Hacker News new | past | comments | ask | show | jobs | submit login
Let’s help Airbnb rebuild the bridge it just burned (law.harvard.edu)
202 points by emhart on May 30, 2013 | hide | past | web | favorite | 129 comments



Interesting to read about the story behind this. I recently tried to use Airbnb to get a last minute spot in Boston. The most annoying part of the ID process was that it acted like everything was cool, let me browse the site, let me make a reservation and put in my credit card info, and only then told me to give them tons of extra info before they would process the reservation.

I actually tried to go through their process and it was quite draconian. They ask for tons of stuff. Last 4 of SSN was one part, and they also asked questions about streets I lived on years ago, specifically, which county those streets are in. They must have a contract with someone who has a database of this kind of stuff.

But I got through that and was hung up on the last step, "Online ID", which requires a Facebook account (don't use it under my real last name), LinkedIn account (don't have one), or recording an introduction video (not possible while I'm sitting in a busy coffeeshop, also seemed like a pretty absurd ask). At this point I wanted to bail out but there was no "Cancel Reservation" button anywhere and they had my CC info hostage. So I had to close my whole account.

By the way, this was an account I had previously used to book an Airbnb place with no problems, and got a positive review from the guy. The surprise ID requirements struck me as manipulative, as if they knew if they'd asked for all this stuff before I booked a night, I wouldn't have used their site. So they pretended they were going to hook me up with a room, then sprung this out of nowhere.


The "creepy questions" are a pretty standard identity verification scheme. If you ever open a bank or brokerage account online, you'll probably be asked these. They're used because they're simple and work reasonably well. Anyone can steal or guess the last four digits of your SSN or driver's license, but it's harder to learn random details of your life.

(Then again, I recently answered the creepy questions for a friend of mine, so it's not protection against someone you know stealing your identity.)

I don't know why Airbnb needs to know your identity, but I could come up with some reasons. Imagine someone signs up under your name as a host, and their first guests have their laptops stolen. Your name is going to appear on that police report, and that's a pain for you. If the whole fake identity scam can be nipped in the bud, though, this won't happen as often, making life easier for more than just Airbnb's users. I don't think that's a terrible thing.

In a business where you're having total strangers stay in your house, is it really an invasion of privacy to ask you to verify you are who you say you are? This isn't an online blogging service or something, after all.


"In a business where you're having total strangers stay in your house, is it really an invasion of privacy to ask you to verify you are who you say you are?"

Part of the complaint is that guests have been booking (and getting positive reviews) without such all-encompasing knowledge of said guest's personal history. Hosts have evidently been fine with this too. In other words, what problem is this change solving (because it's not solving the guest's problem and some hosts are arguing it reduces bookings for them).

If it were in the power of the host to ask Airbnb to hold additional information on guests, then the situation would be completely different. You could then decide for yourself how much knowledge you're willing to provide (as a guest) or how 'verified' you want your guests to be (as a host). That doesn't seem to be the case here.


The "creepy questions" -- in the USA at least -- are just another revenue stream for the three credit reporting agencies. They (or third party companies paying them for the data) pull data from your credit report and then ask multiple-choice questions based on the data. It's absurdly insecure given the large number of people who have subscription access to credit reports (landlords, car dealerships, employers, etc.). Even more ridiculous is that the questions are based on data that is often false. A scammer who applies for a credit card in your name provides a false address; that false address is added to your credit report and now can become part of the identity verification scheme. And of course the onus is on you to fix the bad data held by these companies.


It's insecure against a motivated, targeted attack. It is on the other hand a bitch to automate, given a file of 10,000 stolen identities, which is probably the primary concern animating most uses of these services.


I recently failed such an authentication. The system had bad data about someone they thought was my relative even though I have no relative by that name. I was asked three different questions about this "relative" and on all three said I dont know anyone by that name. In the end the agent administering the test told me I had failed the self identification. I was eventually able to talk her into putting in a manual override but the whole experience was disconcerting.


>but it's harder to learn random details of your life

It's obviously not that hard, because airbnb are verifying the answers. I'm guessing any identity thief worth their salt has a way to buy rows from that dataset at a cheap rate.


> but it's harder to learn random details of your life.

I wouldn't lean on that assumption for too much longer. It's becoming easier and easier for that to happen, especially when one naively gives out those random details to any form that pops up on their computer screen (...even if the creators of that form have a cool story about making amateur breakfast cereals).


As a nomad, those address questions would be impossible for me to answer. This is particularly relevant because in 2013 I've started using Airbnb 100% of the time. Any others like me hit by this requirement will have to stop using Airbnb altogether, and while it's certain that we'll be a very small minority of users, we might still add up to a significant percentage in lost revenue.


Airbnb's concept, however wonderful it may be when it does work, is full of practical and legal holes which are now beginning to emerge.

The big question is: can Airbnb close those holes without significantly reducing the usefulness of their service?

I very much doubt that. Hospitality is an industry with a long history, lots of regulation and self-regulation (which is not just corrupt government protecting incumbents), and disrupting that means tackling a huge range of issues an liabilities which Airbnb heavily oversimplifies.

I expect an increase in regulatory intervention, horror-stories in the media, lawsuits and Airbnb becoming increasingly more bureaucratic and complex in an effort to handle that.


I wonder what part of this comment was a reason to slowban me?


I love the usual weaselly worded "We apologize if our changes caused you distress" automated response to her second email.

That kind of corporate lingo is what I expect from soulless corporations.

[EDIT]

To make it clear. She offered lots of suggestions on what other services they could use and instead of a personal "Thanks for that, we will investigate" they gave her the brush-off with an obviously automated email.

Pretty shoddy customer relations.


Wasn't Airbnb the company where the founders took a special dividend using funds from one of the later VC rounds (which Ron Conway publicly objected to)?

That sounds like something leaders of soulless corporations would do.



Thx for the correction :)

Did not know that they arranged to give employees liquidity after the initial news.

>Brian and I have spoken at length and based on our discussions, I’ve learned some new items that have proven to me that everyone is paying serious and thoughtful attention to the needs of all shareholders including employees. Specifically, the company has developed a strategy about their next financing round where all employees who have been with the company for some length of time will participate in a structured liquidity program. While the details haven’t been finalized, I know Brian and completely trust that he will execute on his commitment.

http://allthingsd.com/20111002/airbnb-investor-chamath-palih...


PG himself suggested that investors should let founders cash out partially during investment rounds, so they're less uncomfortable about swinging for the fences: http://www.paulgraham.com/vcsqueeze.html


I hadn't heard this. Dividends are a great way to screw over option holders, who are often employees.


There were certainly other ways they were trying to screw over option holders (lit. employees), too.

(EDIT: Source: Prior working relationship with the company. Fought "tooth and nail" against this Verified ID junk.)


Can you expand on that?


I think that was also Groupon, famously.


Wasn't groupon just a straight equity cash out by the founders and some of the early investors? I don't remember hearing about a dividend.


oh yes, I'm not au fait with the details of higher finance, so I'm sure you're right, but it still looked really dodgy to many given other aspects of the business


No worries. FYI the reason a dividend is worse is because you don't even give up any of your equity, as is the case when you sell your shares early (Groupon).


And it screws over employees with options.


I love how people think this is rare.


Is it possible that, being stuck between a rock and a hard place, they're trying to toe a thin tightrope (did I use that phrase correctly?) and, while well-intentioned, they may come off as a bit corporate?


1) Why should we help a company valued at over $1 billion dig itself out of a hole of its own making?

2) The primary complaint is that Verified ID reduces the number of bookings. This is only a concern to people who are using AirBnB illegally-i.e., as an unregistered hotel--and thus depend on volume. The people using AirBnB for its proper purpose--occasional temporary "guests"--are largely unaffected by this.


>The primary complaint is that Verified ID reduces the number of bookings. No. One out of the eight comments quoted mentions it, and the author does not.


I like the tone of Doc's post. Very positive and solution focused.

As for #2, it remains to be seen I guess how much % drop in AirBNB bookings are caused by this. It will be some number, but obviously I think they're prepared for it. I don't think this has anything to do with "unregistered hotels".


I like the tone of Doc's post as well, however, as a consumer, I don't think it's my problem to help a company out if they suck at serving their customer.....and if I don my entrepreneurial hat, the more AirBNB annoy people, the bigger the opportunity for a good competitor to pick up the pieces.


I disagree with your 2nd point. This seems like over generalizing. You're saying that every Airbnb host that is upset about this change is suddenly using Airbnb illegally? Definitely not true.

It sounds like the verification flow has some serious design/flow problems. If I'm an Airbnb host in a major city and I have an affordable and highly rated place, I'm likely to attract all kinds of guests: both sophisticated and unsophisticated. For example, the most frequented place on Airbnb in San Francisco has probably seen hundreds of guests from around the world: https://www.airbnb.com/rooms/33577

Different people are different. Not everyone actually has a government issued ID. This does not mean they are necessarily illegal or untrustworthy. I think many people are going to freak out about these requirements... not just people without IDs, but average people who find the process intrusive. Do I have to answer security questions and upload my ID when booking a hotel? No.

However, maybe Airbnb has already tested this on a smaller random set of their listings and proven it doesn't reduce bookings.


Don't hotels usually take your ID at the front desk when you check in?


That's a good point. Airbnb is asking people to do this online. This is likely the first time they have ever had to upload their license or passport online. I voluntarily did it, just because I stumbled on it in the settings of the site last week, and it was the first time I ever scanned in my license online. I think one time I sent in my college ID online one time, but I've never uploaded my scanned license online. Showing an ID in person is pretty different from uploading a photo of your ID online.

I was thinking more about this today... maybe it is just that Airbnb has such insane supply and demand that they can afford to make this move and still be massively successful. If they're able to have a network of all verified and trusted people, the implications are huge.


No. They are more interested in your money. You can even pay cash with a deposit.

Actually, hotels don't require your actual identity. Many people like celebrities, public figures, some business travellers routinely provide fake information to hotels.


That depends on the jurisdiction. In some countries hotels will actually insist on keeping your passport until checkout, and in others some have genuinely considered turning me away when all I had was a photocopy of a lost passport and a police report.


Right - but I'm unaware of any hotel who requires you to upload your license online before booking a hotel. It's done in person at the time of checkin.


Clearly you can figure out why Airbnb, unlike a hotel, can't station an employee at every property a customer could possibly stay at.

"Why can't the property owner check your ID?" Some Airbnb spaces don't have anyone physically present at the property when guests arrive. As for the others, it's not just the property owners who have to bear the risks involved, but also Airbnb. If you book a hotel on Priceline, rape the maid, and trash the room, Priceline gets zero blame. If you book an Airbnb, rape your host, and trash their house, Airbnb gets all the blame. Especially when it turns out you did all these things anonymously.


> The primary complaint is that Verified ID reduces the number of bookings. This is only a concern to people who are using AirBnB illegally-i.e., as an unregistered hotel--and thus depend on volume. The people using AirBnB for its proper purpose--occasional temporary "guests"--are largely unaffected by this.

You incorrectly assume here that the only people who rely on a high volume of guests are those who do so illegally. Many Airbnb hosts operate a vacation rental property that they own. And they often rely on the income that property generates. These people – the ones that often maintain the best vacation rentals Airbnb offers – face the most damage from a drop in bookings. And Airbnb should be very concerned about that.


Luckily Airbnb's success is based off revenue share. So if there is actually a drop in bookings, Airbnb has an interest in killing this feature.

My guess? They already tested it on a small subset of their users and it's working well. Furthermore, if they have a network of all verified and trusted users, the network is going to be incredibly strong.

edit: sp error


Volume bookings via AirBnB are only illegal in some particularly authoritarian jurisdictions. Most places, those are within its "proper purpose".


From the news that I've been following, those "particularly authoritarian jurisdictions" include about every country with some level of regulations for the hotel industry - which basically includes each and every european country and the USA.


> As a host, it is up to me to choose who I allow in my home. I like that I can decide how many requirements to place on my guests. Should I choose to place strict requirements, I get more protection and probably fewer bookings. I like having the choice. Airbnb just took the choice away from me and I’m not happy about it.

Before we get into arguments about the validity of libertarianism...I think it shouldn't be shocking that when a company becomes large (with more at stake), they have to act in ways that will be overbearing in comparison to what they were before.

The quoted complaint above could easily apply to, let's say, the Apple iOS store, in which decisions are made heavily in favor of playing it safe and clean. I would like to argue that I'm wise enough to make my own choices about downloading immoral/unpleasant apps...and I'm entitled to make that argument. However, I can't argue that this...ahem, proactive policy prevents a great many shit-fests that might otherwise arise were it not in place. And I really can't dispute that Apple so far been wildly successful in the app marketplace.

Likewise, from Airbnb's perspective, I can see why they've made the calculation that proactively preventing scammers is overall, a good business decision. Because a few disasters from slightly foolish customers is enough to doom the entire ship.


How exactly does a LinkedIn or Facebook profile, much less a personal video, prevent scammers? All three of those are trivial to fake. On the other hand a public feedback system with persistent identities, which they already have is harder to game.

No, this is a ham fisted marketing initiative pretending to be about security. Why they didn't just buy 'likes' with coupons like every other scummy company out there, I don't know.


It's actually not super easy to fake a Facebook or LinkedIn presence. Most services that use social media presence as an identity check ask questions like:

1. How long has your account been active?

2. Does your account have a human-like pattern of activity?

3. Do your social graphs overlap realistically? Are you Facebook friends with your LinkedIn connections?

Etc. It'd take an extremely patient scammer to fake that sort of data. It can be done, of course, it's not trivial.


My "Social Graph" between Facebook and LinkedIn is approximately 2. One is for social networking, the other for professional. So if they think there's any good to come from comparing the two, there's going to be a lot of people like me for whom it Just Doesn't Work.


More likely, there will be a few people like you for whom it Just Doesn't Work. Which is fine, as a company you need to decide on which customers you want to take on, and outliers generally aren't worth the trouble (nothing personal).


No, I think "a lot" is more accurate. I have only 3 crossovers. I do not FB friend my coworkers, and I do not LinkedIn random FB friends. One is social, one is professional, and I think quite a few people use it that way. Not all of us consume social networking like a buffet.


OK sorry if this reply sounds like I'm nerdraging, it's because I am - don't take it personal, it happens so often here nowadays that sometimes I can't hold it back any more.

Can we please please please stop with the 'anecdote of 1 = data' and 'I do it like this and so do my friends (who are self-selected to be as much like me as possible)' arguments. It does not matter what you do, nor does it matter what you think. Businesses have much more data on this than the vast majority of HN readers, and while it's nice to think that they're all stupid in the 'I am so much smarter' sense, it is most likely not true. If Airbnb had, over the course of testing their validation approach against the first let's say 1000 users found out that the majority had little to no overlap in their social graphs between social networks, do you think they would keep using it this way? Clearly the answer is no, which leads to the prima facie conclusion that your generalization of your own behavior to the population at large is flat-out wrong. I'm not saying there is no way it could be that indeed most people have little overlap, just that the evidence we have so far, plus some reasonable thinking, points to the other conclusion.

Of course, if you do have (or can point to) data (i.e., not anecdotes, not 'I think', but hard data, obtained in a methodologically sound way) to the contrary, that would be a valuable addition to this discussion. All these "I don't do it like that so it sucks!" replies are just noise, and that was (in a passive-aggressive way) one of the underlying points in my reply.


Your argument is based on tenuous reasoning predicated on the assumption that you know how the Airbnb people are thinking and how they intend to use the data. The other argument is based on the assumption that there are probably other people who use Facebook and LinkedIn in a similar fashion (I am another data point). I do not see how your argument carries any more weight than theirs. It certainly fails the hard evidence test you put forth.


Patient scammer, or a bot which can read captchas and simulate human-like activity and create networks with graphs that overlap realistically. Facebook might catch that a suspicious new community with no previous presence has emerged, though.

On the whole I agree with you. Until the bot I described actually exists, social profiles are a pretty good identity check. No reason not to use them whilst they're still worth something.


About a quarter of Facebook friend requests I've received this year are from bots/fakes, mostly with pretty realistic-looking profiles, and I'm sure a fair number of them can be bought by any interested bidder.

It stretches credulity to suggest Facebook and LinkedIn are better ID checks than reviews from paying AirBnB users, which is what AirBnB's position seems to be.


More relevantly, does your friend/connections also connect to other people, and is the graph an "island" or is it securely attached to "the cloud" (a term SixDegrees.com used back in the day to describe the big, central cluster of connections)


They don't insist on both logins, so point 3 at least is out.

Besides which they have your credit card on file. Why not just match that up with the scanned in driver's licence / passport?


The premise of the issue isn't that they are 'proactively preventing scammers', more to the joke that apparently Facebook and LinkedIn offer any level of verification other than enabling potential tunnels to data mine a users social connects. As mentioned towards the bottom of the article, there are plenty of eVerification services avail that minimize the potential for data about an account holder.

To note, the way airbnb has rolled this out is quite surprising (mandatory sampling of users, disrupting active reservations, etc). Starting to wonder if there are any decent competitors out there.


German clone of Airbnb, Wimdu: http://www.wimdu.com/ I almost booked with Wimdu in the past but was put off by the fact that they didn't escrow the security deposit. I was expected to hand it over to the host when I arrived, and in theory get it handed back to me when I left. I hope that Wimdu has fixed this.


Imo being able to choose your clients/guests (they pay you after all) however you like is immoral and it would be illegal if it was done from a hotel/ apartment rental company ... (at least in a lot of European countries). You should not be able to profile your customers in any way. If you dont like it, dont make money out of your apartment.


EXACTLY. Simply imagine Holiday Inn or Hilton demanding we verify ourselves before renting a room. Who among you would defend them?


Um... they kinda do. You either need to provide a credit card or large cash deposit (if that's even possible anymore). Very often they will also require to see your driver's license. If you're foreign, you'll need to let them copy your passport too.


I cant speak for your country/experience , but as in Greece you have to verify yourself :)


In the middle of a recent trip, AirBnB asked me for more verification info to make a new reservation -- credit-report-based questions -- even though I'd already...

(1) been a well-reviewed AirBnB guest on multiple occasions;

(2) concluded transactions through them on more than one CC for those previous stays;

(3) linked my Facebook and LinkedIn profiles long ago.

Such verification questions can involve things like car loans from more than a decade ago, and on at least one of the questions I wasn't even sure I remembered the right answer.

Though I understand they have fraud concerns, I felt it kind of obnoxious to spring this new requirement on me in the middle of a trip, when I was depending on AirBnB working the same as before (and indeed as it had worked on my 1st AirBnB reservation of the same trip).

Had I been required to send a scan of some government ID, I'd have felt even more like they'd breached our prior understanding, without warning, at an inconvenient time.


Requiring users to record an "introduction video" is beyond parody; next step is probably to provide a front-and-back naked picture of yourself holding today's newspaper.

And you thought DHS was bad! And you thought "regulations" were bad! Let's get rid of it all! Let's disrupt!

But now, Facebook decides to police jokes according to vague claims by special-interest groups [1] and AirBnB requires its users to do a little dance for them before they can use their services.

Democracy has a lot of flaws, but constitutional rights and democratically voted laws, and a functioning judicial system, and well-run government agencies (I know, I know) are several orders of magnitude preferable to petty policies that grow in the mind of the average "community manager".

[1] https://www.facebook.com/notes/facebook-safety/controversial...


I am building a trust platform for p2p marketplaces (https://www.credport.org) and while there have been many great points mentioned in this thread, I'd like to chime in as well.

In general, most of the critics seem to say one of the two:

1. I'm obviously trustworthy, just look at me.

2. I want to have choice, I want to decide whether to host someone unverified or not.

What people need to realize about trust in p2p marketplaces is that trust is irrelevant, it's the experience that matters. At the end of the day, it matters whether you get what you wanted, and if you didn't, well fuck, it must be Airbnb's fault. It's never the users fault. Think about it.

On eBay, people get scammed every day. Does anyone say "well, that's just the users fault"? No, everyone says "eBay is full of scammers, I will never do it again". Same with the AppStores/Software Downloads. It's mostly the user's fault for downloading malicious software, but the platform always gets blamed.

So what you do in this case, and what Airbnb is doing is to "clean" the platform, cause the last thing you want is to have another Methlab incident or become the next eBay


Airbnb is an inherently international business and there is no way this is going to work for around the globe customers.

In many countries people don't use facebook. Linkedin is a joke anyway. Where they do they're not used to authing with it. Where they don't you may use local social networks but they're often anonymous or don't provide api as rich. There is also this huge problem with languages: how are you going to read korean id in hangeul? how are you going to link airbnb name in latin with social network name in cyrillic? do you seriously expect people to be able to record videos in english that can't then be used to ridicule that people (they're going to be public, right?)

In many cultures people are just averse of posting private information about them on the web.


  In many countries people don't use facebook
In my country people use Facebook just fine.

It's just that after Facebook more and more turned up the creepy volume to - for me - intolerable levels I chose to "delete" my Facebook account and don't plan to re-activate it ever again.

If your business relies on me having a Facebook account (or a specific piece of hardware) then I guess I'm not in the range of your targeted customers and we will never, ever do business together.

If you offer an (even more inconvenient) alternative I'm probably fine with that. For example: If your mobile boarding pass doesn't work with my device and I have to print it at an airport kiosk I'm fine with that. If I must have an iPhone to fly with your airline then I guess it's just not meant that we do business together.


That too. I've seen people annouce proudly they've left facebook, exactly the audience AirBnB wishes to serve.


Having a Facebook or LinkedIn is not necessary for getting verified with Airbnb as long as you are willing to do other things.

When I helped a friend get verified, we provided a photo of his driver's license and did that thing which Paypal also does where Airbnb makes two sub-dollar deposits or withdrawals (I forget which) to our bank account, and we have to prove the bank account belongs to us by telling Airbnb the exact amounts of the deposits or withdrawals.

EDIT: s/emailed a photo/provided a photo/


"When I helped a friend get verified, we emailed a photo of his driver's license..."

That sounds secure.


Actually, we probably uploaded it. (Changed in grandparent.) Sorry for the mistake.


Generally, I feel people are too cynical. And writing-off the Facebook and LinkedIn integration as merely a ploy for access to your social graph at first made my eyes roll.

But the truth is, there are a lot of things we do online that require real, meaningful identity verification. You put your SSN and DOB in and the computer gives you a series of multiple-choice questions from items on your credit report. People are used to them. They work.

And at the least, why not offer the credit report ID verification as the backup, perhaps alongside this video? Seems to me it would really cover their bases: The free spirits who would sooner die than submit to a credit check can produce a video. The professional, 2-million-miler, harvard-law types wouldn't flinch at an identity check that they've done every time they opened a credit card or bank account or many investment accounts or used the US Treasury or IRS systems or a credit monitoring product or, the list goes on. There's just a nominal cost associated with these, and unlike applications for credit they do not impact a persons credit score.

I'm not sold, but maybe there's something to the reliance on Facebook and LinkedIn afterall?


> And writing-off the Facebook and LinkedIn integration as merely a ploy for access to your social graph

Even if they actually didn't set out to get it (unlikely), I have no doubt at all that they'll abuse it once they have it. Rule #1: spammers lie.


So many startups have screwed this up. It makes sense why everyone is skeptical.

But really, why do they need my LinkedIn? LinkedIn is something I do not use. At this point, I just auto-accept all contacts and never check it. I know Airbnb uses my Facebook connections to show my friends that I've stayed at a particular place. That, to me, is fine. But, most of my LinkedIn connections are random acquaintances. I asked a couple of my friends and it's the same for them: Facebook for closer connections, LinkedIn for garbage. I don't need my LinkedIn connections knowing all the Airbnb places I've stayed at.

I've stayed at 10+ Airbnb places and have perfect reviews. I also willingly (a couple weeks ago) uploaded my driver's license. Host now have a clear idea of me based on my license and past reviews. Do hosts really need to know my LinkedIn profile? Honestly, to me, it seems like Airbnb wants to build out its graph and social connections. Maybe not spam you, but the social connections feature is pretty powerful so I can see why they'd want more social connections.

I have more to say but this is getting long. My opinion on all this right now is that Airbnb is experiencing a supply/demand tilt (more demand than supply) and they can afford to weed out the "crappy" demand (even if it's my aunt using Airbnb for the first time).


I have neither. What am I supposed to do?


Don't use a service that requires you to have one? Or make an account with one of them so you can use a service that requires you to have one? Seems pretty straightforward.


1) seems straightforward along with making them a bad name every time it comes to discussion.


Ah my friends, this is what happens when you reach scale. It means you have to protect against every little black swan that comes along (mainly for PR reasons) which overburdens the rest of the white swans.

This reminds me of all of the companies trying to compete against PayPal, who tell themselves and customers that "We'll do it better this time I swear!". I can't wait until they try to reach the size of PayPal and realize their whole business model is based solely on fraud prevention. Something not easily, dare I say possibly, solved by any algorithm.

This is also why I like 37Signals, since they let their customers outgrow their software. For every project manager that says "ugh basecamp doesnt do this, I need something else", 37Signals quietly says "see ya later, you'll be back in a year!"


Seems to me the bigger issue here is HOW they implemented this, not WHY they implemented it.

Yes, some people are asking that they personally be allowed to take the risk of hosting unverified people. As AirBNB continues to grow, I understand and agree why they won't let you do it - more cases of drug parties or robberies could ruin their business, and your business isn't worth as much to them as their business.

But requiring (if I understand it correctly) one of Facebook, LinkedIn, or a video? Telling you this ~80% of the way through a booking process? Implementing it with no notification (so people currently on holidays suddenly bump into the requirements)? These are the bigger issue.

I doubt they will cancel the current implementation plan in order to rethink a new one. But improving upon it - in particular with additional ways to verify identity - seems important.


No matter what you do, there's always going to be complaints. Verified ID is a seriously good idea. I would definitely feel safer hosting verified people. Of course, they might still be horrible guests, but that will be their last visit with any AirBnb host.


Good on ya. But it should be an option, not forced. If you only want to host people with "Verified ID", then just reject anybody who doesn't have it.


With a $1 million "burn your home down" guarantee, and future bad press on the line, AirBNB doesn't want to take the risk that you want to take.


If I read the article correctly, hosts are still in control as to whether they will allow all guests or just verified. Did I misinterpret this?

Is the uproar over the mandate that a random 25% of users are now required to go through verification?


25% is really high and might as well be mandatory. Only a fool would count on not having to verify, especially when they don't tell you until the last second. This isn't a pilot program, this is a massive, invasive change.


It is an option. Last I heard, you could still advertise short term rentals on Craigslist, after all.


Wow, I was planning to use them for the first time for a vacation in a few weeks. No way in hell they're getting my business now. Way more invasive than a hotel.

A video? Who seriously thought that this was a good idea?


Hotels unilaterally ask for ID and a credit card these days.


Some (ok, maybe most) hotels ask for an ID when you check in.

But I've never been to a hotel that asked for an ID just to make a reservation. I use booking.com, which is perfect BTW, and they never asked for an ID.


It's hard to imagine how a hotel could bilaterally ask you for your ID :-)

And in any case, they don't ask you for a Facebook or LinkedIn account to spam you with besides your ID and credit card.


Yes, the equivalent would be your host asking to see your ID upon arrival. I don't think people have an issue sharing their identity with a single other person. A soulless corporation on the other hand...


Which is nothing compared to social media accounts and a credit check.


Yes, but in person. They are not asking you to upload it online... something few people have ever done.


"Quit trying to mine data under the guise of trust." A commenter to the original AirBnB announcement.

So true and happens all the time.


Sounds like the process Paypal have been using for a while. I recall having to send a scan of my passport, drivers licence and Visa card to them a while back to prove I am not a money launderer and using the service for legitimate purposes. While intrusive I am more inclined to trust Paypal than Airbnb for a couple of reasons. One of those being Paypal have been around longer, they've established a rapport and two, I either comply or lose any funds I have in my Paypal account and make it hard for others to send me money in the future.

These kinds of processes scare me mostly from a safety point of view, but also from a trust point of view. How do I know the person verifying my credentials on the other end isn't secretly funnelling my documentation off to a nefarious third party using it to get a loan in my name or steal my identity to commit a crime? This has trouble written all over it, surely there is another way? The step requiring LinkedIn or Facebook is just ridiculous, what if you don't use any of those services?

If a company like Airbnb wants to dig themselves a hole, why should it be up to us to help them get out of it? I won't be using the service any more because of these changes and I assume others won't either.


One person in that post said it right: "You want people to send you their photo ID / passport? Are you out of your *&#%& mind?"

I am not even sure if I am legally ALLOWED to send a copy of my ID anywhere in my country.

The right answer to a request from a company asking for such information is "F.U., no".


In Germany, you are not allowed to copy your personal ID document.


That's an interesting claim, what do you mean?


You are not allowed to make a photocopy of the personal ID document. It contains data about your electronic signature.


I really meant 'who says so?' It sounds like an unusual restriction, and when I tried googling it I couldn't find any mention of this.


Its in Section 14 of the relevant law:

http://www.gesetze-im-internet.de/pauswg/__14.html

(in German, obviously)

It says who is allowed to 'process' the relevant information from the document. Copying is not mentioned.

The German Wikipedia has a section on it: http://de.wikipedia.org/wiki/Personalausweis_(Deutschland)#K...


My question: What exactly is AirB&B trying to solve for here? Is it safety for the host? Legal requirements? Payment fraud and chargebacks?

As mentioned in the article, it feels like increased verification requirements should be an option available to to the host rather than a universal requirement.

One important lesson learned: no one wants to record a brief video as a step of any verification process.


Agreed the video is somewhat ridiculous. It could be a supply/demand tilt (more demand than supply: weed out the crappy demand). It could also be a long term move. If they're able to have all verified people in the network, they'll have basically the most powerful local network ever created.


I objected when a roommate wanted to rent out our living room on Airbnb. I realize that the probability is extremely low that we'd end up with a deranged lunatic in our house. But for me, that tiny possibility (and more so the irrational stress that accompanies it) far outweighs the benefit making a few extra bucks on the side.

So would I reconsider using Airbnb now that they have Verified IDs? Probably not. The root of the issue is that I don't want strangers in my house while I'm asleep. Even if Airbnb has their info on file, they're still strangers to me.

This move likely alienates many of their core users, while offering no appeal to non-users like me. Perhaps there is another segment this appeals to -- users who are concerned about the possibility of petty crime, and who feel this would be a deterrent or would aid with legal recourse?


> Banks lose customer data all the time and they have some of the most stringent standards possible

Tell that to my maximum 6 digit, no special characters bank web login pin.


Am I the only person who thinks all of these people are overreacting?


How so? I genuinely don't have facebook or linkedin, I genuinely don't want to record a video (in english lol wtf?) with my personal details and I'll genuinely not use them ever if they start doing that to international customers.

They think they're unique but their business model is trivial to reproduce once they have alienated half of their audience.


Why are you so opposed to having your identify verified so that hosts know you're not a scammer? You couldn't give them even a library card with your photo on it or something? The ease-of-use of Airbnb is what makes everyone like it... I don't think that's super easy to replicate. I also don't think a quick ID check dramatically reduces the ease-of-use.


They don't just want an ID, what they want is an account on some intrusive social network.


I'm with you. All these people strike me as entitled twats.

As a user, I would much rather deal with the hassle of verified ID than do business with guests/hosts that are unverified.


The point is that the means of verification they're implementing are ludicrous. There are MUCH better ways to get a verified ID without causing this uproar, and that's why the only reasonable conclusion is that they are misleading their customers and they are after this for different reasons than the ones stated.


So I guess the issue can be broken into parts:

1. Airbnb has every right to demand that its users get verified. 2. The way they implemented verification is suboptimal.

My read of the article/comments shows that most people disagree with #1.


On the article it is said or at least implied, and in the email sent by the wife less ludicrous alternatives for verification are suggested.

Edit: And there are always people, especially in the US, against any kind of ID request, but they are missing the point, in my opinion.


I actually just did the verification for the sake of trying. It took me whole 30 seconds - I uploaded my driver license, which they automatically processed and accepted.

So seems like this is a problem for a small % of users - while the majority who are not bothered just don't care enough to voice their opinion.


Wow... what on earth are they thinking? And what on earth are some people who have commented thinking, to support this?

I go to hotels, hostels, couch-surf, etc; I know people who rent properties with varying degrees of seriousness and involvement, and couch-surfing hosts. I interact with people who do these things on every continent. Airbnb is ridiculously out of line; it's requiring more than authoritarian governments do, much less any of its competition.


It's already a common practice in Russia to ask for ID during check-in. Why not ask all hosts to do it, it will have less friction for guests.

Lately, my Russian friend was trying to do a last minute reservation via Airbnb and they asked for verification. Russian users do not have facebook, they use vk.com, and instead of linkedin they have moikrug.ru. So she had to use a local alternative (sutochno.ru). Lost money for Airbnb.


I'm just waiting for the first AirBnB user that declines to leave the rental property. Eviction in some places is a really hard and long process.


What I don't get is how is a video supposed to verify anything? Why did they pick loyal customers to do the verification? It would be more comprehensible if they required it from new customers. And lastly, why don't they use a real id confirmation service. Where I live we can go to the local post office, show some ID and that's it. No sending personal data anywhere.


I think AirBnB has every right to ask its users to verify their identity in some way. It just so happens, the methods they chose were maybe not the best options for their UX.

I mean, I don't see how you can go half way on this. Leaving the choice up to the host doesn't protect anyone. It's easy to say "hey, I don't want to bother with this.", but the minute something DOES go wrong, who are they going to blame? AirBnB.

They have to cover their ass, simple as that. It sucks, but we live in a litigious society that loves to transfer blame.

If you were in a position where you had to make a tough choice and disappoint some people to protect your family(or company), you'd do it too.

As far as data mining goes... what's new? Are there any massive scale online businesses that aren't looking for new ways to mine their users for marketing and business data? I don't like it either, but I can't say I didn't expect it.


Deja vu when reading the Airbnb reply. Did they really repeat a paragraph, or is that an error in the blog post?


A big concern of mine is that this verification process does not seem inclusive to transgender people. Obviously the official documentation of these people would not necessarily match their online profiles , or in case of video their appearance. Thoughts?


No one really cares about transgender people. They make up such a small percentage of the population that they're not worth worrying about. In nearly all cases they are forced into the existing system/structure, unless legally required otherwise.


Do you think that this is right or wrong? I think that it is wrong. Also the assumption that they make such a small percentage is wrong.


I don't think it's right or wrong (on the part of Airbnb, maybe wrong on the part of society as a whole -- there are federal laws for handicap/accessibility problems but not yet for self-identity not matching government issued identity)

The issue is that transgender people make up (I'm guessing and feel free to correct me if I'm wrong) < 5% of the general population. I would then assume that < 1% of the Airbnb population is transgender. That's a low enough number that it is more efficient for Airbnb to solve for those issues on a case by case basis rather than in code / process changes. Simple case of optimizing for the 90% instead of the 100% -- if that's offensive then I apologize but in my opinion it's justified in the near-term (maybe not in the long-term)


Hey everyone, I'm one of the engineers who worked on Verified ID. I'm going to keep reading all the comments people leave, but rather than respond to all of them on here, I've written up some of my thoughts on our blog: http://nerds.airbnb.com/verified-id/

I'd just like to stress that this doesn't address all the issues brought up, since some of them require more time, but I'm happy to answer more questions if you leave a comment on my post.


I think i was an involuntary early adopter of this process, my experience was that the ID upload kept failing and then broke the connection to my linkedin and facebook accounts. Support wasn't able to help, beyond suggesting I make a video.

https://news.ycombinator.com/item?id=5710284


Inevitable as a company get bigger it likes bureaucracy more and wants to cover its ass over being sued for bad experiences.

We all hate Paypal for its overofficcious moneylaundering ID requests which, should its dBs be compromised could easily screw the finances of millions. Do we really want to give these people IDs?


The difference there is that Paypal is required by law to make those ID requests. AirBNB is not.


Oh quite right! This is why I'm entirely against this, whereas I just deeply hate Paypal's lack of customer service.


Wow, this could be interesting. Scaling this across the world, reliably verifying anybody in the world, seems like an extremely hard problem, especially with the restraint that people can't just walk away.


Anyone else surprised at the fact that this poor UX is happening at a company and founding team that pride themselves in their design roots? Wtf.


I don't know much personally about airbnb.

I wonder how many bad incidents airbnb has facilitated? Searching for "airbnb robberies" seems to point to only one incident (San Francisco) where the victim blogged about it.

But generally we shouldn't expect to hear about crimes facilitated by airbnb. Neither the cops nor the victims have an incentive to publicize it.

airbnb may have paid out a lot in hush money and settlements.

So, while this new identity scheme is unwelcome and intrusive, it may be the only way forward for airbnb.


Bankruptcy is normal in a free market. Let's let Airbnb disappear and make room for better companies.




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: