Software engineer with 12 years of experience. I enjoy working on different technologies and always learning. I work well with a team and have experience managing it. I can be considered full stack engineer, with experience in FE, BE and Devops.
Me and my friend were fans of LinuxForU magazine, now OpenSourceForU. I once wrote a reply or so and it was printed in next edition. Inspired by that, we wrote an article, a simple one. That too was printed in next edition. We got a little money also from it, I think.
In India's case it was logistics issue. Initial decision was to keep migrant workers in place and provide them with daily necessities free. Some state govts didn't play ball and cut off electricity and rations. After that it took some time for central and various state govts to run special trains to the people. And it's not thousands of kms, 10s of kms.
I remember admissions form of children (not sure which Indian state) that contains Aadhar (UID of India) listed in a server with directory listing enabled. Response was - the site is hosted in a secure government datacenter. No chance of leaking data.
I remember accessing SEBI, PWD records through google dorking. They are probably still live, haven't checked. I reported it to all the correct authorities, tried to get in touch with various organizations. To no avail.
I got myself involved in an argument with the Post Office recently. I was posting a letter to an international address and they asked me for - I kid you not - a colour print of my Aadhaar (black and white was rejected).
For people unaware, the document contains your photo, address, date of birth, and a very important number that the government itself 'advises' to not disclose.
I really needed to post that letter so I had to cave in.
When the letter was received, the receiving party told me they also received the Aadhaar stapled with the original letter.
Ironically, this practice of sharing your Aadhaar everywhere seems to stem from trying to "increase security".
It makes sense if you know who the Government thinks is the threat to that security - namely Indians against the government. What they don't seem to realize is that they're leaving the population completely vulnerable from both internal and external actors.
Lycamobile Switzerland has an online ID verification where you are required to take a video with you and your ID and they give you instruction to move the ID card so that the holographic elements of the ID get verifiable.
These video ID verifications were just shown last month to be unsafe by the CCC. Public health insurances in Germany aren't allowed to use it anymore.
Instructions how to fake your ID on these systems can be found in the net.
I think we're very near the point where a system can change letters and numbers on a moving ID in a video, if we're not there already. (And if one is patient enough, and the video is short enough, it's not impossible to do it by hand.)
I got somewhat blindsided and I needed the service, so I complied. The alternative would be to show up in the cell operator shop and show the employee your ID. I find it even somewhat nice that I was able to register online at all.
It's mandated by Swiss law. Cell service operators must identify their customers by ID. You know, south of Switzerland is Italy and sometimes the honorable crowd is trying to put up bases here or already did. It's also a fight against money laundering.
Re your suggestion to tamper with the video: be careful, it's illegal. You don't know whether the hologram or other features encode the identification number. If you get caught it can get expensive.
What companies like Airbnb are doing might also be illegal. For sure it is highly unethical.
I wonder how they would react if everyone would start trolling Airbnb and Facebook by submitting photoshopped IDs :D
Good point about the holograms. But since public companies are verifying them -- and not the gov't -- the information what is on them must be public as well. Heck, I'm even willing to bet someone in this crowd might be working for such a company and might know the answer.
And if the info is out there it can be photoshopped (or tampered with via AI, stable diffusion ID generation, my next weekend project maybe haha ;)
Ok, returning to more serious matters (that before waa a joke BTW), the only ethical way of verifying an ID would be an eyes-only approach, where you only show your ID to an employee, no copies being taken (this requires Airbnb to habe offices everywhere, which is not feasible they would claim). Then you'd use your ID to generate a number that can't be tracked back to your ID, akin to how datasets are anonymized. That way all the company knows is that a certain string of numbers identifies a semi-unique person. I have heard the German postal office had implemented such a system once, so it could be done actually.
Another thought: This whole ID requirement reminds me of the prohibition: If you will make unreasonable demands, you will just push people to do it anyways, but illegally.
One can see this on a large spectrum: taking away abortion, not selling alcohol, and lately forcing people to ID themselves for a measly Facebook profile - people will just resort to the black market to get these things anyway. This cat and mouse game is as old as time.
Software engineer with 12 years of experience. I enjoy working on different technologies and always learning. I work well with a team and have experience managing it. I can be considered full stack engineer, with experience in FE, BE and Devops.
reply