In the US it is becoming common for federal services to require ID.me verification. I’ve never really had a problem with social security requiring ID verification. I do have a problem with data portals requiring it.
I even have a problem with ID.me, it’s a private company that the US government wants you to give your driver’s license and other information to. I don’t trust that.
Absolutely valid. In the context of identity verification, I trust ID.me more than random companies that do not have government contracts because government contracts come with security and compliance regulations that require regular audit and make the chances of breach less likely. In either case, it’s a private company and, as any security nut would have told you, when it gets sold all bets are off like 23andme. Even more importantly, in the US, any kind of ID verification is a terrible idea, government or private, because we have no data regulation or privacy constraints. I call out the US here because we have no GDPR equivalent (CCPA wouldn’t hold up to federal data). Even if ID verification were conducted by the government, it can still be used for gnarly shit like we saw with ICE and DOGE.
On a sliding scale of evil, ID.me is the evil I know will currently fight to continue remaining the only evil which is the only solace I have in the US.
Identifying yourself for official business on a government site is not the same as providing official ID to a random picture sharing site. Pretty much every service has had a leak which required heaps of people to change their trusted password. How would you fix this when they leaked your full official identity?
The theme of this post is “what things online would I be okay giving my government ID to.” The author did not mention government services in the article, so I brought those up and differentiated which government services I think are reasonable for ID verification. In the US, social security is basically a retirement fund and a huge target for scammers. I’m willing to verify there or for my taxes (although those should just be done for me; different argument). A data portal eg census data is not something I am willing to verify my ID for because it should be public. US trademarks, for example, now require ID verification for an account. An account gives expands some access on the website and allows the ability to file. If I file a trademark, I am fine with verifying my identity. If I make an account, I don’t need to verify my identity until I file.
I didn’t mention picture sharing websites because I agree with the author’s stance.
In the US it is becoming common for federal services to require ID.me verification. I’ve never really had a problem with social security requiring ID verification. I do have a problem with data portals requiring it.
I even have a problem with ID.me, it’s a private company that the US government wants you to give your driver’s license and other information to. I don’t trust that.
Absolutely valid. In the context of identity verification, I trust ID.me more than random companies that do not have government contracts because government contracts come with security and compliance regulations that require regular audit and make the chances of breach less likely. In either case, it’s a private company and, as any security nut would have told you, when it gets sold all bets are off like 23andme. Even more importantly, in the US, any kind of ID verification is a terrible idea, government or private, because we have no data regulation or privacy constraints. I call out the US here because we have no GDPR equivalent (CCPA wouldn’t hold up to federal data). Even if ID verification were conducted by the government, it can still be used for gnarly shit like we saw with ICE and DOGE.
On a sliding scale of evil, ID.me is the evil I know will currently fight to continue remaining the only evil which is the only solace I have in the US.
ID.ME is awful and buggy.
Identifying yourself for official business on a government site is not the same as providing official ID to a random picture sharing site. Pretty much every service has had a leak which required heaps of people to change their trusted password. How would you fix this when they leaked your full official identity?
The theme of this post is “what things online would I be okay giving my government ID to.” The author did not mention government services in the article, so I brought those up and differentiated which government services I think are reasonable for ID verification. In the US, social security is basically a retirement fund and a huge target for scammers. I’m willing to verify there or for my taxes (although those should just be done for me; different argument). A data portal eg census data is not something I am willing to verify my ID for because it should be public. US trademarks, for example, now require ID verification for an account. An account gives expands some access on the website and allows the ability to file. If I file a trademark, I am fine with verifying my identity. If I make an account, I don’t need to verify my identity until I file.
I didn’t mention picture sharing websites because I agree with the author’s stance.