[Culonavirus]

My bank has an API endpoint that (basically) returns your name and age (in this use case). It can return more for signing electronic docs etc. and is basically your digital ID.

https://en.wikipedia.org/wiki/BankID

Need to buy "toys", vape products, alcohol... anything adult online?

There's a 3rd party web app (you rightfully don't trust) as an age check in the shopping cart / user account of any of these adult shops, and this has multiple ways of verifying your age - and one of them is the bank's api, you pick it, your bank's identity sharing page loads, you log in, it shows exactly what information will be shared in a bullet point list, you tap OK, immediately a request like "this app wants to know your age, please verify" pops up in your smart banking app on your phone, you tap ok, fingerprint scan, DONE.

Problem solved. The 3rd party app knows just what it needs to. All of this takes maybe a minute and your personal info is perfectly safe (unless you don't trust your bank at which point you have bigger problems to worry about...)

[dfghjk4]

Identity shouldn’t be tied to a private institution that requires you to have a bank account to login.

Two of the well-used solutions to identity in the U.S. are login.gov (government-managed) and id.me (private, but used by government). Basically to get setup, at some point you have to have physical presence to get an actual government-approved physical ID, which can still be a barrier to some, but it doesn’t require a bank account.

Just don’t implement your own like Discourse and Tea.app.

[morkalork]

>Identity shouldn’t be tied to a private institution

This right here. Just look at what happened with visa/mastercard this week, private institutions can and will cave to special interest groups advocating to block access to legal content.

[close04]

Whether it’s a government controlled or private identity provider which can or has to provide data to the government, in the end it’s still the perfect way to control what people do online. It’s age restricted stuff at first, but can just as well be applied to any store or social media. Not so eager to express your dissent if it has your name stapled to it.

[masklinn]

> Just don’t implement your own like Discourse and Tea.app.

FWIW discord did not implement their own (sensibly), but since the british government does not provide this service it basically mandates possibly dodgy middlemen.

My understanding is that discord uses (contracted?) https://www.k-id.com/

[hnthrowaway7483]

> Discourse

Another victim of auto-correct!

[cronin101]

As a Brit that relocated to Norway a decade ago, trust me when I say you cannot fathom the lack of organization around identity that the UK (somewhat intentionally) has. (It’s constantly used for political Godwin’s-law fear-mongering)

There is no centralized ID number, the closest is your social security number but this is basically only outbound for PAYE tax and haphazardly correlated to your pension payments in late life.

Everything operates on a “trust system” where you often present paper (!) with whatever address you claim to be living at as proof you are real (e.g. opening bank accounts).

Passport loss is rectified by seeking out “professionals” with government-approved occupations that are not related to you that can vouch you are actually the person you are trying to replace a passport for.

The entire thing is a mess and living in digital-identity-native Europe is a dream come true that you should be extremely thankful for.

[gambiting]

>>There is no centralized ID number, the closest is your social security number

Until you find out that due to a cock up years ago the National Insurance numbers are not guaranteed to be unique, and you realize that somehow the best proof of identity British people have is a humble driving licence because DVLA is at least somewhat competent.

[pasc1878]

Unfortunately I don't have a driving license as I am physically unable to get one by law.

[The-Old-Hacker]

The mess around voter ID is a case in point. A badly-implemented "solution" to a problem that didn't exist.

[vidarh]

It's even worse now: A lot of places now accept PDF's of things like bank statements, since so many people don't get paper copies any more.

It's not that it was hard to fake before if you wanted to, but when you can just get a real PDF as a starting point, and edit it slightly it's just theatre.

[astrange]

It doesn't have to be perfect. This is how financial regulation works in the US too, but it does work. The idea is that every individual step is weak, but it's a crime to bypass any of it. So the deterrence is you can catch things probabilistically and most people don't want to commit a whole bunch of crimes at once because they all have individual punishments.

[jonathantf2]

B-but... if we have an ID card the "government" will be able to track us! /s It does annoy me how much people get away with scaremongering, I just read a comment of someone who's against digital payments because "then the government will be able to work out how much tax you owe"????

[W3zzy]

This is the way. Belgian banks joined forces years ago to create such a platform for identity verification and private companies can get granular acces when needed and after they are vetted. It's all based on the 2014 eIDAS regulation.

https://en.m.wikipedia.org/wiki/EIDAS