Mechanical turking the review is bad, but doing it internally is probably just as bad. Certainly not if it's AirBnB, uber and twelve other things every year. well then it can't be sent to AirBnB en masse. If a photo of your passport or whatnot is private information that must be kept secret, or else identity theft. Partially (substantially), these are "the man's"requirementsˆ. The requirements are partly AirBnB solving its own problems (like expensify in this case). Ultimately, there're competing requirements here: person verification & privacy. But the risk to AirBnb of a negative outcome is low, so they push a risk that you may not understand to you. For example, you could verify ownership of a bank account with trivial deposits. There are many ways to do this more effectively and at much lower risk to the customer. That makes it pretty trivial to do something like obtain a fraudulent driver's license. For example, knowing your citizenship, date, and place of birth makes it trivial to fraudulently obtain your birth certificate. The problem is that it's spewing alot of information that if handled improperly is a high risk for fraudulent use. The problem is that it doesn't really provide assurance of anything other than possession of an image of a passport. Simultaneously, they need to do something to avoid being held negligent when a fake AirBNB host/guest hurts someone. They are in a sticky situation because their bonkers business model will suffer if customers need to go through intrusive processes. If you are interested in this, check out NIST Special Publication 800-63A.ĪirBNB is trying to use the passport photo as a way to link you to a real-world identity, cheaply. In the practice of identity management there's a concept of "Identity Assurance Levels" where you have varying levels of validation of a person's identity. The use of passport is an example of an attempt to do identity proofing. It's as if your web browser checked that the server sends a certificate that matches the requested host name, but didn't check any signatures or anything to ensure they are indeed talking to the owner of that certificate and its corresponding secret key. That's just completely broken logic and should simply not have any legal weight at all. What happens nowadays is that people check whether someone can send them a picture of a passport, and if they can, then that is considered proof that the entity that sent the picture obviously necessarily must be the person described by the passport depicted in that picture. The point is that in order to check the identity, you compare the picture to the face, you compare the signature on the passport to the signature they write with you watching, so you then can be reasonably sure they are the person described in the passport. The point of a passport is to bind your legal identity (name, place you live, dob) to characteristics of your body (signature, face), so that people can then use it to verify that the body standing in front of them is for legal purposes the legal entity described in the passport. Identity verification by exclusively looking at pictures of passports is the problem. Identity verification using passports is not the problem.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |