undefined | Better HN

0 pointsemdowling5y ago0 comments

You've nailed the complexity of this. On privacy, people are rightfully spooked about this for all the reasons you've mentioned. On safety, people are really happy about these initiatives as accounts backed by user identity are less likely to be used for harm. On security, leaks of these databases create issues to other sites and companies (eg: if Company X is compromised, then identity documents could be used to disable/bypass 2FA for Bank Y).

To make it even more complicated, regulators often hold contradictory views. They want to see increased safety, but in the same breath will announce actions against companies for violating privacy. This is a super-difficult balance to strike.

Specifically for Stripe, I trust them. So if I see that a new start-up is using them rather than rolling their own solution, that increases my trust. But it means there is now a big giant server in the cloud with millions (billions?) of identity documents that is worth a lot of money for hackers.

0 comments

3 comments · 3 top-level

agwa5y ago

> Specifically for Stripe, I trust them. So if I see that a new start-up is using them rather than rolling their own solution, that increases my trust

Note that Stripe allows their customers access to the "captured images of the ID document, selfies, extracted data from the ID document, keyed-in information"[1]. So you still have to trust any company using Stripe not to download, store, and later leak your personal information, and you also have to trust them not to let their Stripe API token be compromised and exploited by identity thieves.

[1] https://support.stripe.com/questions/managing-your-id-verifi...

truffdog5y ago

> Specifically for Stripe, I trust them

The problem with this is that the user isn't trusting Stripe today, they are trusting Stripe today, and all future Stripe managers and owners until the user dies and no longer cares. That's a big bet! Bad CEOs and sales happen.

wolverine8765y ago

> people are really happy about these initiatives as accounts backed by user identity are less likely to be used for harm

Has anyone told you they are really happy about it? I haven't heard someone say that. Most users have no idea about it.

j / k navigate · click thread line to collapse