But the stupidity of the IRS means that people are easily targeted by false tax return attacks. File a fake tax return for someone, using their SSN/name/address, but tell the IRS you changed address. Then the IRS sends your tax refund to the new address, and boom, you just collected some poor sod's refund. To add insult to injury, the IRS is probably going to audit the person whose refund you stole.

I guess they failed to sell it because links to the leaked data on usdod.io have been available on Breachforum/Leakbase for over a week now. Someone created a magnet link yesterday and it's fully seeded so speeds are fast.

The data in the breach is irreversibly public now.

Are you against simply sharing the infohash here? I'd like to download the leak to see what information it has on myself and my family, but I don't really relish the idea of signing up for a breachforums account and sifting though its posts if I can avoid it.

bWFnbmV0Oj94dD11cm46YnRpaDozY2FhNzFmM2VjOGNiY2NjNmZjYTRmZWI3MTg1ZGEyYmFiMTQ5YmE3JmRuPU5QRCZ0cj11ZHA6Ly90cmFja2VyLm9wZW5iaXR0b3JyZW50LmNvbTo4MCZ0cj11ZHA6Ly90cmFja2VyLm9wZW50cmFja3Iub3JnOjEzMzcvYW5ub3VuY2U=

Allegedly, the password (also base64 encrypted) is:

aHR0cHM6Ly91c2RvZC5pby8=

I haven't downloaded it, but my understanding is that the data comes compressed and with a (weak) password.

3,000,000,000 leaked Social Security Numbers is a statistic.

-Joseph "Social Credit" Stalin

...Is it obvious I, as an American who can confirm my SSN (and whatever else) was leaked by this, sincerely couldn't care less because this is leak incident number 897165176548795647564576415671?

That $10 UberEats gift card from CrowdStrike would be more valuable than another batch of Free Credit Monitoring(tm).

Anyone have experience with these sort of services? A search brings up a lot of scammy looking results. But if services exist to reduce my profile id be interested.

Quite a bit. Often if you request removal or opt-out, you'll reappear in a matter of a few months in their system, regardless of whether you use a professional service as a proxy or do it yourself. The data brokers usually go out of their way to be annoying about it and will claim they can't do anything about you showing up in their aggregated sources later on. They'll never tell you what these sources are. A lot of them will share data with each other, stuff that's not public. It's entirely hostile and should be illegal. I am trying to craft a lawsuit angle at the moment but they feel totally unassailable.

I'm extremely skeptical of any services that claim they can guarantee 100% removal after any length of time of longer than 6 months. From my technical viewpoint and experience, it is very much an unsolved problem.

2. Sounds like "data brokers" that sell private information just shouldn't exist...

There could also be a shared, trusted opt-out service that accepted information and returned a boolean saying “opt-out” or “opt-in”.

Ideally, it’d return “opt-out” in the no-information case.

You store a hashed version of my SSN, or my phone number, to represent my opt-out? Someone can just hash every number from 000-00-0000 to 999-99-9999 and figure out mine from that.

You hash the entire contents of the profile - name+address+phone+e-mail+DOB+SSN - and the moment a data source provides them with a profile only containing name+address+email - the missing fields mean the hashes won't match.

A trusted third party will work a lot better IMHO.

And of course none of the data brokers have much reason to make opt-outs work well, in the absence of legislation and strict enforcement - it's in their commercial interests to say they "can't stop your data reappearing"

That's what salts are for, right? It wouldn't be too hard to issue a very large, known, public salt alongside each SSN.

> And of course none of the data brokers have much reason to make opt-outs work well, in the absence of legislation and strict enforcement - it's in their commercial interests to say they "can't stop your data reappearing"

This is the actual reason, IMHO.

If these devs that scrape/dump/collate all this info are anything like the ones I've seen, and they're functioning in countries like the US and UK whereby you don't have individual identifiers that are pretty unique, then I'd say the chance of them being able to get such a "unique" key on you to remove you perpetually, is next to impossible. And if it's even close to being "hard", they'll not even bother. Doubley-so if this service/people/data is anything like the credit-score companies, which are notoriously bad at data de duplication and sanitation.

Likewise, if you want them to do some sort of removal using things other than a unique identifier, then you have to have some sort of function that determines closeness between the two records. From what I've heard, places like Interpol, countries' border-control and police agencies usually use name, surname and dob as a combination to match. Amazingly unique and unchanging combination, that one! /s

When you tell a data broker to delete all of the data about you, how can you be sure they get ALL of the data about you, including the ones where your name is misspelled or the DoB is wrong or it lists and old address or something? Even worse if someone comes around later and discovers the orphan data when adding new data about you and fixes the glitch, effectively undoing the data delete.

It's a catch-22 that if you want them to not collect data about you they need a full profile on you in order to be able to reject new data. A profile that they will need to keep up-to-date, which is what they were doing already.

edit for clarity: by criminal records, I mean for the official management of them, not for scraping their content.

You don’t have to solve it perfectly to be an improvement.

Also this is BS. Not every bit of data is perfectly formatted and structured but both of your examples are structured data. You can 100% reliably and deterministically hash this data.

There’s so much in your argument that can be replied with “imperfect is better than status quo”. If you give someone the wrong DOB, it’s “not you” anyways, at least let me scrub my real data even if the entry is imperfect for some people or some records.

They don't want to solve your problem. You aren't their customer. They want to comply with the letter of the request in as much as it covers their own butt in terms of regulatory requirements and/or political optics.

I should be hearing back from them in the next 32 days, as this was 13 days ago.

Not to minimize the harm that can be done by such collections, but the law is justifiably looking for a scalpel treatment here to address the specific problem without putting the quest to understand reality on the wrong side of the line.

Sure, but the US has a precedent in HIPAA. Not saying it's copy-paste, but... maybe it should be.

I would prefer the law be more restrictive than less, because I don't believe this is true:

> law is justifiably looking for a scalpel treatment here to address the specific problem without putting the quest to understand reality on the wrong side of the line.

I believe the law may use that noble goal as cover for the actual goal: restrict the ability of capital holders to accumulate capital as little as possible. Data sharing isn't a public good in any way. It's mostly not even useful for the targeting purposes it claims. It's extremely reckless rent-seeking that knowingly allows innocent people to have their lives wrecked by identity theft.

I think we are going to discover, once people do the research, that HIPAA has done net harm by delaying flow of information for critical-care patients resulting in lack of patient compliance, confusion, and treatment error.

Yes, there is harm potential in insurance companies denying coverage or claims because they are privy to too much information about clients (a scenario that, I'd note, we could address directly by law via a national healthcare system or banning denial of coverage for various reasons) or by employers or hostile actors (including family) discovering medical facts about a patient. I have to weigh that harm potential against my day-to-day of having to fight uphill to get quality care because every specialist, every facility, and every department needs a properly-updated HIPAA directive for a patient (and the divisions between these categories aren't clear to the average non-medical observer).

You won't find any disagreement from me that HIPAA is very complicated. However there's a certain level of whining and foot dragging that happens in the industry that we should take with a massive grain of salt. There's so many HIPAA compliant and still convenient ways these days to have patient communications, but the industry doesn't want to invest and doesn't care about patience experience enough, and then go "sorry, HIPAA :-(((" every time.

With GDPR, after Schrems II happened and it became clearer that the EU-US Privacy Shield was no longer a valid workaround, I personally observed companies (including the one I was in) suddenly moving mountains to complete migration projects and privacy upgrades in just a few months that the industry previously deemed was technically unfeasible or impossible, cost prohibitive, business destroying, etc. And they still remained massively profitable and growing. If they had just done the right thing early on it wouldn't have been on such a tight deadline either.

That was the final straw for me in terms of being very firmly convinced that we should be telling companies to shut up and comply a lot more because they will never do the right thing on their own even if it wasn't /that/ hard. Another approach here is to start holding them liable for the personal costs of data breaches etc and let the incentives take care of themselves. In fact, why not a bit of both?

There are definitely exceptions, but it puts strict scrutiny on any novel prior constraint of speech.

don't mix your pet grievances together, having full public knowledge of every person in your country is democratizing, frankly, an aid to democracy, not a hindrance. Not saying I want to live in that world, but it's not an impure democracy.

Norway (and others?) already publishes everybody's income statements. Not healthy imo but I guess would aid more accurate snitching (and envious resentment).

Of note, opting out of a service by yourself by hand was only 70% effective ($0). Using EasyOptOuts was around 65% effective ($20) and using Confidently was only 6% effective ($120).

[1] https://innovation.consumerreports.org/wp-content/uploads/20...

And I say this, because I was on a TV show years ago, so my real name is all over the internet from an entertainment point of view. But, if you search my real name, there are little to none pointing back to "public record" websites and the such.

filed for injunctive relief from emotional duress due to actions of defendant.

and cant speak any further as instructed by legal cousel

Which is how it plays out when someone dies, generally, and the family is there dealing with the aftermath. FYI.

Anecdotally, searching my name on Google pretty much no longer returns those scummy "People Finder" pages that just scrap any public records they can find.

That said, I hope incogni is happy enough with my money that they themselves don't do anything scummy.

Also, freeze your credit at the big three. do it now.

Then, as fate would have it, a HNer(tjames7000) mentioned he made EasyOptOuts for this reason, so I signed up. Cheap, seems effective, absolutely no complaints.

Has the opt-out services leaked as well? Or is noone using them? How would we know?

Seems like Troy is skeptical about this being a real full breach?

    for (i = 0; i < 900000000; i++)
        insert(first: random_firstname(), last: random_lastname(), ssn: i);

Unfortunately that strategy is deeply flawed and dangerous because nobody cares if the data they have on you is accurate or not. They still can, and still will, use it against you at every opportunity. Every scrap of data they have, accurate or not, can be used to hurt you.

The only way to flood data brokers with garbage data that can't hurt anyone is to fill it with entirely fictitious people who somehow can't be mistaken for any actual people. Even that runs the risk of hurting real people though. For example, an insurance company might go to a data broker and ask for the number of people within a certain neighborhood or zip code who bought fast food more than once a week in the last year and how many have a gym membership. If the number of frequent fast food buyers is higher than it was last year and/or the number of gym members is lower the insurance company might decide to raise the rates of every single member within that neighborhood or zip code. Even fake people could skew those numbers if their fake data said they lived in those zip codes or neighborhood and ate out a lot or didn't have a gym membership. Indirectly, the fact person is mistaken for being a real one in that community.

The best way to deal with data brokers is to regulate them with strong data protection laws. Anything you give them risks hurting someone and gives them another data point to sell.

And that data has been made public likely in some form, and is probably replicated to dark corners of the planet.

Don't get me wrong, regulation on these industries seems like a no-brainer, but it seems unlikely to remediate the damage already done.

(Granted, most people here with an SSN should be older than that.)

When I looked into it, it turns out the "original" breach is comprised of files named ssn.txt and ssn2.txt which only contains Americans details, and doesn't contain any e-mail addresses.

It seems what happened is there was one leak of US SSNs which the leakers attributed to NPD, then some people bundled that leak up with a bunch of other data (including e-mail addresses and details of non-americans) and who knows if the latter data actually came from NPD?

I looked up several family members and although most of the phone numbers and addresses were out of date, they were accurate as were the listed social security numbers. However, it didn't include any of the more recent immigrants in the family or myself, possibly because I take opsec seriously.

Funny enough it looks like it has data for Tom Brady, former FBI director James Comey, Barack Obama, and Donald Trump (just some of the names that popped into my mind to look up).

American Express by way of Experian alerted me to my SSN having been leaked precisely by this incident.

The number was seemingly correct, but everything else associated with it such as name and address were nonsense.

So assuming we're talking about the same thing... can confirm?

In the 80s, the very popular Aussie prime minister, Bob Hawke wanted to introduce a National ID card, complete with a unique number, that would then be used for everything from Medicare to tax filing. The government however did not have the numbers to pass it through the Senate. Hawke called a double dissolution (dissolving both lower and upper houses of parliament) over the issue. He was returned to power after the election but still without a majority to get the bill through.

There were then attempts to use "other" government issued ID cards like the Medicare number, for this purpose. To prevent this, a few years later, a bill was passed that would prevent any such use.

In reality, this means businesses can ask for government issued numbers but it has to be optional and voluntary, and never used as a primary ID. When I go to my doctor for example, I can provide them with my medicare number, in which case they will claim the Medicare rebate on my behalf automatically, or I can refuse to provide them this number, pay the doctor's fee in full, and claim the rebate from medicare myself separately. Similarly I can provide my bank with my tax file number, in which case they will automatically tax my interests earned according to my income band. Or I can not provide them my tax file number, in which case they'll tax my interest rate at the highest income band, and I can then get the money back from the tax office when I file my tax returns at the end of the year.

In Australia we don't have a Bill of Rights. We don't even have a right to freedom of speech. The police can ask us to unlock our phones without a warrant; etc etc. Yet when it comes to privacy, our laws are very clear. For a country with such a history of protecting individual liberties, it always amazes me that the United States takes such a laissez faire approach to privacy.

The first step is to call it what it is: fraud by misrepresentation. The owner wasn't deprived access to their identity (a key component of theft), they weren't even involved in the transaction. Companies want to have their cake and eat it - have low barriers to making sales/offering loans without rigorously verifying the identity of the person benefiting and be shielded from losses when their low-friction on-boarding fails lets in fraudsters.

If a home buyer is duped into transferring deposit into a fraudsters account, they don't blame it on corporate "identity theft" and put the escrow agent on the hook by default.

The problem with putting a value judgement on this is that it will precondition people to assume good faith or bad faith on the validity of the assessment based on how they interpret the fairness of the court system.

Instead, we could just say that the majority of the cases are people trying to get out of legitimate debts. If we wanted to go farther, we could say that's because some people just don't feel responsible for their own debts and some people make a choice that a last ditch effort to get out of a debt they know they should pay rather is the lesser of two evils when the alternative is to continue to fail to provide adequately for their family given their circumstances, and how different people may draw that line at different points.

That's harder to articulate and a larger discussion that may be a tangent people aren't interested in discussing though, so it's probably just simpler to keep the value judgements out of it if the intent is to keep the discussion productive.

There's another discussion which could be had about just how legitimate even "legitimate debts" actually are in some cases but that's even more in the woods.

Isn't that the opposite of innocent until proven guilty?

Are we saying that if you can show you have enough income / assets, it'll be that much more likely that you'll be fine in those cases?

If they knew it wasn't you, they wouldn't have written the loan in the first place. They're asking you to repay it because they really do think it was you.

If "it wasn't me" was all anyone had to do to get out of paying a loan, many people would do it.

For example, when you purchase online, some merchants do not check who is the owner of the card, or the address. It's done on purpose, because some people borrow the card of the others, some people don't want to use their card, etc. And overall it's all about risk management, but if the holder is really the one in front of you is just one factor among others.

Even if online payments were eliminated, and you had to show up in person with a birth certificate and passport to perform a transaction, fraud would be non-zero.

To have a functioning business, people need to be able to use the system.

But in this scenario, there is basically zero evidence it was you

That's why SSNs are still such a big deal. Why fix the problem when you can just make it someone else's problem?

Part 1 has been accomplished. Let's get part 2 going!

Aside: It amazes me how the American public has allowed defrauded companies to assign the company's loss as a liability to innocent individuals (in the form of "identity theft"). It would be great if we could get that changed in the minds of the public. A well-informed public could collectively turn "identity theft" into the "bank's problem" (from the old adage "If you owe the bank a billion dollars they have a problem..."). The insurance industry would swoop in as the defrauded parties start making claims and shoddy security practices would get tightened-up.

(Edit: I fear insurance companies coming in to "fix this" to some extent-- citing my experiences with PCI DSS compliance auditing and Customers who have had 'cyber insurance' policies coming with ridiculous security theatre requirements. Maybe we can end up with something like a 'cyber' Underwriters Labs in the end.)

(Also: Yikes! I hate that I just typed 'cyber' un-ironically.)

https://youtu.be/CS9ptA3Ya9E

It’s a comedy bit but I take its point seriously: if the bank gives away money, it’s the bank’s job to make sure it is repaid. Not mine, unless I was actually a party to the agreement.

I know there's a fuck load of situations where the banks are 100% screwing the customer to their benefit, but there's a legit conversation about people who give out their passwords, or claim they did, when money gets wiped out.

If you meet all the requirements to identify yourself to the bank, at what point does the bank have to say "this is that person, and that transaction is legal".

Now granted:

1. With passkeys and biometrics and 2FA we've got a lot of better ways to make these accounts secure, and hopefully more idiot proof. I'm hoping we start getting rid of email/phone for 2FA as a valid option though.

2. The moment the police are treating it as an identity theft case, the bank should be required to pony up. I don't know if that's the case (and wouldn't be surprised if they fight it tooth and nail), but at that point you have a state or federal entity acknowledging this is not a legit transaction, and therefore you should be compensated by the bank, and they can get their money back from the insurance companies that insure against this kind of thing.

Our current system is entirely built on ridiculous levels of trust, mostly for convenience / cost saving reasons. I've made payments over the phone with nothing more than the information found on the bottom of every check I've ever sent. I routinely hand my credit card to waitstaff making 7.25 an hour and in that moment I'm handing every last one of them the ability to snap a photo of my card on their phones and go on a shopping spree at my expense.

As insane as our system is, it's mostly worked. Even though I've been made to pass around my account info countless times, I've never once had my accounts cleaned out. If a single mother with less than 1k in her account gets robbed, I have a hard time blaming her. She had zero say in the design of this system, and she's the person least able to deal with the cost of the consequences of it.

On the other hand, I have very little problem putting the blame on the banks which do control much of the system and who can more than afford to cover the costs of such incidents. This puts a small amount of financial pressure on them to improve the systems they've created and forced the rest of us to use in order to participate in society.

There are all kinds of things they could be doing to reduce fraud, but they don't. Mostly for convenience / cost saving reasons. I consider their refusal to take even simple steps to improve the security of their systems as their implied consent to continue accepting the responsibility for the still rare instances where criminals take advantage of their inaction.

That's whole point, they should use standardized authentication process. The problem is that they don't use any authentication at all. They just give money away because they can extort them back from unsuspecting victim like some gangsters.

Even if you have all the passwords and bioinformatics, passkeys, 2FA, etc - how can you prevent theft like this?

It might be different now, but in the late 90s I sold some laptops to a buyer using a stolen credit card. The cardholders had no fraud liability but my company ended-up having to eat the cost of the stolen laptops. The credit card company simply didn't pay the amount of the fraud in their settlement with us.

Use would likely diminish markedly.

Just because people ask for something, doesn't mean you have to give it to them. I leave fields blank all the time on different (paper) forms (including when they ask for SSN), virtually no one hassles me.

That info is, in fact, already easily obtained trough leaks, but I just wanted to give your "utilities" case some clarity. Now the fraudster can apply for a creditcard in your name, and before the month has passed you are on the hook for $3000 in cc charges/debt which cost the fraudster a mere 12 minute phone call and 10 minutes skimming trough the leaked records from this HN post to find your SSN.

Maybe this will give a second chance at a conversation around that, but I’m not too hopeful.

This is a bit of a tangent but I feel like if we can prove this statement then these data aggregators should be made illegal. How can you consent to something that you don’t know you’re consenting to? Likewise why do these entities have the right to collect detailed personal information like SSN without your explicit, beyond reasonable doubt, consent? To me this is the most obvious failure of the legal system, it clearly goes against well established legal principles that a basic requirement of an agreement is that all parties know what they are agreeing to.

Obviously there is some leeway with agreements where it’s not possible to clarify every eventuality but lets say if you’re applying to rent a place through an online form and that form shares your SSN to a data aggregator, it should be extremely clear about that, and possible to out out while still allowing you to complete the rental application without discrimination.

It’s like, it should be possible to show that no one, with in reason, consented to sharing their data with this aggregator because no one is able to confirm that they did. Sure one person could forget, or lie, but 100s of millions of people? No. Clearly almost zero people knowingly consents.

I recently started using unique emails for everything I sign up for. Thankfully I haven’t seen anything yet, but I have little hope it will stay that way.

If a data broker collects data without the consent of the consumer, then their only real risk is a class action lawsuit which drags on for six years, gets settled for a few days profit, and the consumer gets $13.50 after the legal fees. This massive skew in the risk reward calculus of data brokers is why we have the problem. Because there's little to no real downside, the trend is automatically collect as much data on as many people as possible.

Fixing this means big, mandatory, cash penalties in the law code - say $5k per consumer data leak, directly to the affected consumer, with added penalties if the company lies about the leak or delays payment. The fine must be big, mandatory, and paid directly to the consumer. Only that changes the risk reward ratio.

In that new world, companies would have to re assess their risks. They'd either build invulnerable systems and hire a lot more people reading HN to protect their golden goose, or better still they'd decide to exit the business entirely. That sounds bad, but the only reason the industry exists is because regulators failed to foresee massive leaks like this happening every three months.

We need a consumer data privacy law, with massive fines, to force companies to change their behavior. What we're doing now clearly does not work.

I'm from the UK though, and previously was a 'victim' of identify theft where a few years ago someone walked into a phone store, and walked out with a new iPhone and contract in my name.

Eventually enough data will be leaked to make moot the benefits of securing any personal data. At that point everyone stops trying and moves on to more financially rewarding activities.

I mean even if I’m an elephant, and data breaches are blind men, eventually enough blind men will draw a true comprehensive picture.

Has anyone tried to argue this point in court? Has this survived / how did this terminology shift survive judicial scrutiny?

The problem lies in how institutions treat the SSN, not the number itself.

The good news is that companies have lost the presumption of competence there. In the 80s if a company said they’d confirmed that an applicant was you using your SSN, a lot of people would falsely believe that was sufficient but by now they’re not going to get far if they sue you unless they can provide better evidence because everyone knows huge breaches have happened many times.

the integrity of SSN security, was lost a long time ago

Like what?

What's a quick way to search if my SSN is in the file? I ask before diving in, it's currently extracting and ETA is 40 minutes.

I'd wholeheartedly support any candidates that push for a data/privacy "Bill of rights".

Fortunately, it's getting harder without previous addresses or other verification methods.

For non-Americans that don't know, our Social Security number is generally assigned at birth or when you become a citizen by the Social Security Administration. Social Security is a disabled or elderly benefit we all pay into (roughly 7.5% employee and 7.5% employer - ~15% total). It's the only number we all get, since not everyone gets a driver's license; ID; passport; or other identifier. Unfortunately, it's been used to identify us for everything, and until recently was typically in plaintext on most forms (medical; tax; student; etc...).

CGP Grey has a good summary of how it came about and why it's become a problem: https://www.youtube.com/watch?v=Erp8IAUouus

Voting requirements and eligibility are set individually by each state, sometimes even in finer detail, New York City wanted to give immigrants the right to vote in local school board elections for example.

SSN are administered by the federal government and are opt-in(however most people apply for one) so it is not something a state can really use as a voting requirement.

State I currently live in(GA), you need to bring a photo ID for in person voting: - Drivers License(from any state or federal government) - State ID card - Student ID card - ID badge from any state or federal workplace - Passport - Military ID - Tribal ID Data was cross check to an online voter registration database.

Prior state (NC), I think the ID requirements were similar(possibly more relaxed) but at that time the data was checked to the voter roll, a book with the name and address of all the people in the precinct. When you went to vote, you signed by your name and then it was crossed off the list.

I fail to see the problem with that. As you said, it's an identifier, like an username or your full name. There should be no issue with everyone knowing your full name, or your username; why there should be an issue with everyone knowing your SSN, or it being in plaintext everywhere?

Checks are actually the source of the problem. If you have access to blank check stock and MICR laser toner (both readily available on Amazon, since business accounting departments will routinely print their own checks for payroll / bills), you can make seemingly valid checks to withdraw funds from any account number. This is still a problem.

The reason why checks are popular is because until recently there hasn't been a cheap + accessible + official + unencumbered way to do electronic transfers between personal accounts. The infrastructure existed (ACH), but only businesses could actually initiate deposits/withdrawals. Individuals could initiate full-service wire transfers, but those are risky (there's no way to reverse one done in error) and banks typically charge $25/transfer - which is far too expensive to use for anything routine.

PayPal came into existence so people could purchase goods online (on eBay, specifically) and have the option of performing a chargeback if the goods weren't delivered as advertised.

(Checks will probably still persist for some time, since all the online payment services want to charge percentage fees if they think you're acting as a business. The beauty of checks is that they just work and don't insist on taking a cut of the payment.)

Because far too many businesses, esp. financial ones (banks/credit unions/etc.) have also incorrectly used it as a password to authenticate that "voice on phone" is really John Q. Public and/or that "grifter in chair across desk" is really John Q. Public. I.e., they used the fact that "person X" knew number Y as proof that person X was really person X.

We can argue that it was never intended to be used this way (a true statement), that knowledge of it provides no such proof (also true), and that using it as such was always wrong on the part of these businesses (also true), but the fact is, many did use it this way, and, sadly, many still do use it this way. And it is this misuse that is the "issue" with everyone knowing everyone's SSN.

I get a data breach notice at least a few times a year. I got one for my kids two months ago for their medical data. I thought HIPPA had huge penalties but I guess not.

> Please be advised that we will not collect, use, disclose, sell, or share the sensitive personal information or sensitive data of California, Virginia, Colorado, or Connecticut residents as those terms are defined by the CCPA/CPRA, VCDPA, CPA, or CTDPA, respectively.

If we were going to do something, we’d make government ID include an NFC token for PKI purposes since public keys can’t be compromised in the same way, but nobody is jumping to pay for that, especially in a country where you have so many people prone to wild conspiracy theories (I am especially amazed by the guys who freak about a national ID as big brother but never say a word about the credit reporting industry) and the enduring “Mark of The Beast” religious fears.

Another alternative would be to go the other way: Pass a law prohibiting the use of social security numbers for any purpose other than social security. Don't provide any globally unique identifier for companies to use.

Instead each institution would issue their own identifier which would have no value outside of that institution. If they get breached or you lose your ID, they mail a new one to the address they have on file or some similar recovery method and you don't have to worry about someone using your ID somewhere else because the breached one gets disabled and you get a replacement.

The obvious advantage here is that companies can't use it to correlate your activity across institutions without your knowledge or consent.

Login.gov gets us pretty far until NFC can get baked into credentials. Would love to see passport cards evolve into this [2], but again, lots of work and political will to make that happen. In the meantime, remote and in person proofing to bind IRL gov credentials to digital identity must do.

(As of December 31, 2023, over 111 million people have signed up to use Login.gov to date, with over 324 million sign-ins in 2023; this is ~1/3rd US population; no affiliation)

[1] https://login.gov/

[2] https://travel.state.gov/content/travel/en/passports/need-pa...

You do not want to make it easier for every carnivorous for-profit corporation and wannabe apparatchik to pressure every citizen to cough up an identifier that can be used to track their every move.

People are calling these "religious fears" because they are fears very often based on religion. People who fear the Mark of the Beast aren't simply worried about being tracked by powerful institutions, they're looking for prophetic signs of the antichrist and Satanic one world government that their holy book says will lead to the second coming of Christ and Armageddon. Even though it was really talking about Nero Caesar. You can't separate the fear from the religion.

>You do not want to make it easy for every rapacious for-profit corporation to pressure every citizen to cough up an identifier that can be used to track their every move.

Then ban cellphones. Those are far more useful as a means of surveillance and control than any serial number in a database. They're also held in the hand and to the head, and used to buy and sell goods, which conforms far more closely to the mark of the beast than, say, RFID chips or SSNs or serial numbers on currency. Which the mark of the beast people were all against, in their time.

Unless you want to go full Kaczynski and run off into the woods to live off the grid, you can't avoid having identifiers attached to you. Your birth certificate, vaccination history, criminal record, credit score, address and phone number, the license plate on your car. Even the cookie that leaves you logged in to Hacker News. Governments and corporations already know who you are and where you are. Are there massive negative externalities to having our identities controlled by forces we have no agency over? Absolutely. But fearing every number as a slippery slope to a global satanic dystopian hellscape isn't reasonable. Unfortunately that's the context in which many people have this conversation, and that needs to be recognized.

This is the "weak man" version of the argument. It goes in the book because the (relatively wise and experienced) authors wanted to warn people of the dangers of a real problem. Nutters read metaphors as literal and then people who want to discredit the argument point to the least credible of the nutters as the proponents. But you don't have to believe in The Devil to believe that authoritarians exist and have provably caused great pain and oppression throughout history.

Isaac Newton was a Christian but you don't have to believe in God to believe in gravity.

> Then ban cellphones.

The problem here isn't so much "cellphones" the abstract concept in which you have a portable computer with a network connection, as the current implementation of cellphones which are in actual fact implemented as tracking devices. Which, okay, let's also make cellphones that are actually controlled by their owners and don't act as mass surveillance devices. Sounds good.

> Unless you want to go full Kaczynski and run off into the woods to live off the grid, you can't avoid having identifiers attached to you.

There is a difference between "you have a social security number which the social security administration uses exclusively for social security and no one else uses for anything" and "you have a social security number which every corporation and bureaucracy uses as the primary key in a database to correlate everything you do in your entire life". The kind of ID systems people keep proposing are the ones that do the second one, and that's the bad one.

So my bank will continue to use my SSN as proof of identity for loans.

Please do not give the government any more power over me than they already have, thanks.

Fortunately that’s not what I’m doing. I suggest reading more carefully and trying to come up with a scenario where the government having standard identifiers meaningfully harms your privacy but a mess of identifiers and a huge private industry linking them does not.

does HIBP automatically cover plus addressing variants of an email

example I submit [email protected]

but a breach had [email protected]

will it match

I don’t know what that would look like but if I had congresses attention I’d like them to fix the problem rather than playing whack-a-mole with banning data sources. I don’t think any actual solutions come from that.

Those bits of information are worthless when you need to create a cryptographic signature with your ID card to do almost anything important.

If the card is lost or stolen they can just remove your old one from the keyserver. It's literally just public key crypto.

Identity theft is rampant in the countries that don't have such a system and basically require you give them increasing amounts of private information to prove who you are. In the UK that's every address you've lived in for 5 years, your council tax bill, your energy bill, your bank statement for a month... all because British people think an ID card means you'll get stopped on the street to show your papers.

  > Identity theft is rampant in the countries that don't have such a system

The first is religious nuts who think it would be a "mark of the beast"

The second is anti-government types who are, well, anti-government anything.

The third is many business owners, because it would become much harder/risky to hire illegal immigrants to work.

The anti-government types do hate the idea of a national ID, but they're already forced to carry a drivers license/state ID, and SS card so they've pretty much lost the battle already.

I'm afraid that it's the business owners who are our biggest hurdle.

> Human beings can't read a bar code.

- they can, and more importantly they almost never have to

> A lot of our product comes from cottage industries in Asia that couldn't mark their goods with bar codes if they tried.

- They can be added at the store/warehouse level, not every product needs one, and I've never seen a store that worked entirely on bar codes 100% of the time anyway.

> Inventory control by computer is not as accurate as you think.

- This assumes what I think, and it only needs to be more accurate than your current method. If it actually weren't more accurate, I don't think they'd have to fall back on "as you think" in their argument.

> Employees take more pride in their work when they know they are in charge, not some faceless machine.

- this doesn't even make sense.

> Customer service is better.

- questionable, but not impossible to support

> The time savings at check-out is minimal — and easily squandered.

- possible, but time savings at checkout is only one benefit.

- Reprogramming the computer for sales would take a huge effort in our case, because we put so many individual items on sale each week.

- It would take effort, but stores with much more inventory manage it just fine, even when new products are constantly coming in and sales are weekly.

> Twenty million dollars is a lot of money.

- I have no idea from the article what this is in reference to. Maybe the amount it would take for them to make the the switch? It's hard to say how much money it would save them so it's fair to say cost is a concern. I will say that over a long enough time period, it'd probably save more than it costs.

None of this means that concern over "the mark of the beast" is really the reason, but the reasons they gave don't make a lot of sense either. It could just as easily be that poor record keeping and manual entry at the register allow them commit fraud or something.

I suspect that if the mark of the beast plays any role at all, it's that no having barcodes panders to the christian customer base they've always heavily pandered to. Even just the rumor is basically viral marketing for them to that crowd.

Make the ID card optional, so that it simplifies things if you have it, but still allows operation without it. If 80% of law-abiding population has the card, only the stubborn deniers will remain targets of easy identity theft and fraud based on it. Partly it will stop being worth the effort, partly it will serve as a good control group.

Allow but do not require to use the card for employee identification. Whoever insists on hiring undocumented immigrants, could continue. Most industries don't do that, and would reap the benefits of a more secure identification.

Don't make the card universal. A bank card with a chip does not identify you for governmental agencies, but prevents a lot of PoS fraud. It could prevent credit fraud if banks allowed me to require the card to take a loan in my name, or to make a transfer larger than $10, and provided the card identity check service to each other and to credit unions. Phones with NFC can read bank cards, so it's a good way to say "it's me, I confirm" in a secure way.

Evolutionary, opt-in, piecemeal solutions often have higher chances to succeed than abrupt all-at-once changes.

They absolutely do, but most of the immigrants have a form of ID that gives the companies some measure of deniability. As long as the I-9 goes through, not my problem. If it doesn't, well that's where contractors come in. Official numbers say around 14 million illegal immigrants. Reasonable estimates are closer to 22 and some non-hyperbolic estimates go as high as 40 million.

Otherwise there's no protection against impersonation if IDs aren't mandatory.

Imagine having a bunch of ID cards in you wallet, like you already have (driver's license, library card, office access card, store loyalty card) that all have interoperable smartcard interface, and a QR code of their built-in public key.

They would be much like contactless bank cards you also keep in your wallet.

Banks and phone network operators are uniquely positioned to sell a validation service for such cards, being highly connected and already having data about their existing customers, which would be an easy initial audience pool.

Kind of like RealID[0]? It exists right now in the US.

[0] https://en.wikipedia.org/wiki/Real_ID_Act

Any proposal for modern ID needs to have Constitutional protections, checks, and balances or it will eventually devolve into a digital police state.

Everyone's like "a government went on and extermination campaign" and for some reason what would've stopped them is the difficulty in identifying who to exterminate?

As though genocides much care about accuracy.

The big secret of Nazi Germany that isn't a secret at all I is that they put a lot more then just Jews in those camps.

One doesn’t need to be anti-government to fear governmental intrusion on one’s rights without due process. Our current government does that now.

Big one, but even though employing illegal immigrants is a crime, it's almost never prosecuted.

That's probably because all of the anti-immigration and anti-foreigner people who are asking the government to stop people and ask them for their papers... this is not unique the the UK, Canada, or the United States either, and some of the countries plan to do more than just deport people.

Strong identity is increasingly a meaningful technical requirement, but glossing over the human impact of strong identity controls by the government is not going to have good outcomes either.

I think very few of those so-called right-wingers are -say- against doctors immigrating to one's country if there's a doctor shortage. As long as immigration is all done using legal means. And with proper checks and balances.

I'm a right winger (but not born and raised in the UK). And I am very much against illegal immigration. I also don't want to be required to wear an identity card / passport with me at all times.

Actually, with proper immigration policies in place, the state can be sure that most people inside the state are legal, law-abiding citizens. I don't think in such cases it does make sense to require people to wear an id card with them at all times.

But please give some more details on that. The only case I've heard about was a single attacker who was incorrectly called an immigrant.

The person was a immigrants child. Considering there obvious (violent) refusal to integrate they are too an immigrant.

That depends on the type of attack you're protecting against. It might prevent an attacker from filing your taxes for you, but many companies are still going to use this kind of information as primary key. But it's not going to stop an attacker from pretending to be a bank employee, calling a genuine bank employee via a secret internal-only number, and claiming they've got Mr. Doe in their branch trying to do a critical transaction but their phone broke so they can't use the bank app. Yeah, the Mr. Doe living at 987 Main Street, that one. See, you even verified their ID, and it has a SSN of 123456 printed on it - just compare that to our customer database to make sure it's legit!

It also opens up a whole new type of attack. The problem with those smart cards is that there isn't really a way for the user to know what operation is actually happening. You're using a regular PC or smartphone to interface between the smart card and whatever entity you're trying to communicate with. But that could just as well be a phishing website pretending to be that entity, or malware doing a MitM. Or even just a random website pretending to need a signature for "age verification" when it's actually applying for a loan behind the scenes.

There's no "Do you really want to sign over your house to XYZ?" message on the card itself. And suddenly the government/bank/whatever is getting a request with a cryptographic signature which can obviously only be made by you - why would they have to double-check it if it cannot possible be fraudulent?

I agree that we should be moving to more secure systems, but those ID smart cards aren't a one-size-fits-all solution.

My country's version uses separate mechanisms with separate passwords for "identify me, revealing my name/DoB/number" and "sign something". Obviously not impossible to pretend that you're signing an innocuous document and have you sign something else, but it at least removes some of the low-hanging fruit.

It's not like it's rocket science to have the reader application detail what the request is used for, and encoding it in the request/response, verified when used, so that it can't be used for anything but the approved purpose.

The reader application can, sure, but what ensures that that "reader application" is genuine and can't be subverted? The card's own processor is supposedly tamperproof, but all the display etc. is in the reader which is probably owned and controlled by whatever third-party you're identifying yourself to, or at best it's a random application running on your PC/phone with whatever malware you have.

If the ID is on your phone, you can make it so that the transaction details have to be digitally signed by the person authorizing them in order to be valid. Then, if 3€ shows up on your phone, that's what you're authorizing, not 300€.

The government now knows what we do most of the time anyway: layer-2 logs on our phones are constant. We lost any privacy some time ago. So now, getting security back might be a net win.

https://www.abc.net.au/news/2024-08-13/trust-exchange-digita...

So i imagine the "Number of people driven to suicide" KPI is going to be pretty high. They're not going to want to ship something that performs worse.

But I am by tendency an optimist, and the open-source part (if they do that) means we can have eyes on their crypto assumptions behind the protocol and whats on the device.

MyGovID, which I think they're baking into it has been pretty solid. thats distinct from your mygov account, many of which have been hacked, in part because so few people used MyGovID.

(if you've got better info always happy to see it)

We should fix the problem and ban the data-sources. Whack-a-mole makes it sound like we're talking about a ban on one company, but what clearly needs to be done is a categorical ban on super sketchy business practices, and that seems simple enough. Data-brokers, if they are going to exist at all, need to accept the burden of proof to establish that every single row involves consent, and they need to acquire new consent for every single resale of the information. If that makes the whole industry unprofitable, too fucking bad. And if this looks bad for business, it gets even worse: good luck getting consent for reselling what is mine without offering me a cut.

Since the above kind of common sense looks crazy these days, let's throw in something even more radical. For anyone looking to fund UBI, ^ here's a start. The trouble with the often-mentioned idea of "tax the data" as a solution for privacy concerns is that these taxes are just redistributing wealth from corporations to governments, while all of profit is made with our information. Who wants the monetized details of their personal life to pay for the next unjust war, or even the roads in some place they don't live. If we are so valuable, put some of that money back in our hands, and if the price doesn't sound fair to us, then let us opt out of the sale.

Going after data brokers seems like low hanging fruit, and necessary even if the ID system needs to be replaced. This is a top level issue that need to be addressed regardless.

While I think it’d be great to design a system where the information you mention is harmless (I’m curious how this would work without just shifting the problem to whatever new identifier is established), the reality is that this information is not harmless, and will continue to be dangerous to leak for the foreseeable future due to the myriad of systems that use this data in its current form. Any theoretical project to replace this would likely be a long and drawn out undertaking. Addressing the information environment in the meantime seems like a good idea.

https://news.ycombinator.com/item?id=40961834

TLDR Login.gov, and publishing a circular to allow businesses to use it to identity proof. Push all liability onto the business for losses if this method is not used to identity proof. ID card as ljm mentions, such as a passport card. Very similar to credit card EMV chips and the liability shift from magstripe.

> I don’t know what that would look like but if I had congresses attention I’d like them to fix the problem rather than playing whack-a-mole with banning data sources. I don’t think any actual solutions come from that.

Aggregating data means it can be lost. You must therefore make aggregating and storing data toxic, and impossible to be leaked through eventual mismanagement.

Even just name, DOD and last 4 of the SS number and you are done.

It's ridiculous.

https://paulgraham.com/founders.html

> Though the most successful founders are usually good people, they tend to have a piratical gleam in their eye. They're not Goody Two-Shoes type good. Morally, they care about getting the big questions right, but not about observing proprieties. That's why I'd use the word naughty rather than evil. They delight in breaking rules, but not rules that matter. This quality may be redundant though; it may be implied by imagination.

While scoped to founders, I think it broadly applies to a subset of curious people who are wired to solve problems, imho.