Telling us you didn't read the article is exactly the kind of unsubstantive comment we don't want on HN. The comments thread is for people who did read the article and have something to say about the content.
This kind of comment breaks the guidelines particularly these ones:
Be kind. Don't be snarky. Converse curiously...
Don't be curmudgeonly. Thoughtful criticism is fine, but please don't be rigidly or generically negative.
Please don't fulminate. Please don't sneer....
Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.
Please don't post shallow dismissals, especially of other people's work. A good critical comment teaches us something.
Please don't complain that a submission is inappropriate. If a story is spam or off-topic, flag it. Don't feed egregious comments by replying; flag them instead. If you flag, please don't also comment that you did.
Please don't complain about tangential annoyances—e.g. article or website formats, name collisions, or back-button breakage. They're too common to be interesting.
Please take a moment to remind yourself of the guidelines and make an effort to observe them in future.
I think it was all written for the thing it was trying to be. Which is a casual humorous take on the journey this person went through with a little tech education sprinkled in. Any more formal or sophisticated and it would've lost some of the casual humor and been less an interesting journey. But did so in a way much less aggravating than what qualifies for a food recipe these days.
Despite being from 2020, this vulnerability persists in 2025 with many airlines still exposing sensitive data on boarding passes and luggage tags, making "don't post your boarding pass" still relevant security advice.
Online systems sometimes use it as an indicator to prove your identity. When combined with other sensitive data it can be useful for an identity thief.
> Based on advice I got from two independent lawyers that was definitely not legal advice: I haven’t done a crime.
I will trust his lawyers are right _for Australia only_ (although I have my doubts, and would love to see their reasoning), but in the UK this feels like a clear breach of the Computer Misuse Act[0], and I can't recommend enough that you don't do this.
Echoing this advice in the USA. Don’t fuck with this, the language in the laws is loose enough to prosecute almost anything security-related, even well-meaning efforts like this.
Also a security tip, mosaic like he used in the picture is not a safe way to hide sensitive data, especially the one that has movement like in the gif where he is scrolling down, the mosaic changes and gives more data to reconstruct original. The safe way is to fully black out, but be wary of not plain color almost opaque marker tools, it could look like black out but playing with contrast will still reveal the data.
Reading the "Why is it bad for someone else to have your passport number?" is scary, especially since when traveling to countries like Spain and Italy, every Airbnb / Hotel requires you to send a picture of your passport. Japanese stores take your passport stamp picture for their tax-free, which contains the number on the page. Some embassies even take your passport for a few days before returning it with the visa.
Why do we treat passport numbers as passwords instead of a login?
I once checked in at a pretty decent hotel in India and realised that they used re-used customers passport scans and invoices to print wifi coupons! I strongly complained but I don’t really know if they’ve changed.
> Why do we treat passport numbers as passwords instead of a login?
Because some stupid people thought that photos of passports have any security / validity (including banks, brokerage firms). Interestingly none of them would accept photos of cash as payment though.
> Interestingly none of them would accept photos of cash as payment though.
Banks had been hesitant to embrace cryptocurrencies, but they see the value of CBDCs and so are trying to push those. So they will accept something close to that as long as there a large legal market for crypto, which there is from their point of view and role in the market.
> especially since when traveling to countries like Spain and Italy, every Airbnb / Hotel requires you to send a picture of your passport.
They're required to, it's part of the in-person hotel check-in process to require showing photo id, and registering all guests with the local police department.
If you're a foreigner, and rather use a service where in-person check-in is impractical, they'll naturally ask for a photo to meet their legal obligations.
Earth revolves around the Sun? Let's see. In a twin-star system which one is going around the other? Let's make one of them have higher mass. Did the heavier one completely stop going around, or does it still wobble a bit? That wobble mean the heavier one is still going around their common center of mass. Also, since there is no static fixed point in the space, the interpretation of movement of Sun and Earth could be very subjective to the reference frame selected. There is nothing wrong if someone wants to consider Earth as that fixed point for some arbitrary local reference frame. Infact, a lot of calculations that matter to human life on Earth require that.
34 comments
[ 1.9 ms ] story [ 57.5 ms ] threadTelling us you didn't read the article is exactly the kind of unsubstantive comment we don't want on HN. The comments thread is for people who did read the article and have something to say about the content.
This kind of comment breaks the guidelines particularly these ones:
Be kind. Don't be snarky. Converse curiously...
Don't be curmudgeonly. Thoughtful criticism is fine, but please don't be rigidly or generically negative.
Please don't fulminate. Please don't sneer....
Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.
Please don't post shallow dismissals, especially of other people's work. A good critical comment teaches us something.
Please don't complain that a submission is inappropriate. If a story is spam or off-topic, flag it. Don't feed egregious comments by replying; flag them instead. If you flag, please don't also comment that you did.
Please don't complain about tangential annoyances—e.g. article or website formats, name collisions, or back-button breakage. They're too common to be interesting.
Please take a moment to remind yourself of the guidelines and make an effort to observe them in future.
https://news.ycombinator.com/newsguidelines.html
Finding a former Australian prime minister’s passport number on Instagram (2020) - https://news.ycombinator.com/item?id=34966909 - Feb 2023 (41 comments)
When you browse Instagram and find Tony Abbott's passport number - https://news.ycombinator.com/item?id=24488224 - Sept 2020 (340 comments)
What is the "vulnerability" by the "airlines" here?
Edit: The blog post also mentions this:
https://mango.pdf.zone/finding-former-australian-prime-minis...
I will trust his lawyers are right _for Australia only_ (although I have my doubts, and would love to see their reasoning), but in the UK this feels like a clear breach of the Computer Misuse Act[0], and I can't recommend enough that you don't do this.
0: https://www.legislation.gov.uk/ukpga/1990/18/section/1
Why do we treat passport numbers as passwords instead of a login?
Because some stupid people thought that photos of passports have any security / validity (including banks, brokerage firms). Interestingly none of them would accept photos of cash as payment though.
Banks had been hesitant to embrace cryptocurrencies, but they see the value of CBDCs and so are trying to push those. So they will accept something close to that as long as there a large legal market for crypto, which there is from their point of view and role in the market.
They're required to, it's part of the in-person hotel check-in process to require showing photo id, and registering all guests with the local police department.
If you're a foreigner, and rather use a service where in-person check-in is impractical, they'll naturally ask for a photo to meet their legal obligations.