this post was submitted on 20 Jan 2025
887 points (98.3% liked)

Technology

60828 readers
4304 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
887
Stop Treating Phone Numbers As A Digital ID (notthesolution.substack.com)
submitted 3 days ago by [email protected] to c/[email protected]
170 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 10 points 2 days ago (2 children)

On this question of verification, I don’t have a particularly foolproof solution, but maybe there just isn’t one.

I can criticize the modern web for a lot of things, but as long as we have situations where we want to check whether an account is a real person, as opposed to FarmingBot #295038, they need something. I'm not a fan of phone verification, but I'd only criticize it when we have alternatives.

I'd even be in favor of some kind of one-way algorithm by which a trusted real-person-identifying entity could tell a random third party site: Yes, this is a genuine human.

[–] [email protected] 7 points 2 days ago (1 children)

https://www.oesterreich.gv.at/en/id-austria.html

That exists and is better than a phone number.

[–] [email protected] -2 points 2 days ago (1 children)

Cool, now provide solutions that exist today for every other country

[–] [email protected] 5 points 1 day ago

That is not my responsibility ;) I just shared that something like that exists.

[–] [email protected] 9 points 2 days ago* (last edited 2 days ago) (1 children)

The technology has existed since the 80s.

X509 certificates would allow a government agency to sign a digital identity indicating that it's legitimate, would allow for remote revocation in the event of loss or theft, and can be easily integrated with every existing computer and browser.

An issued physical card would resemble a credit card, with a chip in it. Other physical form factors can take the shape of USB-devices which bundle the card and the reader into a single device.

[–] [email protected] 4 points 2 days ago (1 children)
[–] [email protected] 3 points 1 day ago* (last edited 1 day ago) (1 children)

Also https://www.cac.mil/Common-Access-Card/, if the Americans are skeptical.

I don't like the Austrian one being phone-integrated, but I understand why people would want that.

[–] [email protected] 1 points 14 hours ago* (last edited 14 hours ago)

It's because the phone is a two-factor token that everyone has with them. With a secure processor being the hardware token and fingerprints or face scans biometrics. This makes it ideal for saving such sensitive data. I most frequently use it to digitally sign documents in a legally enforceable way.

The card you linked is similar, and a smart card was one of the previous versions of our system. The goal here was to make it universally accessible, and a smartphone is perfect for that.