[Terr_]

I ranted about something similar when it came how the US Internal Revenue Service was implementing authentication for their free-filing service.

They're training taxpayers to put in large amounts of extremely sensitive personal information into a third-party domain called "id.me". Even if you trust the private company, I think it's insane they didn't at least whitelabel the process through a *.irs.gov domain!

(For those curious, the .me TLD is run by the country of Montenegro. Control over DNS has some security implications for phishing and man in the middle attacks.)