Sure, but this is like saying you shouldn't replace your cardboard box with a safe because it could get cracked.

I think the argument against is that right now people know how terrible an authentication system this is and don't build actual security on top of it -- "we only have cardboard boxes so we installed cameras and encrypted the contents."

Once it's good people will outsource the work to what is essentially a CA system where every BMV in America is an issuer and I expect it to hold up at best as well as SMS verification.

still, card board boxes have no security at all; doesn't matter whether the codes were leaked or not.

there's a point to be made for expections of strong security where it's actually weak, but is no security at all really better than bad security?

Cardboard boxes can be acquired without a record of their purchase and are easy to hide among other cardboard boxes, like a book in a library. Also can be used to hide from enemies while moving around under the box.

It can be. If my bicycle has no lock at all, I will not leave on a outdoor parking near the central railway station, because I know for sure it will be stolen. The value here comes not from imperfect security per se, but from my ability to predict the outcome. Now if my bicycle has a meh lock, the chance of it being snatched suddenly increases.

So what are you saying? That the solution is to never prove your identity to anyone in any way?

I'm saying that maybe people who chose to accept the id scan knowingly accept the risk, have a second line of checks somewhere, evaluate amount lost to fraud or fines against the cost of having full-fledged PKI and also knowingly make it your problem if their evaluation proves to be wrong.

That's a good reason to not use HTTP, because hey, the keys can be hacked! The CA can be hacked, let's just use plain text and pray.

The CAs have been hacked. Multiple times, in several different ways. And that's just the public ones we know about, which I have no reason to suppose are all of them or even necessarily a significant fraction of what we would consider compromises. At the scale of "everything done on the internet" or "all the money" you can't wave this issue away. It is difficult, if not impossible, to build a security system that is more expensive to break than "all the money and value in the world".

A government identity to do business with the government might just about be possible. A government identity to cover everything done by everyone everywhere is not. The value of cracking that system is just too high.

> A government identity to cover everything done by everyone everywhere is not. The value of cracking that system is just too high.

So the value of the system being broken is too high, yet we live in a world where it's broken, as anybody can make a photoshop of your driving license? I'm sorry I don't get the argument.

Basic principle of security: A security system should be more expensive to break for the attacker than the value of the thing it is securing to the owner.

This is generally a counter to people using binary thinking and believing that a security system is broken if there is any way in at all, thus thinking things are either in the categories "secure" or "insecure" without any further qualification. In fact those categories don't exist. It is intrinsically at a bare minimum a spectrum of security, and one can slice & dice more finely if one likes based on what sort of attacks various different types of attackers can mount, e.g., defending against whole-internet scans is one thing, nation-state attackers specifically targeting you quite another.

I'm using it in a different way: When what you want to lock behind your security system is essentially "all economic value in the world", such as "we'll solve all identity problems on the internet by just having the government provide identities", that means you need to create a security system that is more expensive to break than "all economic value in the world". However, you can't. Any conceivable security system is easier to break than that.

There is a sense in which it is simply necessary that there be a wide variety of independent identification systems, each individually covering sufficiently small amounts of value that they are possible to exist at all, and with a diversity of costs and strengths to cover the various cases.

>When what you want to lock behind your security system is essentially "all economic value in the world"

Do I really?

Perhaps you are not a native English speaker, this may help you: https://en.wikipedia.org/wiki/Generic_you

I think the fault of arguing with obnoxious people on the internet to learn that they are also rude is totally on me.

It's a classic fallacy of "the old one may be extremely bad, but it's already there, so it's okay, but the new one needs to be perfect against anything any scenario someone can think about, no matter how far fetched". We have this pretty often here in Germany. The requirements for anything digital are so incredibly high compared to the non-digital version we have currently/had before (depending on whether we finally managed to introduce a digital version), it's just sad.

Let me send you that totally secure fax with my totally secure signature drawn by hand. Far more secure than a digital document signed by this scary, newfangled electronic signature, which could have been hacked and is therefore totally insecure.

And because of that a photo of your driver's license is at best a low-pass filter. A central identity system where you get strong identity verification will be relied on for real security and authentication making it a properly juicy target the level of Gmail for account compromises but the real life security of Verizon issuing phone numbers and sim cards.