a lot of services use facebook to verify that someone is a human. there should be a service that exists only to manage peoples identities online. sign up, provide some id, an address and last four of your social. later, maybe a letter is sent to the address and returned with a verification code. then, every other service on the internet could use that service to prevent bots, spam and other things.
those companies gathered tons of information without even asking people first. and why would this service require the sensitive information to be stored at all, let alone in plain text?
Ask Equifax, they “didn’t need” to store as much as they did, let alone in plain text. Perhaps it’s useful for, oh, making sure two people aren’t signing up with the same information.
Other problems include:
* Social security numbers are explicitly not ID numbers
* Not all Americans have social security numbers
* Even if they did, Americans are about 5% of world population
* Not everyone on the internet gets post (say hi to Nairobi, where addresses of relatively rich locals may be “$Name, third on the left behind the petrol station on the highway”, while poorer people have homes that don’t officially exist on roads that don’t officially exist. Some of these people rely on mobile phones for payments, as banks don’t care.
* Not everyone has an ID certificate or card or passport or driving license to provide, and if they did, why not just skip the middle man and ask for that directly like AirBnB (and every international airline I’ve used) does? Or your bank account, like PayPal does — after all, a bank will certify your ID*
(* they probably don’t all, and even if they did, not all people have bank accounts)
Basically, ID is not a perfectly certifiable thing, so you need to design systems to accommodate failure — even if we actually solved it in theory, all it takes is one criminal finding one implementation flaw and a system that assumed perfection would allow grand exploitation.
im talking about storing information. to be sure that someone is real, collect tons of info and then get rid of most of it and tag their account with a validation stamp. store just enough info so that two people having identical sets of that info is almost impossible. and im not saying ssn or any other peice of info is the best solution -- obviously it would be anything and everything tailored for whatever systems the persons country of residence currently maintains. as for exploitation, i think it would be simple to make exploitation rare as long as good id systems are implemented by the government or other entities. it would certainly be better than having an internet where its impossible to verify if someone is a human or a robot...
“Almost impossible“ isn’t good enough. “Almost impossible” is why two women in Floria have the same SSN: born the same day, same state, almost the same name (Joanna and Joannie Rivera), and why they were not even the example I had in mind when I googled for a similar story I’d heard a decade earlier.
And if your goal is just “is this a human or a machine?”, well, let me introduce you to the idea of identity theft, and why people stole all that data from Equifax.
The only way to tell humans and bots apart is some form of automated Turing test, hence Completely Automated Public Turing test to tell Computers and Humans Apart.
in fact turing tests will be useless at some point, which is the whole basis of my speculation about alternatives to it as i originally stated. dont you agree that captchas will become obsolete at some point? what then?
Here in Norway we use something like that for access to banks, tax, pensions, social services, etc. All of these services allow you to log in with what is called BankID. You apply for BankID and supply an ID like your passport then all the other banks and institutions accept that. It uses a two factor scheme with SMS, code cards, apps in SIM cards, etc.
But of course this isn't available to be used by some random kitten video trading site.
Also why would I want to give up my real identity to a lot of the sites that use a captcha?
I had a chat with my American co-worker why they don't use something more modern, and he seriously tried to explain me that requiring ID would be racist.
Now I knew the theory already, since I spend a lot of time online, but I asked him to explain it to other co workers, most of them very liberal as they say in U. S, they all thought he is joking.
dude what does that even have to do with this? identity will need to be taken care of in the absence of capcha, or else we will have an internet that cannot differentiate between a bot and a real person. think of all the websites and all the broad categories of websites that would be broken by that. is this not a problem in need of a solution?
