me/government-sign-in-by-verified-me/, which is ultimately “the government taking on responsibility for providing this sort of service” — but the government then turning around and delegating that responsibility to major banks (the Verified.Me service acting as the SSO intermediary, is a joint venture of seven major Canadian banks, and then supports other non-shareholding financial institutions as well.) Since you need a proof of identity to open a bank account, an SSO through your bank functions as a pretty good proof of identity.
Right now, the Verified.Me service sends through your actual non-anonymized identity (Social Security Number, I think) to the service being signed into, meaning it’s only really good for services you’d want to hand information like that to anyway (i.e. government service websites.)
But it’d be only a little tweak to enable a provider like this to send the service being logged into a persisted random-per-service token, or a per-service-salted hash of that info, instead. If this was done, a flow like this would then be perfect for KYC/AML: it would precisely restrict each legal person to only having one account per service, while also not revealing who that legal person is to that service. And the only person in this flow who’d ever see your ID, is the bank clerk you interacted with to open your bank account, years/decades earlier.
I would much prefer my government to take on responsibility for providing this sort of service
After witnessing enough leaks and hacks of government databases, this is one application where I'd favor a cryptographically secure, decentralized solution based on open-source code that's been competently audited to show the system keeps my sensitive info provably private.
Ideally something that's been in the wild under sustained and motivated efforts to hack it for long enough to convince me there's some substance to the claims.
Sounds a bit like e-verify. Don’t forget to lard it up with some denials for folks on domestic terrorist watchlists, wife beaters, bench warrants for parking tix, etc. etc.
>But, the UK government added a site so you can prove you're you, and get codes, which for a limited period show someone that yup, this person is legal to drive and so on.
I'd rather not subsidize roblox with government systems. If they can't figure out an age verification system that works thats on them. The government shouldn't be verifying the age of people for businesses. It's a waste of tax dollars to subsidize a business with major profits.
This happened to me with twitter. made an account, followed some people, they locked the account and told me it exhibited bot like behaviour and I needed to scan some photo id to send to them for them to unlock it.
Never worried about twitter ever again. Probably the healthier choice in the long run.
With most of these, the service itself doesn’t demand your ID; they demand that you give your ID to some third-party KYC/AML provider, who then just sends a “yes, this account isn’t fraudulent” signal back to the service. It’s like really overwrought SSO.
My full name, physical address, and IP address were leaked with another game my kids play. I'm excited for my drivers license and picture to be leaked as well.
I don't think I'd be comfortable with this either, certainly not to play some game. On the other hand, the bizarre problems maintainers of online communities have to deal with are just wild and worth keeping in mind as context:
The worst are those that let you get invested and only then spring these requirements on you.
NBA Top Shot comes to mind. They allow you to buy with no problem. But, to sell on their platform you have to go through what is essentially a KYC check.
I think people on HN underestimate how easy it is to accidentally build a money laundering system —- which NBA Top Shot did and now has to correct with KYC checks.
A component of my work is in digital identity, so I hope you don’t mind the question: what would make you comfortable doing so? For Roblox, I can see the exception taken, but some applications do require this level of identity proofing (scanning your passport in an airline mobile app to book an international flight comes to mind).
Edit: Thank you everyone for your feedback, it’s very helpful!
Generally I would be comfortable showing my ID to either an established bank or the government which issued the ID. And airport security. Otherwise if a private company wants me to upload my ID I would probably avoid using their service.
If at all possible, I would want a hard guarantee that my photo ID and all derived information (e.g. my real name (as in the case of Roblox, they don't care about your identity, just your age)) would be completely deleted as soon as possible, as well as a description of exactly when that would be (e.g. "we have to contact your federal government to verify the authenticity of this ID, and then ensure that they know that we've verified your user account, and then we'll delete everything immediately - this typically take 4-8 business days, and we'll email you when the process is completed").
Regardless of the above, I would require that no personal information linked to my ID would be used for any purpose (analytics, marketing, ads, or sale/transfer to a third party) except identity verification.
Putting photos of my ID documents online just seems like an incredibly bad move for my security and privacy.
The only time I'd even consider sharing photos of my ID documents over the internet is if I'm sharing them with an organisation I have a multi-year high-trust relationship with (like my e-mail provider of 20 years). And even then, I'd prefer not to if I can avoid it.
>but some applications do require this level of identity proofing (scanning your passport in an airline mobile app to book an international flight comes to mind).
I never had to do this when booking a flight. The max I had to do was provide my personal info (name, birthday, passport number). If they asked for a passport scan and a selfie I would have noped out.
Some applications do require this level of identity proofing (scanning your passport in an airline mobile app to book an international flight comes to mind).
I don't know about presently but historically, you didn't need a passport to buy an international ticket. You needed a passport to get on the plane at the airport. So if you buy a ticket in a fake name, it's your problem if you can't fly and tickets aren't refundable for this.
Which is to say that no app space comes to mind when I think of something that needs id scanning - or the only apps like this are extensions of state control to the virtual space (virtual parole hearings or whatever).
Basically, anything that isn't the state should use it's own fricking account system to relate to people online. And the state itself is kind of iffy.
I did it for a crypto exchange, but that was for KYC / AML verification and I intentionally chose an exchange that's regulated by my country's KYC/AML regulator, so I was expecting to have to do it.
Giving up that much PII for a game is insane. I'd uninstall it without even thinking. Any industry that's not regulated to require photo ID when they're asking for it doesn't need to ask for it.
Nothing would make me comfortable doing so, any more than sharing my bank credentials with a 3rd party for example. The only question is whether the benefit or necessity of doing so outweighs my discomfort.
Built-in watermark support. When the system eventually gets hacked and the pictures end up in the hands of hackers, their use will be limited due to a "COMPANY + DATE" watermark plastered all over.
(I think) I feel like I'd be similar in opinion about this with the OP, so hopefully you don't mind me putting my thoughts here!
The main issue that I have is that it's down to a matter of trust. I'm mainly using the article on Roblox as an example for my thoughts here, but I'm sure it could be easily translated to other services/companies doing digital ID verification.
I don't like digital identity verification at all however I am open to other options. I have no trust in these identity verification companies using my ID for the sole purpose they say it will be used for. I have no idea if they're holding onto the ID and using it for training their algorithms, or if they sell it to a data collection agency, or if they etc. etc. etc. - why do I need to read a 10+ page privacy policy document to figure that out?
For a company like Roblox - I don't see why they couldn't roll out their own system for digital verification. Yes, you'd have an absolutely massive influx of users at this point since they seem to _just now_ be adding age verification, but after a month or two - barring special events/promos in game - I'm sure an ID Verification department could be handed out to a few people.
That being said - I'm not considering any issues in other aspects like Legal issues, Privacy issues, data retention issues, number of users, numerous ID types etc. etc. etc. and I'm sure those are HUGE factors as to why people aren't "rolling their own" solution.
In Britain they proposed an anonymous system for checking age before viewing pornography. (It was cancelled.)
The idea was you could show your ID to someone qualified to check (like a shop selling alcohol), they'd give some sort of pass, and that could be used to access the website. I wouldn't mind that, so long at the shop person only looks at the ID.
(And I've never been asked to scan a passport when booking a flight.)
Not OP but there is NO SITUATION where I'd EVER do this for a web site. There are NONE I trust enough for that kind of information and NO web site offers sufficient value to even consider the risk.
If we absolutely need to have software that has this level of identity, then we need to build infrastructure to support it. That infrastructure already exists to some degree as notaries and could be expanded and modernized to allow privacy preserving identity verification.
I don't ever want to provide a storable version of my ID to you. I don't trust you or anyone else to keep it safe. I would expect my identity to compromised over and over as companies get breached.
>scanning your passport in an airline mobile app to book an international flight comes to mind
I'm curious as to why this might be necessary.
Whenever I've traveled internationally, while I've had to provide the airline with a bunch of info when booking my flight, I've never had to provide a scanned version of my passport.
Rather, when I arrive at my destination (at both ends) I need to show the nice customs folks my passport.
Which airlines require providing them with a scan of a passport to book a flight? I ask so that I can make sure never to use those airlines. Thanks!
Absolutely nothing. "Digital" identities should be exactly that. I will never be comfortable identifying myself beyond my activity. If you require more data, then your services aren't for me, unless you're a municipal provider.
>>scanning your passport in an airline mobile app to book an international flight comes to mind
Why? Proof of ID would be required at boarding time, and by Security who simply verify the supplied info matches the actual ID, but does not actually scan and store the document (nor should they)
I am unclear what in a booking process would require a person to scan in your passport to book the travel?
How would this work if I am a corporate booker needing to book flights for others, do I need to maintain a copy of their ID's?
Your example is pretty flawed, as is most examples you will come up with because in reality there is no reason to have to upload your ID. It is draconian and should be resisted by everyone for any purpose
To be fair, it's not part of their login flow, it's part of their verification flow. It's a one-time thing, not an every-login thing.
I also see no problem with this. What could they realistically use this information for that would be nefarious? It doesn't actually store the ID in any real sense, as they explain in the link, and I see no reason for them to lie about that.
It's real easy to scream, "But My Privacy!!!", and probably a decent amount more difficult to come up with an actual and practical risk there.
Honestly, if your threat model includes "video game companies that lie about age verification systems", I don't think you're taking your security very seriously.
tialaramex|4 years ago
Once upon a time the usual thing to get OK'd to rent a van (e.g. for students who are moving house) is you rock up to the rental place with the legal documents showing you're entitled to drive. You're relying on the fact that the person renting you a van doesn't much care and isn't keeping the exact details from those documents.
But although you can do this today, obviously the documents get scanned into a permanent data repository, so, that's not great. But, the UK government added a site so you can prove you're you, and get codes, which for a limited period show someone that yup, this person is legal to drive and so on.
They do this for right to work too. Although, annoyingly only for foreigners. If you're a citizen, you can't prove right to work this way, you need to be like "Look, I'm a citizen, here's proof" to your employer. But if you are foreign you can just go "Check this URL, your government says I'm entitled to work here" and they needn't know whether that's because your husband is a "Cultural Attaché" to the Russian Embassy, or you've got special refugee status, or you're actually an Italian and you just speak and look Russian for some reason, just that you're entitled to work here.
lifthrasiir|4 years ago
However a partial or faulty implementation of the concept can be very dangerous. South Korean websites used to receive a Resident Registration Number (RRN, 주민등록번호) for all imaginable reasons, including just catching double registration. RRN was and remains crucial for identity verification and it is estimated that virtually every SK national has been subject to multiple accidents that exposed their RRNs before such practice is forbidden. After that the Accredited Certificate of Authentication (공인인증서, nowadays the Recognized Common Certificate 공동인증서) is in place, which was another travesty that is based on X.509 but with non-standard practices based on ActiveX. Nowadays age and identity verification is commonly done with mobile phones, and there are multiple such services mostly run by CICs and telcos. This did dramatically reduce the use of RRNs and is much more convenient for typical people, but if you do not own SK mobile phones (e.g. you are foreigners) you can't use them and there are frequently no fallbacks. Also I generally don't trust the security of those services.
derefr|4 years ago
Right now, the Verified.Me service sends through your actual non-anonymized identity (Social Security Number, I think) to the service being signed into, meaning it’s only really good for services you’d want to hand information like that to anyway (i.e. government service websites.)
But it’d be only a little tweak to enable a provider like this to send the service being logged into a persisted random-per-service token, or a per-service-salted hash of that info, instead. If this was done, a flow like this would then be perfect for KYC/AML: it would precisely restrict each legal person to only having one account per service, while also not revealing who that legal person is to that service. And the only person in this flow who’d ever see your ID, is the bank clerk you interacted with to open your bank account, years/decades earlier.
rkagerer|4 years ago
After witnessing enough leaks and hacks of government databases, this is one application where I'd favor a cryptographically secure, decentralized solution based on open-source code that's been competently audited to show the system keeps my sensitive info provably private.
Ideally something that's been in the wild under sustained and motivated efforts to hack it for long enough to convince me there's some substance to the claims.
adolph|4 years ago
Sounds a bit like e-verify. Don’t forget to lard it up with some denials for folks on domestic terrorist watchlists, wife beaters, bench warrants for parking tix, etc. etc.
emilfihlman|4 years ago
Could you link us the site?
LegitShady|4 years ago
_jal|4 years ago
If your service demands my ID, I'll close my account.
If you have KYC requirements, I'll meet you in person or find a different vendor.
LegitShady|4 years ago
Never worried about twitter ever again. Probably the healthier choice in the long run.
derefr|4 years ago
gruez|4 years ago
that's literally not an option when it comes to crypto exchanges.
cphoover|4 years ago
nomel|4 years ago
pvg|4 years ago
https://www.wired.com/story/roblox-online-games-irl-fascism-...
unclebucknasty|4 years ago
NBA Top Shot comes to mind. They allow you to buy with no problem. But, to sell on their platform you have to go through what is essentially a KYC check.
Your investment is sunk otherwise.
Spivak|4 years ago
unknown|4 years ago
[deleted]
president|4 years ago
toomuchtodo|4 years ago
Edit: Thank you everyone for your feedback, it’s very helpful!
TaylorAlexander|4 years ago
fouric|4 years ago
If at all possible, I would want a hard guarantee that my photo ID and all derived information (e.g. my real name (as in the case of Roblox, they don't care about your identity, just your age)) would be completely deleted as soon as possible, as well as a description of exactly when that would be (e.g. "we have to contact your federal government to verify the authenticity of this ID, and then ensure that they know that we've verified your user account, and then we'll delete everything immediately - this typically take 4-8 business days, and we'll email you when the process is completed").
Regardless of the above, I would require that no personal information linked to my ID would be used for any purpose (analytics, marketing, ads, or sale/transfer to a third party) except identity verification.
michaelt|4 years ago
The only time I'd even consider sharing photos of my ID documents over the internet is if I'm sharing them with an organisation I have a multi-year high-trust relationship with (like my e-mail provider of 20 years). And even then, I'd prefer not to if I can avoid it.
gruez|4 years ago
I never had to do this when booking a flight. The max I had to do was provide my personal info (name, birthday, passport number). If they asked for a passport scan and a selfie I would have noped out.
joe_the_user|4 years ago
I don't know about presently but historically, you didn't need a passport to buy an international ticket. You needed a passport to get on the plane at the airport. So if you buy a ticket in a fake name, it's your problem if you can't fly and tickets aren't refundable for this.
Which is to say that no app space comes to mind when I think of something that needs id scanning - or the only apps like this are extensions of state control to the virtual space (virtual parole hearings or whatever).
Basically, anything that isn't the state should use it's own fricking account system to relate to people online. And the state itself is kind of iffy.
donmcronald|4 years ago
Giving up that much PII for a game is insane. I'd uninstall it without even thinking. Any industry that's not regulated to require photo ID when they're asking for it doesn't need to ask for it.
alex_c|4 years ago
I think the discomfort is a good thing here.
cinntaile|4 years ago
scohesc|4 years ago
The main issue that I have is that it's down to a matter of trust. I'm mainly using the article on Roblox as an example for my thoughts here, but I'm sure it could be easily translated to other services/companies doing digital ID verification.
I don't like digital identity verification at all however I am open to other options. I have no trust in these identity verification companies using my ID for the sole purpose they say it will be used for. I have no idea if they're holding onto the ID and using it for training their algorithms, or if they sell it to a data collection agency, or if they etc. etc. etc. - why do I need to read a 10+ page privacy policy document to figure that out?
For a company like Roblox - I don't see why they couldn't roll out their own system for digital verification. Yes, you'd have an absolutely massive influx of users at this point since they seem to _just now_ be adding age verification, but after a month or two - barring special events/promos in game - I'm sure an ID Verification department could be handed out to a few people.
That being said - I'm not considering any issues in other aspects like Legal issues, Privacy issues, data retention issues, number of users, numerous ID types etc. etc. etc. and I'm sure those are HUGE factors as to why people aren't "rolling their own" solution.
Symbiote|4 years ago
The idea was you could show your ID to someone qualified to check (like a shop selling alcohol), they'd give some sort of pass, and that could be used to access the website. I wouldn't mind that, so long at the shop person only looks at the ID.
(And I've never been asked to scan a passport when booking a flight.)
xyzzy21|4 years ago
shkkmo|4 years ago
If we absolutely need to have software that has this level of identity, then we need to build infrastructure to support it. That infrastructure already exists to some degree as notaries and could be expanded and modernized to allow privacy preserving identity verification.
LegitShady|4 years ago
nobody9999|4 years ago
I'm curious as to why this might be necessary.
Whenever I've traveled internationally, while I've had to provide the airline with a bunch of info when booking my flight, I've never had to provide a scanned version of my passport.
Rather, when I arrive at my destination (at both ends) I need to show the nice customs folks my passport.
Which airlines require providing them with a scan of a passport to book a flight? I ask so that I can make sure never to use those airlines. Thanks!
cybernautique|4 years ago
unknown|4 years ago
[deleted]
unknown|4 years ago
[deleted]
syshum|4 years ago
Why? Proof of ID would be required at boarding time, and by Security who simply verify the supplied info matches the actual ID, but does not actually scan and store the document (nor should they)
I am unclear what in a booking process would require a person to scan in your passport to book the travel?
How would this work if I am a corporate booker needing to book flights for others, do I need to maintain a copy of their ID's?
Your example is pretty flawed, as is most examples you will come up with because in reality there is no reason to have to upload your ID. It is draconian and should be resisted by everyone for any purpose
TameAntelope|4 years ago
I also see no problem with this. What could they realistically use this information for that would be nefarious? It doesn't actually store the ID in any real sense, as they explain in the link, and I see no reason for them to lie about that.
It's real easy to scream, "But My Privacy!!!", and probably a decent amount more difficult to come up with an actual and practical risk there.
Honestly, if your threat model includes "video game companies that lie about age verification systems", I don't think you're taking your security very seriously.
modzu|4 years ago