I hope it served as a good lesson to the average person to be more cautious while submitting sensitive information like a government ID. Just because it's an app with a nice UI doesn't mean it's secure, let alone trustworthy regarding who owns it. Last week I was contacting a government agency here in Canada and the support team requested a government ID to be shared over email, which is anything but a secure communication. I tried to share it as a link to my vault, but they refused, so now either I will have to go in person or they will find another way in the meantime.
The internet went from 'YouTube asking users to never use your real name' to 'you have to submit your ID to some random app' in 10 years. Crazy!
CEOs and board members should be personally criminally liable for shared personal information coming out of their platforms.
It's the only way they will push companies to STOP storing them long term.
I've been in several companies (mostly FinTech) that store personal sensitive documents "just in case". They should be used for whatever is needed and deleted. But lazy compliance and operations VPs would push to keep them... or worse, the marketing people
To be fair to the FinTech companies and their leadership, banking and finance laws are so draconian to the point where you'd rather store (and risk leaking) sensitive data than face even bigger fines from the government overlords. If you want that to stop, get rid of the PATRIOT Act and reform the KYC insanity.
> I hope it served as a good lesson to the average person to be more cautious while submitting sensitive information like a government ID.
This absolutely should not be normalized. If I'm ever prompted to submit photos of a government ID to some service, I'm turning heel. I'll try to use their phone service (which I just did successfully this week), correspond via mail or maybe, as you've said, handle it in person but I'm probably content to go without.
The sad part is that your government ID is about as likely to be leaked by the government agency itself than it is by any third party that has an scan of it.
My driver's license is scanned every time I buy beer. I'm under no illusions that it's not quite readily available in any number of leaks or disclosures.
If that sounds defeatist, maybe it is. Nothing online is private. Once it's in a database, it's only a matter of time before it's exposed. History has proven this again and again.
You need to do this for background checks for employment, even though the employees for the background check service might be outsourced to a different country, and your government data had no protections in their jurisdiction.
I absolutely realize that this is a function of privilege but I've declined to participate in these sorts of background checks and have still been hired on a few occasions.
I always do. I would have never made social media accounts if it required phone or ID. Thankfully I'm old so my accounts were made before normies flooded the net and started trusting everything.
> Thankfully I'm old so my accounts were made before normies flooded the net and started trusting everything.
It wasn't "normies" so much as it was the leadership and early investors of Facebook shoving "just trust us" and FOMO literally everywhere online. The hype (and hope) in 2010 was REAL and almost all privacy related conversations were shut down on sight. Heck, I think I still have my copy of Jeff Jarvis's Public Parts (ISBN13 9781451636352) somewhere in my closet. Amazing read if you really want to understand the mindset in place at the time.
> The internet went from 'YouTube asking users to never use your real name' to 'you have to submit your ID to some random app' in 10 years. Crazy!
Because we couldn't get anyone to take the internet seriously if it was just a bunch of anonymous pseudonyms trolling each other. And maybe that was a mistake.
It was definitely a mistake. The internet was not meant to be taken seriously. Measures like real name policies are designed to make people take it seriously but that is to the detriment of the users who do.
Just look at Facebook. Users with real names sharing all kinds of inane schizo nonsense, extremism, building echo chambers without realizing it, becoming completely divorced from reality as perceived by the majority of people around them in meatspace, because they section themselves off in cyberspace.
> The internet was not meant to be taken seriously.
Coming from all the pro-Internet and open web talk of the 2010s still rattling around in my brain, this felt like dunking my head in an ice bath. Painful but necessary.
On the rare occasion when I have to do this, I blur the maximum amount of the image and watermark it with hundreds of lines of small red font saying “FOR EMPLOYMENT VERIFICATION BY $X_ENTITY.”
If they have a problem with it then I will gradually remove pieces until they’re okay. But I haven’t had to do this the few times I’ve used this tactic – it causes issues with automated scans but eventually some human manually reviews it and says it’s okay.
What I don’t like is the “live verification” apps that leave me no choice but to take a photo of it.
>What I don’t like is the “live verification” apps that leave me no choice but to take a photo of it.
That's becoming the norm now, presumably because of concern that people are taking leaked scans from one site, and using it to commit identify fraud (eg. getting KYC scans from crypto exchanges and using it to apply for accounts at other crypto changes, for money laundering purposes).
If my license gets leaked and then a stalker shows up at my house, I will simply turn them away on the grounds that it was illogical to assume the license wasnt faked.
I don't disagree, but there are most certainly other perpetrators of identity theft out there. Not sure any of them would bother using it to sign up for something as niche and unprofitable as an account on Tea.
Drivers licenses can be faked. Moreover, someone can just pretend to be someone else on this app with real drivers licenses.
The whole premise, implementation and process of Tea as a social media app is flawed, and a legal liability for the devs.