Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

We need to stop allowing companies that are not directly engaged in financial services to request government IDs.

Facebook shouldn't legally be allowed to demand an ID any more than this disaster of an "app."

Now tens of thousands of people will be subject to identity theft because someone thought this was a neat growth hacking pattern for their ethically dubious idea of a social networking site.



Unfortunately for some of us, the UK has gone the opposite direction. We now have to verify our age (or use a VPN) before accessing certain websites.

https://theconversation.com/porn-websites-now-require-age-ve...


This is fine if you have a secure tool to access. It's not okay if you just try to spin up your own solution.


There is no "secure tool", there is no secure way to verify ID online right now, none of these companies can be trusted to do it properly. Just last week a bunch of my personal info was implicated in a breach of a background check company who supposedly knew what they were doing.

A private way of doing this is absolutely 100% viable with some cryptography and government support. Apparently nobody gives enough of a fuck to even try.

As for the UK's new 'porn ID' law, people are going to die. People will take their own lives when their porn browsing habits are inevitably leaked. Private companies cannot be trusted to keep their hand out of the cookie jar, they WILL link peoples' histories to their real IDs.


How hard would it be to securely receive an image, securely check that image against a database, return an answer, and then delete the image securely?

Of all the things we do, it doesn't sound that difficult, to be honest.


A secure Know Your Customer API would be a useful service for Apple and Google to provide to developers. It could scan the ID and reveal individual pieces of information with permission to the application or multiple applications. Forgive me if it already exists and this app just wasn’t using it.


Apple is launching such a service in iOS26

https://developer.apple.com/videos/play/wwdc2025/232/


Ah, nice that it's a web standard. Looks like Google is as well. https://developer.chrome.com/blog/digital-credentials-api-or...

Link to the related web standard https://www.w3.org/TR/vc-data-model-2.0/


This is mDL (mobile driver's license) here in the US, but it's a new technology and not widely available or adopted yet. https://www.nccoe.nist.gov/projects/digital-identities-mdl


Interesting; thanks. That should connect to browsers' Digital Credentials API the other user mentioned.


Or we could deny providing "app" developers with any such information.


I am not going to show my ID to Google, especially given that it is a foreign company with dubious data collection history.


You are going to show your ID to at least one foreign company with dubious data collection history, because the government will eventually force it on you.


There are verifiable credentials protocols which would let a site to check something (and prove that they checked it) without de-anonymizing the user.

It can be done with fairly basic cryptography. But the infrastructure around it would grow only if there's a demand. Otherwise people go with lowest denominator.


The crimes of creating or posessing a fake ID are distinct from the crime of knowingly using one, an act which has the peculiar name "uttering".

Simple solution: decriminalize uttering to any person who is not an employee of the government or a regulated bank.


Shouldn’t a single mention of sex details make this a pornographic site, and thus subject to 18+ non-anonymous registration?




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: