Hacker News new | ask | show | jobs
by ______- 1833 days ago
> It could be Equifax levels of problematic if there would be a intrusion

I'm sure they're not as lax as Equifax. I would hope that Stripe compartment all these documents so that a compromise of one database is not a compromise of the whole database. That's basic data storage hygiene in the information age. `Don't put all your eggs in one basket` as the saying goes.
2 comments
f38zf5vdt 1833 days ago
I think the Estonian e-Card scheme is the right one despite hiccups in its implementation and ID verification should be the domain and responsibility of governments. Each ID card has an embedded private key-public key pair and you can sign to reveal your identity without having to resort to giving away anything else about yourself. There is already a zero-risk way for customers to verify themselves, so giant ID databases are a step backwards.
link
dante_dev 1833 days ago
Many other countries in Europe can do it as well.

    The electronic identity cards of Austria, Belgium, Estonia, Finland, Germany, Italy, Liechtenstein, Lithuania, Portugal and Spain all have a digital signature application which, upon activation, enables the bearer to authenticate the card using their confidential PIN. Consequently they can, at least theoretically, authenticate documents to satisfy any third party that the document's not been altered after being digitally signed. This application uses a registered certificate in conjunction with public/private key pairs so these enhanced cards do not necessarily have to participate in online transactions.
[0] https://en.wikipedia.org/wiki/National_identity_cards_in_the...
link
zyx321 1833 days ago
Germany has an electronic ID card that can be used to certify identity, or only age, or only uniqueness, for a few pennies per auth. There's an app that lets you use your Android phone as a scanner, paired over wifi.

Yet I've never seen any company use it. Everyone uses slower, more expensive private services that don't ask any questions about what you're going to do with the data they collect.

link
_jal 1833 days ago
>I'm sure they're not as lax as Equifax

I am too, but that's not an endorsement. And more pertinently, that is nowhere nearly enough.

Every database of value tends towards uncontrollable sharing over time. The more available and more valuable it is, the harder it is to fight that trend.

The best thing for humanity is to stop making high-value data hordes like this. Unfortunately, the interests of smaller groupings are the reverse.

link