Hacker News new | past | comments | ask | show | jobs | submit login
The Most Misused SSN of All Time (ssa.gov)
164 points by polm23 22 days ago | hide | past | web | favorite | 135 comments

> They started using the number. They thought it was their own. I can't understand how people can be so stupid. I can't understand that."

Based on the number of emails I get because other people think my email address is their email address, I too can't understand how people can be so stupid.

> other people think my email address is their email address,

This is the worst kind of spam. There is someone who enters my email for all his electronic receipts. I am not sure if he's purposefully enter a "fake" email or mistyping his own. But either way, it doesn't get classified as spam. There is also no way to "unsubscribe".

I now know the guy drives a Mitsubishi which he regularly services and also shops at Target and Kmart - mainly purchasing BBQ equipment.

It could be a result of autocomplete. Entered/pasted once, auto-complete forever. In this anonymous person's defense, he might not know how to turn it off or change it. (With most browsers, it's buried down in a menu.) Meanwhile, just add KMart.com to your blocked domain list. that's 50% of the problem solved.

speaking of using others' numbers, I use 867-5309* for the shopper-loyalty-card number at every retailer that asks for one (in exchange for discounts). I think that dozens of others must use this number as well, as the supermarket receipt sometimes shows totals of $10,000-20,000 per week for "my" account.

*For those born after the 1980s, the song "Jenny (867-5309)" was a hit for the band Tommy TuTone and received significant airplay. It was a catchy tune, and the phone number was the chorus. As such, it's an easy number to remember.

I am continually impressed how often this works, even at small obscure grocery stores the pattern of (local area code)-867-5309 will always be registered.

I personally use it as a grocery store gas discount code when I'm in areas that have chains offering it. The receipts usually show thousands of dollars per month worth of "points".

Gives me a self-organizing-system chuckle every time.

At some stores (Rite Aid comes to mind) that number is disabled. 281-330-8004, from a song by rapper Mike Jones, works nearly as well as Jenny's.

I use an email address @example.com when people ask for an email address unless I know they are going to send me a confirmation email I need to accept. Most of the time it's accepted just fine.

Late 90s/early 2000s, 773-202-5862 - Luna

(Carpet/flooring company. The last four numbers are L-U-N-A, which they still use in a different number.)

> I am not sure if he's purposefully enter a "fake" email or mistyping his own.

I finally figured out the reason for one person who's been using my email address for all kinds of things for years: his is easy to mistake for mine when being given over the phone. We have the same gmail address except that mine is first.j.lastname@ and his is first.jay.lastname@.

I got my lastname @ gmail.com back in the early days of gmail.

So now everyone with that lastname uses this email address. I get party invitations, venmos, confidential hospital forms, tax returns, you name it.

Same here I got my gmail in 2002 and used first.last@gmail.com. There was someone who signed up as firstlast@gmail.com which as you may know gmail doesn’t require a “.”. There is another guy who uses last.first@gmail.com and consistently forgets to use that permutation.

> Same here I got my gmail in 2002

Pretty impressive given that it launched in 2004.

> and used first.last@gmail.com. There was someone who signed up as firstlast@gmail.com

That's not possible. Gmail won't let you sign up for an already in use email and they strip the dots before they check.

Maybe that wasn't implemented in 2002.

if you have first.last@gmail.com, then someone else cannot sign up as firstlast@gmail.com. Gmail addresses are required to be unique after all dots are removed.

I rarely use twitter, but I've got @stevew -- and I get a lot of truncated mentions about Woz and others.

I used to give my old phone number to companies I don't care about... but that number finally got reassigned to a someone else (a company)... I wonder how many calls they got.

Oddly my wife is experiencing the same thing: some random person in Ireland keeps trying to sign up for things using her email address.

The latest is Paypal who WON'T DO ANYTHING ABOUT IT! (sorry, needed to have a dig at Paypal's awful support there).

This person has tried to sign up for at least 6 things over the last year only to find that the registration confirmation emails never reach her.

It's nuts!

I have a simple firstname.lastname@gmail.com as my gmail address, with my real name.

Some lawyer with an amazingly active life, and is learning to be a pilot, and other things I've forgotten has the same not too common name as me, and has firstname.lastnamee@gmail.com as his email address.

While at first cute, the number of times I've had to deal with other law firms who have sent me some incredibly sensitive document and then demanded I sign a document somehow proving I never read, nor will keep, the document they sent me by mistake is getting old.

Or my favorite, when a plane leasing company sent me some very large bill, and when I tried to explain the confusion, they claimed it was my responsibility to find the right person, or pay the bill.

People amaze me.

(And it's super petty of me, but this lawyer's family sends invites to family events to me now. The first few times I responded trying to fix the situation. Then I tried going radio silent to these, but they got more and more incessant on a response, so now I just respond that I'm not interested in attending.)

Send an email to the general council of the lawyer's firm explaining this. I gaurentee the problem will get fixed.

Edit: having sensitive information sent to a personal gmail account is also a problem in itself and is probably directly and unambiguously prohibited by the firm. You should really let them know

> then demanded I sign a document somehow proving I never read, nor will keep, the document they sent me by mistake is getting old.

Tell them: no problem, but first you have to pay the fee and send them an invoice for some large but not completely crazy amount. :)

> this lawyer's family sends invites to family events to me now.

Just show up to the party?

I considered that. They live too far away.

This pisses me off as well. At first, it didn't bother me because they aren't getting the emails in the first place, so no big deal.

But then get someone with your name that gets a support tech at your email host that's willing to reset the password for them, even worse bypassing any security they have, and then you're going to have a bad, bad day.

All the fancy 2FA and questionable security questions aren't going to help if admins are going to bypass them based on a phone call. That is a massive, massive security hole.

And with so many services potentially tied to your email address, this can amount to identity theft. Maybe the caller and the admin circumventing security for them should be getting some legal trouble for this.

It's happened to me, repeatedly. This is the legacy of anyone who got a desirable gmail name from signing up in the early beta.

What was most impressive was when I called Amazon to complain that someone opened an AWS account using my email addy fraudulently. They did several things to try to prove that I was the one lying (sent a confirmation email that I never clicked, sent a verification email which I was able to read back over the phone), and even confirmed from logs that the offending party bypassed the e-mail signup verification process by using a phone number rather than email address.

They made some vague promise that they would open an investigation and close it if they deemed it fraudulent. They never did. My guess is that they are siding with random-fraudster-with-Indian-IP because he's the one that will (potentially) pay them money.

The solution is to just request a password reset and own "your" account.

I've done this repeatedly. I like to put mildly insulting things in all the form fields before I lock out the account entirely.

Bad idea. This could get called identity theft. Also you would really be on the hook for the bill!

Someone would have to figure out who to call an identity thief, who purchased the goods, who to send the bill collectors after, who to serve for a lawsuit, etc.

All the company has is an email address and a bunch of other incorrect information.

And an IP address. And the previous contact with their support asking for the error to be resolved.

The account was created under fraudulent pretenses. Amazon didn't perform any due diligence to confirm the email and already considers you the owner. Just take it over and shut it down.

I had to resort to this for an Ebay account that someone opened with my email address. I finally got sick of them not fixing it so I used the email-based password reset feature to login, change the password, then closed the account.

I've gotten email for a Spanish or Portuguese Netflix account registered to my email address. First time it happened, I complained a couple of times with no result, and finally set the account to English and then cancelled it.

Second time it happened, I somehow managed to get someone at Netflix to look into it. I haven't had the problem since.

I had that problem with American Express. Someone put my email address when getting a credit card. Amex not only did not verify the email address before sending me his statements, but it also took 45 minutes of explaining to them on the phone that they need to take my email address off his account.

There is a guy who thinks he owns my mobile number. It generates all sort of nuisances for me (quotes for insurance) but also for him (his bank is now sending me notifications by txt). I called that bank to let them know but they did nothing about it...

I was getting fraud alerts via SMS for somebody elses bank account for quite awhile. I always replied "NO" - I did not make the charge in question, which is true. Eventually I guess they got tired of getting their card locked or realized the contact info was wrong.

I ordered pizza to another guy that shares almost the exact same phone number as me, but the kicker is that we've both managed to choose the same PIN-number to log in. I noticed after placing the order that the delivery address was half way across the country.

Called the pizza place and it took them quite some time to understand what could have gone wrong. I had, after all, logged in, and was still logged in. We had a good laugh when we figured it out. Sales rep called the guy up, but I don't think he cancelled the pizza. So free pizza, I guess.

OK, we are wondering way off topic here, by my pizza & phone number story....

Back in the days of pheasant-under-glass mainframes, I had a part time student job as an operator in the computation center. We had a phone at the operator console, and 90% of the legitimate calls came from the operator console at the computation center at the other state university on the other side of the state. Our phone number happenned to be the same, but for the middle two digits reversed, of the most popular pizza place in a college town. The vast majority of the calls were to place a pizza order, not someone looking for the on-duty mainframe operator.

Our standard practice was to answer the phone “wrong number” — because it usually was. Anyone with a legit reason to call us knew the drill. Pizza orderers, especially the half-drunk ones, were our amusment on an lonely night shift of hanging tapes.

Would you mind adding context here, what's a PIN number in the context of pizza delivery?


Uh oh, i guess i need to change the combination for the lock on my luggage! :-)

Whew! I dodged a bullet there. My luggage combination is 1111!

And you'd better do it with ludicrous speed. ;)

No, no, they've gone to plaid! :-)

Outrageous! I only order pizza from places that requires a minimum of 16 chars passwords and 2FA.

The password for your account on the pizza place's website. (The user name being the phone number, apparently.)

That seems appalling, why wouldn't it just have a normal email/password combination?

> think

what do you mean by "think" ? I understand that mishaps can happen when numbers are canceled and moved to another person, but the old number is still registered in certain places, but why would someone want someone's else number ?

I am not suggesting it is voluntary but no, it is not a matter of an old number. I had this number for over 13 years and the problem only started to occur 2-3 years ago.

Is this person from the same country as you? If not, may be the problem is morons who clip phone numbers to 32 bit integers.

It looks like it is (he opened a UK bank account with my number).

A friend went through this type of situation. What happened in her case is that somebody with a bad credit history used to use her cellphone number years ago.

When my friend linked her CVS account to her mobile phone, CVS sells each interaction to various parties. There's a whole business where certain debt collectors will buy almost aged out debt for $0.01 on the dollar, "make contact with the debtor" and once that happens, they can resell the debt for $0.05 on the dollar.

All of the sudden she started getting messages that she won cars, etc. All attempting to establish contact.

Because companies buy and mix data from different sources, it's easy for companies to inject bad data, as they assume that certain types of data are highly reliable.

Welcome to my world!

My real name is extremely common, and each time I've been assigned a new phone number, I get calls for months (sometimes years) from private investigators, collection agencies, etc., looking for someone else who shares my name.

> They started using the number. They thought it was their own. I can't understand how people can be so stupid. I can't understand that.

Another possibility is that people deliberately used the number knowing that it was fake (or knowing that it belonged to someone else). Why? I can't imagine many reasons:

- distrust of this weird new Social Security program that was started just 3 years earlier, so they gave this fake number to avoid participating in this fraud or scam

- distrust of the federal government, esp. since the U.S. was still in The Great Depression and some people felt that Roosevelt was turning the U.S. into a socialist state, hence use of a fake number to avoid creating a socialist state

- people who had restarted their lives under a new identity (which was easy to do in an era where jobs paid cash and nobody needed real ID) -- to escape a spouse, the police, a criminal past -- would not want to get an SSN under their original name

- people living in the U.S. illegally were being asked by their employers for their SSNs, so they found this handy number to use

- people who were eligible for a genuine SSN but hadn't bothered to get one were being asked by their employers, so they gave the fake one

Ugh I get email for at least 6 other Ryan Mercer's with regularity (it's simply my name at gmail). The journalist in Vermont that has a digit at the end of my email to make his email, one in the UK that I receive counseling/pay stub/work contract/bills for, one in Georgia, one in Canada that is a fashion designer, one in Canada that is some level of semi-professional hockey player (and some of his current/former team mates follow me on IG...).

I also occasionally get for others, yesterday for example I got one for a guy in Lubbock notifying me he's off the wait list to be a Dash driver.

I get bank emails, airbnb confirmations, sports team info, paystubs, return to work from counseling info, airline confirmations, the Vermont guy's Wired credentials one time and tons of his photo assignments over the years, personal emails, someone's Apple account, ride sharing password resets...

While we're talking about thing we don't understand: I never understand the need to scoff at people who make such a small mistake. If you have a need to call people unbelievably stupid, there are lots of better alternatives.

Looking at the pictures, there is no name or picture on the fake card. The card looks exactly the same as a normal one. The only difference is the word 'specimen', which doesn't even cover the whole card and to me does not convey the meaning 'fake, don't use'.

I find this comment to be in poor taste, because I don't believe the matter has anything to do with intelligence.

1970s in USA were a drastically different time than today. Information warfare did not really exist in a meaningful sense for the common person in terms of threats that they would have to consider realistically. Information was even hard to come by for the average person in the country back then.

Even ignoring those facts, if you're comparing that to email addresses being known or used today, I think that is also a very uninformed view of the world. The vast majority of the country even today does not understand what information about them is considered confidential, and what is not. I personally see this even among engineers from what are considered top schools today.

This is not a matter of intelligence. It is a matter of being informed. I don't believe that anyone is inherently stupid for being misinformed, especially in an age where information is used for warfare.

I have a common <firstinitial><lastname>@gmail.com address.

In the last 5 years, I can recall situations where entering my email address led to:

- At least three instances where a multiple people abandoned a new job onboarding due to use of my email address. (In Scotland, Texas and Ireland)

- One instance where someone was leaking sensitive PII and video regarding a workplace incident that killed someone.

- Multiple dressing room / bedroom "how do i look" emails.

- One person sent an email every quarter with a zip file containing a VPN client and a word document with a list of about a dozen username, passwords, etc for the industrial facility that she was a plant safety manager.

- One guy test drives luxury cars in the Washington DC region as a hobby.

- An attorney sent a bunch of litigation related materials to his client. And a bunch of followups to get signatures as deadlines were missed.

- One guy was a big Ashley Madison user

- Lots of real estate agents in weird disjointed conversations.

This stuff has nothing to do with information warfare. Just simple mistakes compounded by complete inattention to detail and often combined with incredibly stupid or irresponsible behavior.

Even worse, I have a <lastname>@gmail.com address. I have gotten everything from multiple years of tax form from New South Wales to tickets to a wine tasting in South Africa. One of the most fun was church choir info from Germany. At this point I have a multilingual "You have the wrong address" email that I will send once and then create a rule with an auto-reply and auto-delete.

I have <fistname>.<lastname>@gmail.com and I get an eerily similar combination of mistaken emails. There's a real estate agent in New Jersey and a church deacon in Ireland that really wish they had my email address, apparently.

My gmail address isn't even firstnamelastname@gmail.com, but 3 initials repeated twice. Looks pretty cryptic, and still I get random mail for other people. A recent one involving an attempt to hire a CTO, Netflix notifications for a Spanish or Portuguese Netflix account, and a bunch of other random stuff.

It's amazing how sloppy people can be with email addresses.

Thank you for this, perspective is hard for those that weren't there. If you think these people were rubes for not understanding what a Social Security Number was for, consider not only did they not have a credit card, they didn't even need to apply for a Blockbuster card. Or maybe the best way of understanding how different the world was: some yutz thought it would be a good idea to put his secretary's SSN on a demo card instead of zeroes.

We can all laugh right up until we sign up for a site built by someone who doesn't know credit card companies offer test numbers or doesn't understand the value of hashing passwords.

Parent was quoting the lady who's SSN was stolen. The article didn't say when the quote was from, just "in later years" but probably in the 1950s or 1960s.

I have someone in Florida who likes to sign up for things with my email. Uber, Door Dash, dating sites.

Fun fact - if you sign up with an email address and password and then someone later uses Door Dash with the android authentication on their phone they can log in to the same account without needing credentials. That was a fun email to write to support.

This XKCD. All the damn time for me: https://xkcd.com/1279/

> If your email address is [First initial]+[Last name]@gmail.com you gradually get to know lots of older people who have the same name pattern. [...] it looks like there must be at least 750,000 people in the US alone who think 'Sure, that's probably my email address' on a regular basis.

I've had a college professor give my email to all her students. I've had numerous job acceptance letters go to me. And so on so on.

Some of these I know well, and even reply "No, your professor's email is actually X. But actually you may want to correct number 3 before your send it to her..."

Based on the number of emails I get because other people think my email address is their email address...

As one of the first subscribers to a new ISP, that was set to be the most popular one in my country, I was able to get an email address with my nick. I couldn't anticipate what was coming my way. It was possible to explain most people their mistakes, not the guy sending me underskirt porn. Except it was scottish underskirt porn. It was too embarrassing to write a complaint.

Now with my current gmail address I had a problem with a bunch of... individuals that use a reply-to-all mail list. Forced to mask everything as spam.

I'm glad I'm not the only one. I get concert ticket receipts, airline travel notifications, emails about my car service being due in states and countries I've never lived in, appointment reminders for job interviews from recruiters, car and boat license registration renewals, letters from grandma (literally) and one annoying guy who lives in London, recently moved to a fancy new flat, drives a BMW which needs to get services and supports the liberal democrats and eats out at a particular Indian restaurant a lot.

I've gotten that too; registration confirmation emails from services which I've never even heard of, but appear to be legitimate. I wonder if it could be some sort of spam/phishing attempt, or maybe even just a way to verify "account liveness" for future spamming (expecting the clueless user to click 'confirm', then e.g. checking if a profile page on a site is created/another account can be made with that name...?)

If you made a histogram of random phone numbers that people think up when asked to provide one (when they don't want to) it would be cool to see if there are any patterns too. People with certain numbers are probably less lucky in terms of spam.

I usually provide an old phone number of my own, but with the exchange code replaced by 555.

(For example, if my phone number in 1995 was 123-456-7890, then I provide the fake number 123-555-7890.)

The number of appointment confirmations, etc, I get for someone who has my name but lives on the other side of an ocean, is ridiculous. It's part of why I switched to my own domain instead of name@gmail.

I even get door PIN codes for various gyms, etc. Ugh.

My favorite this week: Figuring out someone's wireless keyboard needed new batteries, they asked me if the batteries being dead would cause it to not work.

You have firstname/lastname @ gmail too?

There are ~1200 people in North America with the same name as me. They all use my gmail address to sign up for accounts.

As a Canadian, the number of Republican/right wing mailing lists I get signed up to is astounding.

Guessing the LifeLock CEO might be the distant #2 on the list.


Almost 15 years later I can still remember that number from the TV commercials.

Wow! I guess LifeLock doesn't work after all.

CGP Grey did a great video a few years ago explaining how bad SSNs are.


Wow, i had never seen this video. I've been somewhat familiar with some of the topics depicted in the video...But seeing them all in one place - and of course the brilliantly cute and funny method - taught me lots more....Which lead to me remembering that this is all true and not fictitious...which instantly makes me a sad panda. :-(

I've watched this video 5-6 times over the past year or so. It's funny and fantastic.

In fact, the number he used on the card in the video is the number shown in the article.

> Company Vice President and Treasurer Douglas Patterson thought it would be a clever idea to use the actual SSN of his secretary, Mrs. Hilda Schrader Whitcher.

Can someone explain why this would be “clever?” It just sounds like a bad idea to me.

The SSN was never intended to be a secret. Nobody in 1938 thought that one day banks and other businesses would use it as a credential to establish identity.

SSCs even used to have "not for identification" stamped on them before SSA gave up (the note was there from '46 to '72).

My circa 1969 SSC has that printed on it.

For GP, actually yes, people did think it would be used as a credential to establish identity, and many feared (correctly, as it turns out) that would happen. The phrase used by those people was "Papers, please!" with a German accent, since it was well known by the mid-40s that identity papers were used by the Nazis to control the population. Later variations by people my age was to use a Russian accent since the Bolsheviks also used papers to control the population.

My uncle and aunt never had SSNs for that reason (and no, never paid into or collected social security either.)

I have a friend who is now in his late 50s who has never given his SSN to anyone except the IRS and his employer -- which is actually the law, or at least used to be, perhaps it has changed.

Rather than assume older people are less privacy conscious, the correct assumption is that younger people are less inclined to protect their privacy. Many millennials don't even believe in privacy. I blame it on the generally poor education in history that most younger people have received.

I was renting an apartment few weeks ago, & If I had refused to not give SSN, tough luck, application will not move forward.

If it was a law, it has since changed. The IRS has the W-9 form specifically for the requesting of an SSN (or EIN if a company). At my job I require it before issuing a non-employment related payment that will get reported to the IRS on a 1099-MISC.

I think it's mostly a US thing. At least in France, SSNs are never required for non-medical stuff.

I think it was construed as being ’clever’ in the same sense as inserting an Easter Egg or veiled reference to obscure pop culture is today. So that would make it a Mad Men-era <nod> <nod> <wink> <wink> Easter Egg from more innocent times before identity theft was even remotely conceived of (and before executives learnt the hard way to need to assume that the world is populated by imbeciles).

The clever part was using his secretary's instead of his own.

I think they were being sarcastic.

I get this, but I mean, they did actually do it, so apparently the idea didn’t set off any alarm bells in their head. I guess it must’ve just not been well thought out.

This was in 1938. Just three years after the Social Security Administration had been created. Most people still had telephone party lines. People didn't get how some government number could be really important.

Also, at that point it was not this global number that was used to identify you everywhere. It was your registration number in the Social Security system, not more. Well, you could use it to pay into somebody else‘s pension ¯\_(ツ)_/¯

Aomebody linked a CGP Grey video above that goes into details.

You are thinking with a 2019 point of view, this was effectivly 1938, people were less aware of consequences of their actions (as history of that dark period shown accross the World ...). Also,probably at that time people thought that a real SSN would shine more than 000-00-0000, as any other number could potentially be a "real" number from an unkown person ...

It is possible that people were not used to carrying cards around, and didn't know what the pocket was for.

I don't know if I'm having one of my hyper-literal moments, or if this is some other neurodiversity thing, but I can't make sense of the last paragraph... Can someone help explain it to me?

The way I read it is:

* 219-09-9999 is a made-up number that was never issued to anyone.

* The woman thought it was her number for unexplained reasons.

* She used the pamphlet as evidence that it was her number.

I must be missing something important. Is it a joke, with the punchline being that she thought the pamphlet was her social security card? If so, how was this the fault of the Board? Was it her SSN somehow? If so, how did the pamphlet prove it?

>The way I read it

Looks right to me. She received a document from the Social Security Board with a made up SSN on it, and thought it was hers. It's not a joke, just an example of how people can get confused by real-looking fake numbers.

This can be said to be the fault of the board in the sense that after dealing with the 1938 incident they could have learned that this is confusing to some people, and for example printed 219-09-XXXX instead.

I think the joke was she tried to use the pamphlet as evidence and thought the pamphlet was personally addressed to her - "how silly!"

I too had a hyper literal moment on this too, so I'm glad you asked. My conclusion is that the joke just isn't that funny or well written (everyone's a critic!:))

She was given a pamphlet with the image of a card. She thought pamphlets had different numbers and were used to attribute SSNs. Twenty years later she tried to use it and when it wasn’t accepted she said “look, this is the number you gave to me”.

SSN misuse will stop the moment companies are made responsible for all actions that result from using SSN as an authentication token.

SSN misuse will stop once the USA has a secure national ID that is free and easy to get (don’t have to go to a DMV). Driver’s licenses aren’t a good enough solution. Less than 10% of Americans have a passport. But somehow the idea of a national ID has opponents everywhere. The right thinks it will create a surveillance state, the left thinks it will be used for voter suppression. So we are stuck with the misuse and abuse of SSNs because they weren’t designed as an ID number.

>SSN misuse will stop once the USA has a secure national ID that is free and easy to get (don’t have to go to a DMV).

What does that even mean? There will definitely be a bureaucracy with offices that administers it, which will be functionally a "DMV".

The worst misuse of SSNs are treating them like some form of ID. SSN's are often thought of as a primary key that uniquely identifies American citizens, and that someone knowing the match between a name and SSN is "proof" of a person being who they say they are. The problem is that none of this is true- SSNs are re-used, so they don't uniquely identify people, and they aren't secret (the weren't intended to be)- millions of people have access to SSN databases to the point where they can't be considered even remotely confidential anymore. And you don't have to be a citizen to get an SSN.

To compound the problem, state Departments of Motor Vehicles have somehow become the arbiters of identity along with the SSN, when neither thing should have done so and very little verification takes place when a DMV issues an ID card. Any true national ID can't be administered at the state level- they might provide the manpower to hand out IDs, but the regulations and centralization should happen at the federal level.

I can go to a DMV with a paper birth certificate that isn't mine (and might not be real) and SSN card that isn't mine, and get a driver's license or state ID if I can't pass the driving test. I can take the birth certificate, SSN card, and new fraudulent driver's license, and get a passport from the post office. That passport, with my picture, is considered "proof" that I am someone else entirely, and I got it without actually proving who I am, because at some point we decided that the SSN card you got as a baby is good enough proof, along with a driver's license (that usually hinges on having an SSN). The crazy part is that you don't even need to be a citizen to pull this off, just know where someone was born and their SSN, put a little effort into making a realistic looking birth certificate, and you can get ironclad proof of citizenship that lets you stay in the USA forever, vote in elections, travel abroad and get assistance from the American embassies, and enjoy all the benefits of being a citizen.

I don't know how I was supposed to infer those concerns, and your solution, from your insistence on the criterion "don't have to go to a DMV".

I don't know why it's my fault that you inferred that "don't go to the DMV" was my central thesis, when my original comment was clearly focused on the fact that a national ID system would prevent SSN misuse. Not using DMVs was tangential.

You specifically said,

>SN misuse will stop once the USA has a secure national ID that is free and easy to get (don’t have to go to a DMV).

It looked like that nebulous "no DMV" was a core criterion. I recommend you would flesh out ambiguous criteria like that more as you did in the follow-up.

That thought was in parentheses. According to commonly accepted writing style, that indicates that the thought is ancillary and not completely necessary to the argument being made.

It’s perfectly acceptable to ask for clarification on something, but it’s rude to attack me, doubly so in this case because it’s from you misinterpreting something and not me insulting you first.

I’m done with this thread, unless you care to bring the discussion back on topic.

The distinction here would probably be with how state DMVs do things like 'only open every fifth Wednesday' (https://www.politifact.com/wisconsin/statements/2016/feb/19/...).

Sorry, the distinction was supposed to be that state level DMVs can't securely verify someone's identity. Although they are often frustrating to deal with, it's the issue with fragmented administration that's the real problem with a DMV- each state decides the burden of proof before they give out an official "government issued ID" and most states are very lax- there is no way the DMV is Nevada is going to call up a county records office in Georgia to verify someone's birth information. A national system would be better at verifying identities.

Yes, I understand the concept of "that government office is a pain to deal with", but that concept is not conveyed by calling it "no DMV".

More than 40% of Americans have a passport. The 10% figure hasn't been accurate since the early 90s: https://www.forbes.com/sites/niallmccarthy/2018/01/11/the-sh...

No thanks. The biggest "SSN misuse" is by commercial surveillance bureaus that use the number as a hook to crosslink and store detailed permanent records on each of us without any sort of consent or accountability. Strengthening the technical foundation of personal identifiers only makes sense after such abuse has been stopped.


I'm still not convinced a national ID would be useful or even correct.

The only three things I know of that SSNs are really used for (which are currently accepted uses and not DBAs being lazy) are tax ID numbers (which are more or less their intended use), Social Security itself, and the "credit reporting agencies." which are horribly irresponsible. The way they currently use them was originally illegal.

How about a hash from a licensed professional of recorded birth time and a sun, moon and rising sign

A lot of people would feel respected and it would be the most benign religious integration into our culture, aside from the names of the days of the week

Designating the liability like this is why credit cards became useful, despite the ease of stealing them.

“ Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.” -Rick Cook

I’m sure that this sentiment isn’t exclusive to programmers, but applies to anyone who has to consider how the general population will handle their product.

Just remember that you, me, and all the rest of the smart people are undoubtedly the subject of someone else's "You won't believe this idiot I had at work today" story.

The arrogance and tone-deafness of such statements astounds me when they come supposed professionals. Those “idiots” you so frequently run into? Yeah, polite people call them “your customers”, or “your boss”, or “people who will complain to your boss”. Or just “people who look at the world differently than you do”.

If you consider the “general population” to be idiots, you:

a. Don’t know how intelligence measurement works. (Hint: they cant all be idiots. Maybe it’s you.)

b. Are still an amateur who will hopefully someday mature into a professional who works with the circumstances at hand rather than complaining that conditions aren’t right for the world to appreciate your genius.

I was on board with your comment until the mean-spirited "maybe you're the idiot or unprofessional". I don't like how people are calling some people idiots and stupid over dumb mistakes. It definitely gives a bad vibe about developer culture that is only detrimental. Developers and tech professionals exist to serve users... Without them we would be shit out of luck. I don't think turning that mean-spiritedness back on them helps either, though. Tone-deafness all around here.

The saying is generally not used to look down at people but more try to understand that whatever is very clear to you, might not be clear to others and you should do your best to make yourself understandable to as many people as possible.

I don't think it was meant to "the user is using it wrong!" but instead make you (as the creator of something) think that the user will for sure try to use it in ways you didn't intend it to.

This wouldn't be possible if we were serious about stopping identity theft. The usage of inconsistent identity would trigger an alert, immediately dispatching law enforcement to deal with the problem. Most identity thieves would find themselves in jail within hours, so there wouldn't be many people willing to risk it.

Yeah, sadly there's just no incentive for anyone - neither U.S. government or U.S businesses - to alter their behavior. Even sadder, any pain of identity theft/fraud are felt by the victims/citizens, and not felt by businesses or government. Unless/if/when this changes, identity theft/fraud won't really go away.

I thought for sure it'd be 123-45-6789.

> Even though the card was only half the size of a real card

I'm confused by this statement. The card appears to be the same size as a real card in the picture of her holding up the two cards, and for the purposes of showing people that the card would fit in a wallet, it'd have to be regular-card-size.

Accurate statement or not, how many people in 1938 had seen a “real card” with which to compare? Having been born several decades later, I think I’ve seen one real SS card in my life: my own. And I lost that years ago.

Maybe they mean that the card was physically the same size, but the printing was scaled down to only fill half?

Maybe the real cards were printed on one side of paper and you folded it in half? I remember having a card like that, though it may have been for the Selective Service. Otherwise I would guess it's just a mistake.

Half the thickness?

I was really expecting the most misused SSN to be Richard Nixon's.

Whenever someone asks me for my SSN without having a legal need for it, I give them Richard Nixon's instead. I know first hand that I'm not nearly the only one.

Who does or doesn't have a legal need for your SSN? How do you tell?

You are legally required to supply your SSN for the following reasons:

Credit applications

Cash transactions over $10,000

Applications for certain federal benefits, including Medicare and Medicaid

Military paperwork

Interactions with the Department of Motor Vehicles

Social Security business

You also need to supply either your SSN or a taxpayer ID number to companies that are required to report about you to the IRS.

Under all other circumstances, there is no legal requirement to provide your SSN.

Great list! Do you have an official source we can reference?

Nice of Treasurer Douglas Patterson to use his secretary's number and not his own!


scam, please don't click.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact