Hacker News new | past | comments | ask | show | jobs | submit login

It's interesting to see a mention of the ability "to correlate all your different identities" as a feature, which probably illustrates fundamental conceptual differences in different legal/social systems.

In European continental civil law (as opposing to common law e.g. USA and UK, as far as I understand UK law) there's no such legal concept as "different identities" or legal aliases - you have one identity, and that's it. You must have an official identity (it's a crime for adults to not have that official ID registered/issued) and you can't have more than one. There's no right to assume or use a different identity, doing so for any benefit is fraud or forgery. If you change your name, then that must be published so that it's trivial for anyone to link these "identities", or, more accurately, know that the same identity used a different name until a particular day.

That has some disadvantages (e.g. lack of pseudonymity - either you're not identified at all, or you're fully identified) and some advantages e.g. in commerce it's generally useful to have a strong identification of your counterpart rather than a weak one; and it eliminates a whole class of "identity confusion" for people with matching names and other features - there's a single "source of truth" for identity, and it can reliably distinguish all the different John Smiths.

If we're looking at the risk of compromise, it's worth noting that the whole concept of 'identity theft' is widespread in countries with weak ID systems like USA and not widespread in places with strong centralized IDs like continental Europe. A chain is as strong as its weakest point; if it's plausible that you might be using some weak form of ID (or even just 'something you know' like social security number/mother's maiden name/etc), then someone else can pretend to be you using that weak form of ID.




You have to realize that the entire concept of "identity theft" comes from having centralized identity to begin with, otherwise there is nothing to "steal".

Suppose you want to take out a mortgage on a house. If you take it out in someone else's name, this is a problem. But suppose that didn't even enter into it. Instead you prove title to the house, i.e. you authenticate to the city title office as owner of that property using the authentication method you established when you bought it, and that proves to the bank that you own the property. You, having authenticated to the city, approve the bank to take a lien out on the house. They accept the lien as collateral for the mortgage loan, and you get a mortgage loan. Your name doesn't enter into it at all, so nobody could use your name to take out a loan. If you don't pay the loan, they don't care one bit what your name is, they just foreclose on your house.


You realize there is a centralized identity here: The house, or whatever identifies it e.g. street and number.

Also, as a counterpoint, most countries have much stronger centralized identities than the USA, and much less trouble with identity theft.


That's one identity, but the owner of the house would have other identities. The fact that you know that the owner of the house approved the lien would not automatically tell you that, for example, the person living in the house approved the lien. Or that a certain employee of a certain company approved it. These would all be separate identities, even if they all refer to the same person.

Even in countries with unique, centralized identities, you don't go around handing your government ID to everyone you meet. You use it for official legal business only. In other contexts you still have less formal identities which remain separate from your official identity.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: