this post was submitted on 20 Jan 2025
889 points (98.3% liked)

Technology

60942 readers
5953 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
889
Stop Treating Phone Numbers As A Digital ID (notthesolution.substack.com)
submitted 4 days ago by formerlytomato@lemmy.sdf.org to c/technology@lemmy.world
170 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Katana314@lemmy.world 10 points 3 days ago (2 children)

On this question of verification, I don’t have a particularly foolproof solution, but maybe there just isn’t one.

I can criticize the modern web for a lot of things, but as long as we have situations where we want to check whether an account is a real person, as opposed to FarmingBot #295038, they need something. I'm not a fan of phone verification, but I'd only criticize it when we have alternatives.

I'd even be in favor of some kind of one-way algorithm by which a trusted real-person-identifying entity could tell a random third party site: Yes, this is a genuine human.

[–] 0xD@infosec.pub 7 points 2 days ago (1 children)

https://www.oesterreich.gv.at/en/id-austria.html

That exists and is better than a phone number.

[–] sexual_tomato@lemmy.dbzer0.com -2 points 2 days ago (1 children)

Cool, now provide solutions that exist today for every other country

[–] 0xD@infosec.pub 5 points 2 days ago

That is not my responsibility ;) I just shared that something like that exists.

[–] Ahrotahntee@lemmy.ca 9 points 2 days ago* (last edited 2 days ago) (1 children)

The technology has existed since the 80s.

X509 certificates would allow a government agency to sign a digital identity indicating that it's legitimate, would allow for remote revocation in the event of loss or theft, and can be easily integrated with every existing computer and browser.

An issued physical card would resemble a credit card, with a chip in it. Other physical form factors can take the shape of USB-devices which bundle the card and the reader into a single device.

[–] 0xD@infosec.pub 4 points 2 days ago (1 children)
[–] Ahrotahntee@lemmy.ca 3 points 2 days ago* (last edited 2 days ago) (1 children)

Also https://www.cac.mil/Common-Access-Card/, if the Americans are skeptical.

I don't like the Austrian one being phone-integrated, but I understand why people would want that.

[–] 0xD@infosec.pub 1 points 1 day ago* (last edited 1 day ago)

It's because the phone is a two-factor token that everyone has with them. With a secure processor being the hardware token and fingerprints or face scans biometrics. This makes it ideal for saving such sensitive data. I most frequently use it to digitally sign documents in a legally enforceable way.

The card you linked is similar, and a smart card was one of the previous versions of our system. The goal here was to make it universally accessible, and a smartphone is perfect for that.