this post was submitted on 20 Jan 2025
857 points (98.2% liked)

Technology

60663 readers
4074 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
857
Stop Treating Phone Numbers As A Digital ID (notthesolution.substack.com)
submitted 1 day ago by formerlytomato@lemmy.sdf.org to c/technology@lemmy.world
161 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] dual_sport_dork@lemmy.world 10 points 13 hours ago (2 children)

I don't want to treat phone numbers as an ID, but for some reason my customers will give their phone number to me online far more willingly than they'll cough up their email address, which is baffling only until you realize:

  • Most people are technologically incompetent and are intimidated by the avalanche of crap they get in their email, and
  • They never answer their phones anyway, so who cares?

I actually offer the option, because I don't give a rat's ass how people ignore me when I try to contact them. But when they place an order I at least need to be able to prove that I tried.

[–] john89@lemmy.ca 6 points 10 hours ago

which is baffling only until you realize

I stopped being baffled when I realized most people are dumb as shit.

It's just a fact of life, and we either see it or we don't.

[–] Entropywins@lemmy.world 3 points 12 hours ago

Yo sign me up 867-5309

[–] futatorius@lemm.ee 13 points 19 hours ago

Internet security and internet privacy are only incompatible goals when combined with incompetency and shit user-exerience design.

[–] Katana314@lemmy.world 9 points 19 hours ago (2 children)

On this question of verification, I don’t have a particularly foolproof solution, but maybe there just isn’t one.

I can criticize the modern web for a lot of things, but as long as we have situations where we want to check whether an account is a real person, as opposed to FarmingBot #295038, they need something. I'm not a fan of phone verification, but I'd only criticize it when we have alternatives.

I'd even be in favor of some kind of one-way algorithm by which a trusted real-person-identifying entity could tell a random third party site: Yes, this is a genuine human.

[–] 0xD@infosec.pub 6 points 11 hours ago (1 children)

https://www.oesterreich.gv.at/en/id-austria.html

That exists and is better than a phone number.

[–] sexual_tomato@lemmy.dbzer0.com 0 points 9 hours ago (1 children)

Cool, now provide solutions that exist today for every other country

[–] 0xD@infosec.pub 2 points 7 hours ago

That is not my responsibility ;) I just shared that something like that exists.

[–] Ahrotahntee@lemmy.ca 8 points 16 hours ago* (last edited 14 hours ago) (1 children)

The technology has existed since the 80s.

X509 certificates would allow a government agency to sign a digital identity indicating that it's legitimate, would allow for remote revocation in the event of loss or theft, and can be easily integrated with every existing computer and browser.

An issued physical card would resemble a credit card, with a chip in it. Other physical form factors can take the shape of USB-devices which bundle the card and the reader into a single device.

[–] 0xD@infosec.pub 3 points 11 hours ago (1 children)
[–] Ahrotahntee@lemmy.ca 2 points 3 hours ago* (last edited 3 hours ago)

Also https://www.cac.mil/Common-Access-Card/, if the Americans are skeptical.

I don't like the Austrian one being phone-integrated, but I understand why people would want that.

[–] Suavevillain@lemmy.world 33 points 1 day ago (1 children)

Please. It is the most annoying part of trying to use some sites and I rather not give out my number to people who store important info in plain text files.

[–] john89@lemmy.ca 2 points 10 hours ago

Yes. Don't forget your phone number will be exposed to the public when the business gets hacked.

Not if. When.

[–] Teknikal@eviltoast.org 53 points 1 day ago

Bane of my life as about a year ago my dad switched his sim and immediately started pestering me about not being able to log into his accounts.

Yes he got rid of the old number completly and expected me to somehow make his logins work. This is still going on to this day when he complains to me something doesn't work it's because he's tied it to his old phone number.

[–] undefined@lemmy.hogru.ch 302 points 1 day ago* (last edited 1 day ago) (17 children)

To the same audience: quit selling my fucking phone number!

I ditched a phone number I had for 10+ years because it was leaked everywhere. Only a few short months after updating my number with the DMV and a handful of other government agencies I started receiving scam calls/messages again.

At some point we need to adopt some fucking privacy laws. This is absolutely bonkers—is no one else fed up??

Edit: I already know how to silence unknown callers. What I want is to not have the problem in the first place, ideally by 1) having companies not sell personal data to third parties and 2) being able to block spoofed (non-encrypted) caller ID.

[–] john89@lemmy.ca 3 points 10 hours ago (1 children)

At some point we need to adopt some fucking privacy laws. This is absolutely bonkers—is no one else fed up??

Look at you, trying to use the government to solve every day problems that face pretty much all of us.

Don't you know we only focus on gridlock issues to distract us from real issues now?

[–] undefined@lemmy.hogru.ch 2 points 10 hours ago

I do, unfortunately.

[–] buddascrayon@lemmy.world 4 points 1 day ago (1 children)

At some point we need to adopt some fucking privacy laws.

Yeah we absolutely had to ban TilTok because of privacy concerns but the idea of creating a law to protect our privacy is ridiculous beyond all reasoning. The stupidity of the United States government is absolute.

load more comments (1 replies)
[–] SnotFlickerman@lemmy.blahaj.zone 122 points 1 day ago (11 children)

Oh everyone is fed up but we just elected a guy and government who is sure to make it all way way way worse.

He just helped put the nail in the coffin of the lie that crypto is for anything but scams, don't worry, it's gonna get real bad before it gets any better.

[–] explodicle@sh.itjust.works 3 points 1 day ago* (last edited 1 day ago)

"Bitcoin, it just seems like a scam," Mr Trump said. "I don't like it because it's another currency competing against the dollar."

— Donald Trump

Of course, Trump Coin made just for him is fine. And any security who bribes him. Oh wait now none of them are securities; Gary Gensler was our last line of defense.

[Edit: got it backwards]

load more comments (10 replies)
[–] DaddleDew@lemmy.world 50 points 1 day ago (7 children)

I'm pretty sure a lot of scam calls use machines that call every possible phone number within an area code and see who answers. There is no way to avoid it.

load more comments (7 replies)
load more comments (13 replies)
[–] D_Air1@lemmy.ml 124 points 1 day ago* (last edited 1 day ago) (3 children)
  • Phone numbers
  • social security numbers

Stop making personal information into digital ids because when it inevitably ends up in some kind of data breach. These companies all throw their hands up saying sucks to be you.

[–] ikidd@lemmy.world 7 points 1 day ago (3 children)

What I hate is when they want you to store "secret" information like your mother's maiden name/ first pet name for later verifications. You know these are stored in plain text of course. My own damn government does this stupid shit, and they've had several hacks of PII including gun registrations because as far as I can tell, nobody competent works in government IT.

[–] mycelium_underground@lemmy.world 8 points 17 hours ago

I choose random questions and store the random passwords that I use as answers in my password manager. It's also more secure because people can't just Facebook stalk you for answers.

[–] Boozilla@sh.itjust.works 2 points 15 hours ago

I use bullshit answers for these, and save them in the notes section of my password manager.

[–] pixelscript@lemm.ee 3 points 17 hours ago

Security questions don't care what you put in there. It's not an exam. It's basically just an alt password.

I just generate a string of alphanumeric text from my password generator and stuff those in there. If I lose my password vault somehow I'm cooked anyway, so.

[–] penquin@lemm.ee 19 points 1 day ago

Nah, man. Gotta get my $2.97 check.

load more comments (1 replies)
[–] IDKWhatUsernametoPutHereLolol@lemmy.dbzer0.com 134 points 1 day ago (11 children)

This should be what digital ID looks like:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEZ26+ARYJKwYBBAHaRw8BAQdAsUGMjbGNUyyz9PHsHKP4xj/tIfYIuHb4miPH 0iCPpu60K0VSUk9SOiBFYXJ0aC5leGUgaGFzIGNyYXNoZWQgPG5vQGVtYWlsLmV4 ZT6IcgQTFggAGgQLCQgHAhUIAhYBAhkBBYJnbr4BAp4BApsDAAoJEI6E3uMn31Z3 028BAM5o8ER0dqTsxFlZSgZOvvgFHGuy2eFgF3rULkGKl1KrAP9fdE7WwnYbBer/ AVmw5jr0P5m/XsEQQrSueuk/FLYBBbg4BGduvgESCisGAQQBl1UBBQEBB0BDR0Bv pf4jxbwp9rVowFTnL59NGqnnh6XyF/LjAoYDGgMBCAeIYQQYFggACQWCZ26+AQKb DAAKCRCOhN7jJ99Wd1dMAP45xmN03SodkWHi7PYOORqNXJUBdMzzfsRXdqE8ZXaW vAD+PqNqPcbwJYCOEAXkg7DlZ0SX3o9MViZLdzHFQ3TpUA8= =krDh -----END PGP PUBLIC KEY BLOCK-----

PGP Key Fingerprint: 857957d40f06cc816fd3d29a8e84dee327df5677

Should be good until quantum computers come around

[–] Zak@lemmy.world 68 points 1 day ago (8 children)

I'm sad PGP didn't become a popular way to log into websites. A challenge-response protocol could have even been built into web browsers. Big tech is reinventing that idea as Passkey, but with a very big tech flavor.

load more comments (8 replies)
[–] bestboyfriendintheworld@sh.itjust.works 27 points 1 day ago (11 children)

Now type it a form that doesn’t allow copy and paste.

[–] ayyy@sh.itjust.works 27 points 1 day ago (5 children)

The California DMV requires you to renew your vehicle registration every year by paying with a bank account number (no card) which is like a 30ish digit number and they disable paste. If you get it wrong they won’t notify you in any way until you get pulled over by a cop who is one bad sneeze away from murdering you. It’s a great system.

load more comments (5 replies)
load more comments (10 replies)
load more comments (9 replies)
[–] y0kai@lemmy.dbzer0.com 15 points 1 day ago (4 children)

I've been considering getting a pager or a burner phone just for this

[–] ikidd@lemmy.world 4 points 1 day ago (1 children)

Just get a virtual DID number from something like Voip.ms or virtualphone. There may be other providers out there that use crypto for payment for added privacy, but if all you want to do is be able to keep your real phone # off the grid, these work.

[–] funkless_eck@sh.itjust.works 5 points 1 day ago (1 children)

usually they check for VOIP numbers and give you an error. Has to be legit.

[–] gamermanh@lemmy.dbzer0.com 3 points 1 day ago (2 children)

Never had that problem with the Google voice service

Yeah yeah it's google, but it gives numbers that work

[–] Boozilla@sh.itjust.works 1 points 15 hours ago

Google voice is hit or miss. It's worked for a lot of smaller sites for me, but the bigger / more corporate it is, the less likely it seems to work.

[–] u_u@lemmy.dbzer0.com 2 points 1 day ago

Last time I checked, Google Voice is only available for US residents. Not sure if there's alternative.

load more comments (3 replies)
[–] jpablo68@infosec.pub 20 points 1 day ago (24 children)

I'm in a quest to find a good email provider that doesn't ask for a cellphone or another email address while creating an account, cock.li used to do this but now it's "getting back on its feet"

load more comments (24 replies)
load more comments
view more: next ›