Hacker News new | ask | show | jobs
by plinkplonk 2314 days ago
There are a few courses on Edx (that I think) are worth paying for (under the new scheme, where you can audit courses for free, but lose access to videos, homework etc once the course is over). But, for such courses, edx also requires uploading of a government issued photo id, which I have no intention of doing.

If anyone at edx is reading this, I'll be glad to pay for retaining videos beyond the course period, and the ability to do assignments, but I don't want "verified certificates" (which presumably requires photo id etc). Right now there is no way I can pay for the former without also asking for the latter.
1 comments
jlelonm 2314 days ago
Why are you against uploading your ID?
link
jholman 2314 days ago
Not OP, but I don't trust startups to responsibly handle my PII. It's not a good gamble, based on incentives, and also based on recorded history. They usually don't encrypt it, they usually don't understand their own backup system, they usually have employees who copy it as "sample data" or "seed data" to developer laptops which are then stolen with some probability greater than 1%, they usually don't delete data on a reasonable timeframe, etc etc etc.

And it's one thing to have my email address, my phone number, etc. And if it was just MINE, shrug. But if you're asking for mine, you're asking for that of many people. And that means that criminals looking for PII for identity theft will know to target you. Or hackers who accidentally steal my data will be able to sell it as part of a bundle. Or it'll happen with your servers, at auction, when you go under. Etc.

So if a service that I very much want to pay for requires me to scan and upload ID, I dunno, maybe it's still worth it to me, but it just makes me so uneasy that I just procrastinate until I forget. This has happened a number of times.

If you're not the government, I want my business with you to be as anonymous as possible, because frankly you're probably not a very good steward of my privacy.

(Actually, I'm even more afraid of government IT, and I know my personal data has been stolen from my federal government at least once, but I've got no options on this one.)

link
redis_mlc 2314 days ago
> I don't trust startups to responsibly handle my PII.

Smart, but:

Any web developer knows most uploads go to a folder on disk ... likely readable by the web server process.

Harvest away!

link
jholman 2309 days ago
That's a "but"? That sounds like you're agreeing!
link