The fact that it verifies by ID scan is also not safe at all for a million different reasons.
A better way would have been to charge a small subscription fee - like $2/month or something. The fee filters out 99% of the trolls out there (who wants to pay to troll) and also gives the app/website admins access to billing info - name, mailing address, phone number, etc - without the need for a full ID scan. So the tiny amount of trolls that do pay to troll would have to enter accurate deanonymizing payment information to even get on the system in the first place.
And it can be made so only admins know peoples' true identities. For the user facing parts, pseudonyms and usernames are still very possible - again so long as everyone understands up front that such a platform would ultimately not be anonymous on the back end.
But oh no, that won't hypergrow the company and dominate the internet! Think of all the people in India and China you're missing out on! /sarcasm
I think you underestimate the willingness of people to pay to troll, it may filter out people but an app that was (in theory) meant to be secure shouldn't think of a problem as filtering rather than securing. Admins knowing peoples' identities simply moves the weakest link in the chain to the admins. I think an app like this was doomed from the start and 4chan simply pulled the plug on an already leaking bathtub.
I've thought about buying throwaway phone numbers just to troll linkedin. I'd be surprised if people weren't finding ways to get accounts on apps like this for trolling.
The only reason I haven't is because it feels like LinkedIn may have already jumped the shark and I wouldn't really get the value for my money.
> Admins knowing peoples' identities simply moves the weakest link in the chain to the admins.
And now you have a better chance at pointing a finger at someone, at the very least. And the thought of that finger pointing would be enough to keep an admin on top of things.
Everything is still up to whoever is running the platform. I'm just saying that, from an web admin perspective, that $2/month works. And if it doesn't, you have their billing info to track trolls down irl if necessary.
The issue is they decided to roll their own extremely questionable service and insecurely store sensitive images in a public bucket
Multiple SAAS vendors provide ID verification for ~$2/each. They should have eaten
that fee when it was small and then found a way pass it onto the users later
no, but it is _tremendously_ more difficult than email or even ID scans (unless you're doing actual verification, which is both more expensive and complicated than just charging a nominal fee or even just attaching a Card object to a stripe customer). Just getting to stand on top of an extremely robust existing system (payments) gets you so much adjacent help in keeping bad actors out, or at least getting it down to a human-team manageable level. It can be the difference between a viable business and not.
The first part is its goal: identity is secondary, the main purpose is money. It means a customer can put a fake name and address as long as the money part is considered OK. Most PSPs won't check the cardholder name (it can be used for fuzzy scoring, but exact match is a fool's errand). Address is usually only required for physical goods and won't be checked otherwise. And 3DSecure will shift the blame enough that the PSP won't need to care that much about the details.
The second part is the whole mess that comes with payments. You'll become a card testing pot in no time, and you'll be dealing with all the fuss just to check identities, you'll soon be rising the token payment to a significant amount to cover the costs, and before you realize it half your business has shifted into payment handling.
Especially if you only deal in government issued currency and refuse to use crypto. The US dollar is the world's reserve currency for a reason - we have tons of opaque and invisible systems in place to make sure it's rock solid. Systems that other countries either don't have entirely or rely on a series of privately owned systems that feel like chewing gum and string.
> you act like it's impossible to get payment credentials that have nothing to do with the user
This is incorrect. The parent acts like it isn't trivial to obtain payment methods that aren't linked to the payer. It seems like a reasonable possibility.
For whom? For people willing to be an asshole on the internet? For people willing to stalk other people online? This sounds exactly like the group of people that would look for ways of paying for something in ways not linked to them, even if that means "borrowing" someone else's identity
Hey now! They use ID verification bub - how are you gonna fake that? It’s not like there are just public buckets of legitimate ID photos taken by real women for you to hoover up. Check mate.
A better way would have been to charge a small subscription fee - like $2/month or something. The fee filters out 99% of the trolls out there (who wants to pay to troll) and also gives the app/website admins access to billing info - name, mailing address, phone number, etc - without the need for a full ID scan. So the tiny amount of trolls that do pay to troll would have to enter accurate deanonymizing payment information to even get on the system in the first place.
And it can be made so only admins know peoples' true identities. For the user facing parts, pseudonyms and usernames are still very possible - again so long as everyone understands up front that such a platform would ultimately not be anonymous on the back end.
But oh no, that won't hypergrow the company and dominate the internet! Think of all the people in India and China you're missing out on! /sarcasm