Hacker News new | ask | show | jobs
by neuigkeiten 3748 days ago
The problem with AirBnB is that they want you to scan your id card and send it over the internet. Which is illegal here in Germany. I would not use a company that wants me to do illegal things in the first place.

Additionally they want access to your Facebook account, which I find offensive as well.

I travel a lot in Europe. Since I prefer to stay in apartments over staying in hotel rooms, my approach is to look up local apartment rental sites. Usually I find good deals this way. I only stay in hotels if I absolutely must. Apartments are so much nicer.
7 comments
yomly 3748 days ago
As an AirBnB host I'm not all that cool with letting out my apartment for a day to someone who won't share some form of proof of identity.

As an engineer I get the privacy concerns so I'm split on which way I sit on this fence but I trust in a large tech company like AirBnB to get security right - so on balance the short term risks of someone abusing my flat outweigh my long term risks of someone getting my passport data.

link
pjc50 3748 days ago
It's really only the online part of it that's trouble; many hotels will make a note of your passport or similar at the front desk when you register. I think it may even be required by law in some places in Europe.

There's a great difference between a photocopy in a safe and a photo of ID on the internet. The one in the safe is much harder to steal in bulk.

link
st3v3r 3748 days ago
In many cases, aren't the owners of the house not around when the guest shows up?
link
rgbrgb 3748 days ago
In this case, the website is the front desk.
link
atirip 3748 days ago
Why the identity? Insurance pays.
link
DanBC 3748 days ago
Insurance may not pay if the homeowner has invited the guest in.

Many home insurance claims in the UK are not paid: http://www.bbc.co.uk/news/business-35401104

There are plenty of cases of people in the UK being robbed by eg cleaners and insurance doesn't pay.

http://www.bbc.co.uk/programmes/b05qvn36

> Last week Money Box heard from a listener who was surprised to find that her home contents insurance did not cover her for theft by a cleaner. Money Box listeners have told us that insurers seem confused about whether you are covered if carers and home helps steal from you. An insurance expert tells Money Box how you can find out.

(They misuse the word "carer" here, which should only be used about people who provide unpaid care. They mean something like "care worker".)

link
atirip 3748 days ago
https://www.airbnb.com/host-protection-insurance
link
DanBC 3748 days ago
Doesn't appear to cover a bunch of stuff.

> Some examples of what the Host Protection Insurance program doesn’t cover:

> Intentional acts where liability isn’t the result of an accident.

EG, theft.

link
mc32 3748 days ago
Because insurance is a hassle? Who wants to go through the process of being righted after being wronged? Getting wronged to be reimbursed is not the business model most renters are seeking when they put up a property on AB&B.
link
atirip 3748 days ago
So what do you prefer? Hunting them down and beating them up with your own fists? Hire some tough guys? Is that really easier?

But i was really referencing AirBnB insurance....

link
mc32 3748 days ago
Ok let's say you had a delivery business and have all the insurance necessary. You're saying you're equally likely to use a driver who has a history of careless driving as you would a driver who has a history of driving safely because you're covered by insurance.

I'm claiming people are seeking avoidance. People would rather have the deterrent effect, so that they might avoid the hassles of going through claims and then waiting for things to be righted.

link
yomly 3748 days ago
Identity provides deterrence from things ever reaching that state.

Having your passport or ID saved would make you think twice about committing some kind of crime

link
pjc50 3748 days ago
Does it? I get the impression many AirBnB renters are doing so with just regular home insurance, which may ban subletting.
link
ciaranm 3748 days ago
This is super common practice in the UK, at least in some industries (e.g. Gambling). Most online bookmakers & exchanges will require age-verification before they let you place a stake.

I've had similar experiences ordering alcohol online (though only from smaller retailers, and usually only for a first purchase).

link
maelito 3748 days ago
The Facebook verification is to me more problematic than the Id...
link
zeeZ 3748 days ago
When I tried to sign up through Google they wanted access to my Google Drive for verification. You can have lengthy arguments about the sanity of giving Google access to 8 years worth of random files, documents and photos alone, but then give a third party access to all that just for "verification"?
link
charlesdm 3748 days ago
"Illegal" is relative in this case. The law isn't a set of divine rules to live by (you're probably breaking a few laws by accident every day), it's more of a correction mechanism for abuse. That, and every country has weird quirky laws on certain matters. Just use common sense.

That said, you should be careful with your ID. But, I personally wouldn't mind verifying my ID with Airbnb (last I checked, they used specific verification software)

link
eveningcoffee 3748 days ago
And this law is very likely in place to avoid situations what Airbnb has created.

Namely Airbnb has created a database of (very likely high quality) copies of ID cards that when leaked could be used for identity theft in similar places where digital photographic copies of ID cards over the Internet are accepted as proof of identity.

To be more clear - digital photographic copy of a ID card can not be considered as a proof of the identity because it only shows that the person who is providing this information had either access to the copy itself or had limited time to make a copy in real life.

link
asift 3748 days ago
It seems like you have an impossible standard for determining proof of identity. What type of verification do you envision that isn't subject to flaws? Presenting an ID in person also only proves that someone had access to or a copy of an ID. Of course, there are some physical appearance constraints, but it's not hard for a determined identity thief to get around those.

Personally, I'm glad I live in a country that doesn't criminalize identity verification that utilizes 21st century technology (though I'd gladly accept some other German public policies).

link
eveningcoffee 3748 days ago
Making a photocopy of an ID is in my opinion not a finest example of the 21st century technology.

One option to have a proof of identity without an actual in person visit is to use a trusted third party (what has verified the person in person). This could be a state (if it provides such service) or a private institution (a Bank for example).

Otherwise you can use old and proved method of trust. I understand that of course for a service like airbnb this might not be enough and this is also the reason why I probably would not use them in the future.

link
superuser2 3748 days ago
A state run PKI. OAuth.gov. Anything that is only good for one shot, instead of the capability to impersonate you everywhere forever.
link
Symbiote 3748 days ago
Denmark's online id system, called NemID (EasyID) requires

* A username * A password * A one-time verification code, either from a card which is posted to your registered address, or using some kind of USB thing (as far as I know, the USB option is mostly used by companies).

The system is run by the government.

I don't know what information a business using this system for authorization gets — I'd guess name, address and perhaps date of birth — but they at least don't have the password or single use verification code, so they can't authorize themselves in my name.

https://www.nemid.nu/dk-en/

link
charlesdm 3748 days ago
I think, when I verified my ID a couple of years ago, they used a sort of middleware to analyse + verify the ID. If I remember right, they said they didn't actually store the ID (i.e. the underlying image was discarded once verified)

Edit: they use Jumio Netverify - http://www.jumio.com/

link
robk 3748 days ago
How do you know they save them? What if they just verify and discard?
link
eveningcoffee 3748 days ago
I would rather ask that how do I know that they actually do not keep this information and actually properly destroy it.
link
koenigdavidmj 3748 days ago
The way it was described, this law penalizes the person copying the ID, not the collector.
link
tobias3 3748 days ago
This could be solved with the eID feature of German identity cards, I guess.

Problem is many disable it, do not have a card reader and many smartphones are not compatible.

link
thesimon 3748 days ago
Could also be solved by using the passport instead of the identity card. The NFC-feature can't be disabled and most people have NFC smartphones (well, at least the people who are using AirBnB)
link
ucaetano 3748 days ago
Don't think it's illegal, Number26 (a german bank startup) does it for ID verification.
link
realityking 3748 days ago
It's illegal to make copies of the ID card unless required by law. Opening a bank account is one of these things were the law requires a copy of the ID card due to money laundering legislation.
link
ucaetano 3748 days ago
Thanks for the clarification!
link
asift 3748 days ago
I find that law even more ridiculous given those requirements. Making it illegal to do X unless they force you to do X undermines almost all arguments for criminalizing X.
link
rietta 3748 days ago
Not entirely. The companies that must collect presumably have better security safeguards than those just wanting it just because it's easy or customary.

I have a client that must collect and store drivers license copies for 2 years by state law. The system encrypts with GnuPG, such that only an offline private key stored on a crypto smart card can decrypt, and the encrypted image into a cloud storage bucket with an expiration date. Unless they get a spoliation order because the police come knocking no one ever sees the data. After 2 years, the file auto deletes and a record is left indicating that the record was "deleted in the ordinary course of business." The company does not really want to do all of this, but its required by law and good infosec practices.

Handling data breach material is expensive.

link
alemhnan 3748 days ago
I recently applied for it but they didn't ask me to send ID via email. They used idnow (http://www.idnow.eu/). You get a real operator via website (or even mobile) asking some questions and taking a photo of you and your passport. I was actually surprised as it worked quite seamlessly.
link
ucaetano 3748 days ago
Yes, I went through the same, but wouldn't "taking a photo of your passport be the same as "scan your id card and send it over the internet" which OP claims is illegal?
link
neuigkeiten 3748 days ago
Well, some startups might try to fuck with the law. German courts stick to it though:

http://www.heise.de/newsticker/meldung/Gericht-Personalauswe...

link
jp555 3748 days ago
Do faxes in Germany have their own super-secure network? Or is it illegal to fax identifying information as well?

Actually I would not be surprised that the old way was legal and any new way that threatens incumbents is illegal. This seems a fundamental dysfunction of Europe in general.

link