Internet Security

[JuanMena]

What are your thoughts about "giving out" your personal information for on-line services?

I recently had to do it... I "gave away" my ID and a scan of my fucking face.
Mercado Libre held my 10+ year account hostage until I did it, for years (since 2021-2022) I was hesitant, but ultimately gave up.
Mercado Libre is an online store that, if I'm not mistaken has it's origins in Argentina, eventually got popular and it became what it is nowadays. Recently, I think around 2019 or so, they began to function as a bank (Mercado Pago) and they offer free debit cards for registered members with no fees and honestly? the benefits from saving money to and buying with the card are too good. For instance, I recently purchased an 8BitDo for $500 MXN, when a regular user would pay $1500 if not more for one. On top of that, I have free shipping in, I'd say 80% of the total items in the store, including overseas shipping... not kidding!

By law, in México, all Banks that offers such services (accounts) requires ID + Face scans, so I guess it's understandable.

This year, exactly in January 9th, my governement has declared that by law, every single owner of a mobile phone line has to register voluntarily to a government platform with all your data (including not only ID and real physical address but also biometrics) OR your phone line will be unactive until you register it. The platform got hacked within 24 hours (actually less) and millions of people that already registered their phone lines the same January 9th, by January 10th 12:01am they got compromised. By the 12th, people on the streets where already selling SIM chips "that didn't had to be registered" because these scammers used the leaked data of millions to register up to 10 different lines and sold them as is.

I personally, haven't done it, supposedly there's a limit to do so, which is June 29th 2026, by June 30th, all those who didn't registered their SIM, will have their lines inactive for general use.

What I've recently done is to detach all my accounts out of my phone and began to use 2 Factor Authentication + Google Authenticator + Removal of my Phone Line as Log-In option for all my accounts... but man... if this law of voluntarily obligation of registering your phone line to your ID, Address and Biometrics doesn't get taken down by June 29th, I just... I guess I'll just do it...

What are your thoughts about this? Not obviously to my case, but to the ever growing need of "ID + Biometrics" scans in order to keep your services funtioning as normal?
What is, in your opinion a good way to counter-measure these user obligations?
Would you personally do it?

Personally?... sure, I can obviously see the risks, but for things like bank accounts I think it's a safer measure, because in order to do any movement in your account, you're required to scan your biometrics for confirmation (such as your Face or your Digital Print via Phone's Finger Scanner) so I guess it's not too bad... BUT for other things where you have to safeguard your personal services, such as your personal phone number?... dear p1ng... just... no thank you.
I also believe, none of these would've happened if people simply didn't started normalizing things like 2 Factor Authentication... but that's just me.

 

[AndorfRequissa]

i refuse to give up my identity. the internet is a nice thing to have but isnt needed. some people will give up their safety for comfort. id rather be uncomfortable and be safe.

 

[cearp]

i refuse to give up my identity. the internet is a nice thing to have but isnt needed. some people will give up their safety for comfort. id rather be uncomfortable and be safe.

Good to know, Simon F. from Wisconsin - happy birthday by the way!

 

[KleinesSinchen]

@JuanMena You put quite some work into this post!

Government ID for mobile phone number is required for many years here. "Anti-terrorism!" ←→ "Think of the children!"
This fits the general trend of Nineteen Eighty-Four having become reality. Under the cloak of [some praise worthy goal] freedom is gradually taken away to allegedly improve some kind of security/safety. Effect against criminals? None. Next step in the same direction, please.
The majority doesn't don't care. "Nothing to hide…" Bla.

I am tired of all this. So very tired and exhausted.

When the time comes that I can't use a forum like this or other online services without revealing my true identity, then I'll be gone. I have yet to use surveillance technology made by big tech (mostly Google) that others think are unavoidable. Or at least think avoiding them comes with huge impact on "comfort".

I also believe, none of these would've happened if people simply didn't started normalizing things like 2 Factor Authentication... but that's just me.

2FA can (and should!) be implemented the other way round. This can work fully offline and anonymously. Neither TOTP secrets nor FIDO2 sticks need any personal data.

 

[JuanMena]

@JuanMena You put quite some work into this post!

Government ID for mobile phone number is required for many years here. "Anti-terrorism!" ←→ "Think of the children!"
This fits the general trend of Nineteen Eighty-Four having become reality. Under the cloak of [some praise worthy goal] freedom is gradually taken away to allegedly improve some kind of security/safety. Effect against criminals? None. Next step in the same direction, please.
The majority doesn't don't care. "Nothing to hide…" Bla.

I am tired of all this. So very tired and exhausted.

When the time comes that I can't use a forum like this or other online services without revealing my true identity, then I'll be gone. I have yet to use surveillance technology made by big tech (mostly Google) that others think are unavoidable. Or at least think avoiding them comes with huge impact on "comfort".


2FA can (and should!) be implemented the other way round. This can work fully offline and anonymously. Neither TOTP secrets nor FIDO2 sticks need any personal data.

I here with you. I too stop using services that asks me for more than a password to use their services.
Do you honestly think that the "Voluntary SIM Registration" going on right now here is for safety measures? According to the president, is because "Criminals will have to register their faces and when they commit a crime we'll know who to look for"... when I deeply know it's to commit voter fraud in future elections... like seriously can't believe that is the excuse for giving away your ID + Biometrics to governement (as if the ID issued by Government isn't enough personal data)... but anyway...

2FA was the first step, in my opinion.
The less people has to preocupy themselves to have their services on check and secure, the more these services will require you to add more personal information. It's a snow-ball effect according to my logic.
If corporations sees that people prefers to give away their information in order to "tap to log-in" they'll just add more requirements, naturally... and people will be happy to do so as long as they don't have to do anything to keep their accounts safe.

Today is not only ID + Biometrics... tomorrow? Who knows what you'll have to do in order to not be left out of basic services.
Guess the next step is: "If we don't like your country of origin you can't register or use our services".

EDIT: Another thought... if the whole "8 characters plus special characters" passwords required nowadays for "safety measures" worked... then why just last year Google had their user's data leaked? Including passwords that met all the requirements?
This simply doesn't work... and I have mentioned before that I store my passwords in a notebook next to me, that I had to manually write down with pen in order to avoid these stupid and useless "measures" that works so well that you're obligued to change passwords every 3 months.
But fear not! With your ID + Biometrics now you don't have to use passwords!

 

[Armadillo]

ID or facescan is never happening.

We face this a lot recently in the UK due to the OSA, at least here there is no chance I will do it. Because our government is fucking useless, they never mandated any specific service, you just have to have a "robust" age check. If you wanted to, you could manually check peoples ids and it would be fine as long as you comply with gdpr.

Outside of that, the companies are dodgy, all say we don't store it, but then have in their terms that they share selected data with X or Y. So just going to be a blatant case of "technically it's not us storing it". The charade has already starting falling away as well, Discord insisted "face scans never leave your phone", then all of the sudden UK users were part of an experiment when oh actually it does leave your phone and persona now holds it for 7 days.

Government don't care, any security or privacy concerns are met with "GDPR" will save you (how did that work out for the discord leak?) or you are Paedo if you are against it.

Not a joke, cabinet minister Peter Kyle went on tv and pretty much said you are with us or on the side of Jimmy Savile (child predator that the bbc and goverment protected). What makes it worse (a cabinet minister saying you are on the side of Jimmy Savile is bad is enough), is this cunt was buds with Ivor Caplin, a former mp who was arrested for being a nonce.

0 reason to trust any of it.

Don't know where this country went wrong. When I grew up it was drummed into you, don't put your personal details online, don't talk to strangers online because they are probably a paedo and so on.

Now it's, hand over sensitive details to what are mostly American companies that claim they definitely don't store it, if you don't want to, you support Paedos.

 

[AncientBoi]

I'm going with ID card at the place that I'm purchasing or required To Show it. Not Scanning.

 

[namename11]

What are your thoughts about "giving out" your personal information for on-line services?

Being online is completely optional to me, so the day services need ID to access is the day I log off for good. I have suffered from data leaks and such in the past, so I do not even want to think how devastating the leak of government issued ID will be.

 

[lightwo]

by law, every single owner of a mobile phone line has to register voluntarily to a government platform

That doesn't sound voluntary.

What I've recently done is to detach all my accounts out of my phone and began to use 2 Factor Authentication + Google Authenticator + Removal of my Phone Line as Log-In option for all my accounts

Good! Using phone numbers drastically decreases the security if your accounts, since they're often the highest source of trust, and yet there were many known cases of social engineers and other bad actors doing attacks like SIM swapping to compromise online accounts.

What are your thoughts about this? Not obviously to my case, but to the ever growing need of "ID + Biometrics" scans in order to keep your services funtioning as normal?

The lawmakers who approve this don't know what they are doing. They're incompetent and/or influenced by power-hungry individuals. There's no other explanation.

For what it's worth, I never needed to provide biometrics for anything but creating/renewing ID. Your mileage varies greatly depending on where you live; in countries like mine, it is completely optional to associate a SIM card with an identity, among other things.

Not meaning to brag, it's basically RNG at this point.

 

[Armadillo]

The lawmakers who approve this don't know what they are doing. They're incompetent and/or influenced by power-hungry individuals. There's no other explanation.

Someone is 100% pulling the strings.

Pretty much every western country has all gone at the exact same time "we need online age verification" and suddenly want facial scans that allegedly don't leave the device (until they do, but don't worry it was just an experiment) or id scans.

All at exactly the same time. Nothing suspicious there, just a big coincidence that all these independent countries thought of it at the same time.

 

[lightwo]

Pretty much every western country

I'd say that's a bit of a stretch. It feels like the EU is this close to doing the same (and would have done so by now weren't it for strong pushback), but until then, I'd stick with "many" instead of "every" while there's still a glimpse of hope...

 

[AncientBoi]

Facial Recognition !

Now they will find out I'm only twee years old.

 

[JuanMena]

But hey, at least mInOrS are safe, right?

 

[JuanMena]

But children still safe right?

Ima use Gemini and ChatGPT to hack GBADTEMP and add the Puke Reaction myself!

 

[AncientBoi]

Ima use Gemini and ChatGPT to hack GBADTEMP and add the Puke Reaction myself!

This is the part I'm laughing at

 

[JuanMena]

This is the part I'm laughing at

View attachment 559105

Dude... my INE was inactive since December 2022... I JUST RE-REGISTERED A WEEK AGO

 

[AncientBoi]

Dude... my INE was inactive since December 2022... I JUST RE-REGISTERED A WEEK AGO

Okies.

 

[Marc_LFD]

Umm no, I'm not giving them my ID or a face scan. I'd rather stop using their services.

 

[Grimpus]

Literally roblox

 

[aoimatsuri]

I mean.. german ids now have your flippin fingerprint on them.
And they have that machinne/camera thingy, which scans your face in five directions.

Nice. Not.

Guess we all gotta accept the day we get a barcode onto our neck like that one person from that game.

Also.. what "security"
Lawyers get info from your ISP, your browser allows tracking you across sites.
Your device sents metrics suchas screenres, browser type etc.

I do have a dream of buying a beautiful - wifi and technology less- forest somewhere in franconia for a reason.
And even then the satellite in the sky will be there.

Good thing I don't care.