Plenty of people began freaking out earlier this year after a breach at big-three credit bureau Equifax jeopardized the Social Security Numbers, dates of birth and other sensitive date on more than 145 million Americans. But as I have been trying to tell readers for many years, this data is broadly available for sale in the cybercrime underground on a significant portion of the American populace.
So I can rest easy now, knowing I've been fucked since forever.
I know this is sarcastic but the answer is that this system is complete broken and should be replaced by something that is made for authentication. Maybe something that is somewhat secure and allows you to change your “secret number” ones it has been compromised.
In the end its not the crypto that makes it more secure. Estonia still has a national identifier number, just like US has the SSN. The difference is that while I can know your name, DOB and the identifier (which actually contains your DOB in it), I cant easily pretend to be you. And this is because the process itself is different - when I got to open a bank account, I present my ID card, the bank can plug it in and pull up my profile from the central authority (ran by the government), and I need to pass the checks of being there in person, with a matching ID, which also checks out from the central system (including picture).
Combine this with for example strong proof via blockchain about who used to check your info and from where, and you are at a pretty good spot. Note that Estonia does not do that last part just yet.
As for the US, the chances of having a national ID card along with similar infrastructure are slim to none. So don't hold your breath about major changes any time soon. The best best would be to get closer to something like the above solution via private companies or maybe the credit bureaus themselves (once they are force to change their business model from aggregating and selling data without your consent).
One crazy thing was when I got my mortgage and was transferring my down payment to the mortgage company, my bank didn't require me to even show my ID. There is probably a reason for it, as the documents all matched up on the name and I had to submit a lot of information to the mortgage company. I still found it very strange making that kind of transfer of tens of thousands of dollars that I didn't have to show any kind of proof of ID.
Maybe the government could issue 100,000,000 ID Coins per person, and you would use each of them only once ... a bit like bitcoins, but for ID... You would spend 1 each time you need to prove your identity. They could be in a hardware wallet and could easily be replaced for free.
and they could easily be revoked... If the government wanted to delete somebody, it would be pretty easy... just revoke all tokens and don't issue new ones.
> The most expensive credentials for sale via this service are those for the electronics store frys.com ($190). I’m not sure why these credentials are so much.
Anyone have any information on why these would be so expensive?
one way scammers make $$ is by using stolen accounts to purchase goods and then re-sell them, but in general they have pretty much one shot before they are found out and the credentials go stale (for their purposes). electronics can be small in size, have high re-sale value and there's already a solid gray market for them, so it's a particularly valuable credential.
i'd also venture a guess that fry's has less effective anti-fraud software/defenses vs. amazon or ebay or other platforms where you can buy electronics - would not be surprised if amazon was good at catching a fraudulent iphone purchase on the first try, whereas fry's might let a lot more slip through.
source: I've been involved with reducing fraud at various marketplace companies.
I want a word for the type of anti-scale problem you see in identity. Most people who don't work for Equifax can agree that ideally everybody should own their own identity, control it, and be able to monetize it if and when they chose to. The problem is the crypto doesn't scale up from a UX perspective, and the economics don't scale down. So it makes sense to build Orwellian centralized services from an economic perspective.
One of my hopes for the Bitcoin bubble is that someone figures out how to get a 100x improvement on private key management, including the messy forgotten password / lost 2FA device problems where crypto meets meatspace.
In the credit report screenshot, all the addresses are Georgia or Minnesota. I wonder if that's just dumb luck or some specific system has been compromised?
16 comments
[ 19.4 ms ] story [ 77.7 ms ] threadSo I can rest easy now, knowing I've been fucked since forever.
https://en.wikipedia.org/wiki/Estonian_ID_card#Cryptographic...
Granted it's not foolproof but it's definitely a step forward compared to the SSN bullshit.
Combine this with for example strong proof via blockchain about who used to check your info and from where, and you are at a pretty good spot. Note that Estonia does not do that last part just yet.
As for the US, the chances of having a national ID card along with similar infrastructure are slim to none. So don't hold your breath about major changes any time soon. The best best would be to get closer to something like the above solution via private companies or maybe the credit bureaus themselves (once they are force to change their business model from aggregating and selling data without your consent).
If you've been fucked since forever and nothing bad happened, why do you think anything bad will happen now?
Anyone have any information on why these would be so expensive?
i'd also venture a guess that fry's has less effective anti-fraud software/defenses vs. amazon or ebay or other platforms where you can buy electronics - would not be surprised if amazon was good at catching a fraudulent iphone purchase on the first try, whereas fry's might let a lot more slip through.
source: I've been involved with reducing fraud at various marketplace companies.
One of my hopes for the Bitcoin bubble is that someone figures out how to get a 100x improvement on private key management, including the messy forgotten password / lost 2FA device problems where crypto meets meatspace.