Comment by hobs
3 years ago
First thing on signup: YOU HAVE TO DO ADDITIONAL IDENTITY VALIDATION, yes, even though we took your home address and credit card and phone number already.
No thanks, I'll keep using Digital Ocean or someone who doesn't make me jump through hoops.
Your address and phone point to a location, not necessarily a valid identity but I understand you may be hesitant to share personal info with just anyone. If you are a EU citizen you can ask them exactly how long your data is retained and who may have access to it (it’s actually published on their website). They use it only as a 2nd level verification to prevent spam (not shared with 3rd parties). As a German/EU company, Hetzner is subject to all regulatory requirements for handling of personal information and so when leaving, you can also request the deletion of your data.
A one-off hoop that maybe helps to keep spammers off their systems ? Fine by me.
If your fraud detection cant do anything with name, address, phone number, and credit card and you need Drivers License/Passports then you probably need to pay for a better one.
What do you expect a German company to do with a copy of your drivers license or passport? Is this one of those situations where it contains your your social security number and it therefore becomes direct access to your bank account?
The only thing I imagine someone could do with the copy of my passport is pretend to be me when they sign up for a similar service.
1 reply →
This is a problem with Hetzner yes. Last time they wanted a copy of my ID. I blacked out my social security number as this is considered private for Dutch citizens (even the police advises people to black this part out) and it took some arguing for them to accept it. I sent them the police advisory and that helped.
Recently I signed up for something else from Hetzner (needed temporary storage) and they didn't request anything even though I had closed my account before so I created a new one. So perhaps they have mended their ways.
Thanks for the notification. I came to ask if they were still doing this. I found this to be an exceptionally shady practice. They took my information first, then they wanted some ridiculously personal information that they didn't need. I assumed at first that I had gone to the wrong URL. I don't even know how that additional information would have helped them with their "identification". The only thing it did was expose the information of legitimate users to being stolen.
Interestingly, I've never used Digital Ocean because when I went to sign up (in my memory it would be circa 2015, but my memory is not what it once was) you had to give them something like your Twitter or Github name, which I didn't feel like sharing.
I signed up to DO about 2 years ago. They didn't ask me for Twitter or GitHub. As I recall, it was a normal setup process.
eBay did this to me. They let me enter everything and then said they can't validate my ID without any way to fix that even. It's a nice way to provoke people for sure.
Mind that sending it does not even guarantee that you'll pass that validation, I sent them my ID and they still locked me out for apparently no reason.