Hacker News new | ask | show | jobs
by gregjor 768 days ago
I have not had to do that and might not want to. But nothing on a US driver's license is private information anyway. Banks, credit reporting agencies, car dealerships, landlords, police, etc. all have access to your license info and much more. So I wouldn't call it "incredibly invasive."

Easy to blame the hosting company, or the government, but it's the bad actors and fraudsters and scammers who drive these kinds of rules. I'd rather have to show a hosting provider my ID than have all of their IPs blocked out of the blue one day because they rented a VPS to a scammer or botnet, maybe using my name and credit card number to do it.
1 comments
memen 768 days ago
> it's the bad actors and fraudsters and scammers who drive these kinds of rules.

Your logic is used by bad teachers in kindergarten to justify group sanction because of a single person's misconduct. I have never seen a bad actor driving rules against his own actions (exceptions exist).

In a society, there will be bad actors. No matter what you do. You can decrease the likelihood of it happening, or mitigate the impact, e.g. by setting rules. Costs for executing these rules should be weighed against the benefits.

If a driver's license is public information, why would they ask for it? If it indeed is public, they don't need to ask for it, because sending it doesn't hold value. If it is not public information, they have to ask for it, and then the fact that you are able to send it to them holds value. Them having the ability to send that information again, can be perceived as, or is, invasive.

link
gregjor 768 days ago
> Your logic is used by bad teachers in kindergarten to justify group sanction because of a single person's misconduct.

The rules we're talking about -- know your customer -- don't come from my logic. They got implemented specifically to fight terrorism and funding terrorism and money laundering (originally part of the Patriot Act, 2001). So yes, everyone got sanctioned because of the "misconduct" of a few people. Whether we agree with that approach or not governments often do exactly that kind of thing. It's the nature of governments and laws to apply rules to everyone at once, and frequently everyone gets "sanctioned" by laws that got written because of a few bad actors. I think about that every time I have to go through security to board a plane.

> I have never seen a bad actor driving rules against his own actions (exceptions exist).

I didn't write that the bad actors make the rules. Their actions lead to the rules, e.g. the rules get driven by the bad actors.

> You can decrease the likelihood of it happening, or mitigate the impact, e.g. by setting rules.

Rules tend to work both ways. Laws against drunk driving, to take just one example, seek to both decrease the likelihood of drunk drivers, and to mitigate the impact through enforcement and punishment, and through legal liability. KYC laws seek to do the same thing: prevent money laundering in the first place, and enable enforcement and punishment.

> Costs for executing these rules should be weighed against the benefits.

We could debate how the world should work all day long, but I'll stick with how it actually works.

> If a driver's license is public information, why would they ask for it?

I didn't write that licenses are public information. I wrote "nothing on a US driver's license is private information." See the difference? The opposite of "private" is not "public." Lots of people and businesses have access to that information. My photo and address may as well be public, anyone with a computer can find those. Driver's licenses are issued by states, with your implied consent to give all of that information and let them print it on a card. The invasion, if you want to call it that, happened when you voluntarily obtained the license. As you might expect, the US has laws around privacy of driver's license information:

https://en.wikipedia.org/wiki/Driver%27s_Privacy_Protection_...

So while not exactly public, that information isn't really private, either. Note provision 3 of the Driver's Privacy Act: "For use in the normal course of business by a legitimate business or its agents, employees, or contractors, but only to ... verify the accuracy of personal information." So a VPS provider or any other business needing or wanting to verify a person's identity can ask to see a license as a form of identification. You don't have to show it to them, but they don't have to take your business either.

My license has this information, none of which I think of as particularly private:

- State of issue

- Date of issue and expiration

- License number assigned by the state

- Photo of my face

- My full legal name from my birth certificate (a public record)

- My address at the time I obtained the license

- My date of birth

- My height, weight, hair, and eye color

- My signature - What kinds of vehicles I can legally operate

Anyone could find out almost all of that with Google. People put more private personal information in their Facebook and LinkedIn profiles.

> If it indeed is public, they don't need to ask for it, because sending it doesn't hold value.

Do you understand the difference between looking up someone's license information in a database, and doing what bar bouncers and banks and apparently French hosting companies do -- asking to see the license in your hands alongside your face? Do you think passports would work if you could just write down your passport number and tell the immigration agents to look it up, because they potentially can do that? The license has value as identification when someone can visually compare it to the person it belongs to, see that the person is in possession of the identification, and confirm at least some of the information on the license -- already vetted in some way by the state -- matches information the person gave. It's a kind of physical two-factor authentication.

> Them having the ability to send that information again, can be perceived as, or is, invasive.

Collecting driver's licenses and then "sending that information again" would violate the law I cited above. If I gave a photo of my license to a hosting company and could then prove they gave or sold that to some other company without my consent, I would have a cause of action in court.

link