Comment by BatteryMountain
1 month ago
Do not give your biometric & photos of ID's or videos of your face to these companies. Nether to third-parties. The potential failure modes here are very high risk and not worth it. Better to unsubscribe and let them know why.
Often you can't let them now. Recent experience of me canceling yet another American service due to the latest war mongering showed me that.
I did get offered a discount in the cancelation flow, but nowhere could I have given a custom reason of my cancelation. They'll never know.
[dead]
What is the risk? Anyone who wants a picture of my face can already get one by googling my name and going to my linkedin profile.
For phots of ID this is obvious: A data leak, followed by impersonation ("identity theft") and unwelcome invoices and/or empty bank accounts.
Some dumb companies and gov entities use national ID numbers (social security numbers for americans)as secret identifiers or grants access if presented. It typically has place of birth, date of birth, full names, gender, and face pic. In most cases this is enough to commit a ton of different kinds of fraud or hijack certain accounts (especially social engineering).
In my mind, national Id's (and the extra meta data of the person) should be public and only used for identification, not for authentication or authorization. Meaning there needs to be two or three extra steps after providing it to allow a transaction to occur. This needs to be a legal requirement for companies if they enter into contracts with a person.
If we need to prove we are not-minors or authenticate we are real or authorize access of personal information, the government should provide an api to auth the request, since they are the issuer of the document (the ID), so only they actually have the means to prove you are real and you are above 18. This can allow for a company to ask the gov, "is this person real and is this person above 18", and the gov shows me the request (otp, ussd, email, OS popup etc) to confirm the request and to select what info that company can pull. So its is 3 legged system, no third party companies involved. If the gov wants to create these constraints, they need to be the ones to provide the mean to authenticate (both for the consumer and the company). Also, when the gov shows the request to the user/citizen, it need to show exactly what the company is asking for and the full details of the company and the human representative that is making the request (almost similar to OAuth).
The problem runs much deeper than just "Whats the risk, my facepic is public already". Oh and this has nothing to do with minor and wont protect them in any way - only way to protect them is to take internet access away. The internet is not a child-friendly place and wasn't built by or for children. We should not bend to make it child friendly as it will destroy the internet in the long term.
Depending what they get about you the risks range from impersonation all the way to deepfakes.
The real problem is service providers that you are somehow forced to use that will in turn use AI for various data extraction. They are effectively gatewaying your data to the AI companies and not all of them are sufficiently transparent about this. Mobile phone companies, rental agencies and various other service providers in turn are part of the funnel.
Yep, there's a real trust gap when it comes to handing over biometric data
My face is not private information and probably hundreds of other people's cameras capture pictures/videos of me/my face every day.
I hate age verification as a concept and I wouldn't personally go through it to use chatgpt, but "failure modes here are very high risk" is unnecessarily alarmist.
So pointing out that putting an open bucket of fuel next to an active fire is indeed a hazard and you shouldn't stand close to it, is unnecessarily alarmist? Until it happens to you or your family mate. Identity theft and financial fraud can ruin your life and make it very hard to recover and you will be at the mercy of credit bureaus to help get it sorted as most law enforcement (and courts) in most countries to not give a damn about such issues - you will be bounced around as nobody has the true means to help. Making people aware of these issues is not alarmist.