[pc]

Appreciate your feedback. On the first point, limitations on what the secret key can access are coming very soon.

> A concrete suggestion: make it possible for businesses to choose whether they have access the raw data, and expose the choice to the end user in the Stripe Identity flow. Ideally, businesses that want the raw data would be subject to security compliance requirements. This is an opportunity for Stripe to be a leader in setting high standards on how this type of data should be handled.

Yes, per GP comment, I think this is a good idea. I suspect we'll do it.

[SmellTheGlove]

+1 on being able to choose. I’m building a personal finance app right now, and where I can I’m choosing to not ingest or retain sensitive data. While the origin of this is scratching my own itch, I suspect that I’ll get better traction if I can overtly say I’m not collecting data I don’t need or holding onto it for longer than you want me to. I’d love to be able to just get a Boolean back.

[unityByFreedom]

Here we go, online IDs. It seems inevitable that some entity will leak this data at some point. Then what?

[dcow]

Businesses collecting identity information is nothing new. Somebody like Stripe putting a concerted effort out there to make it more secure and improve the experience so that identity information is stored in a less ad-hoc way is a win and will reduce the odds of some catastrophic leak. If you are only worried about identity leaks now then you are simply miss-calibrated on your assumptions about the nature of online identities. If you are seriously this worried, then you probably shouldn't be using the internet for anything.

[unityByFreedom]

> so that identity information is stored in a less ad-hoc way

It will be more ad hoc. Stripe does not decide how their client stores such data. Stripe will make asking for an ID very easy and that will vastly expand the number of businesses utilizing this method of registration.

Right now I think of Stripe as a reliable service. When one of their customer's data is breached or leaked, I don't know that everyone will still trust Stripe as a brand. News articles about such breaches won't be able to relate the nuance of who's at fault.

I'm not concerned about my online personas being linked to me. I'm concerned about making it easy for bad actors to perform identity theft en masse.

[dcow]

I'm not sure you understand. When a business needs your ID to do business, they ask you for it and store it in their infrastructure. This already happens today. Nothing Stripe is doing necessarily changes this. Stripe is simply providing a streamlined mechanism by which business can fulfill their KYC requirements and obtain this information. And now they have the choice to continue to store it in their infrastructure or look it up via the API as needed. If somebody breaches WellsFargo and dumps all the identity info of their customers, clearly Wells Fargo is at fault. Nobody will care if the entry form where they put their info in when they signed up for a bank account was hosted by Stripe and white labeled by Wells Fargo, or if there was a permission box that popped up from Stripe asking if you'd like to allow Wells Fargo access to your info, or if it was simply hosted by Wells Fargo. I don't see the problem here.

[unityByFreedom]

I get it. No need to say I don't. Streamlined means more companies will ask you for such identification. Eventually stripe will be part of a news story about a data leak. I imagine they've already factored this in and decided it's worth it, due to requests they've been getting from customers. Essentially, if they don't do it, someone else will. Personally I think they should let someone else do it, or break it into another company, but that's not my call.

[Rastonbury]

I disagree a bit on this. Looking at previous data breaches, when something like an s3 bucket gets hacked, the news is not going to be about on how Amazon is responsible for company X's data breach but on how company X's servers got hacked. Stripe, like AWS, is the infrastructure, the onus is on a company to ensure their infrastructure security as it can be an existential risk. A philosophy of Stripe's is that that they succeed when their customers succeed, I'd like to think that they have a shared interest in try to prevent their customers being breached as much as possible.

[newbie789]

It’s great that you think that limiting the firehose-style wild-west dissemination of people’s identity data might be a good idea and I have good feelings about your suspicions, I suspect they might be well founded.

Might as well wait until anybody that can drag and drop Stripe code into their app gets as many photos of people’s IDs and faces and security questions from their users and squirrels it away into their private databases.

Once that’s done it’ll be a good time to fire off a blog post about how not doing that was always in the works and announce groundbreaking features like “basic privacy permissions for identity data “ will become default.

Maybe it’ll be a paid feature for end users?