undefined | Better HN

0 pointsfauigerzigerk3y ago0 comments

>Right now Google is not asking information that would allow them to really verify my identity.

Why can't they offer identity verification as an option? It's not exactly difficult to do technically.

0 comments

6 comments · 1 top-level

supernova87a3y ago· 5 in thread

Can you imagine how complicated this is, and controversial?

How to do this exactly? Do you want Google to be proving who people are by fingerprints, irises? Google has never gotten into this business. There would be so many issues. And is collecting biometric info an absolute bulletproof way to verify identity? And doesn't have pitfalls compared to current system?

Then how about just ID documents? Who would provide the locations to verify these documents? How many hundreds of types of documents would be suitable to prove identity? And thousands of locations would be necessary to serve everyone. Would they be honest / absolutely trustworthy?

Do you know how many people out there are waiting to try impersonating people by forging documents, given the money at stake, and how many outlets (that you'd have to employ as verification agents) would be susceptible to corruption to defraud people who'd relied on these documents as proof of their identity (and keys to their online accounts)? If you register with an identity document, and that becomes your method of proof, what if someone located in another country asserts that they're you with some different form of a document that says your name on it?

It's extremely complicated.

praxulus3y ago

Google is already in the payments business, which requires a significant amount of identity verification. They aren't at the level you're describing, but they're also not completely new to the business of verifying IDs, albeit via uploaded photographs rather than physical kiosks.

Al-Khwarizmi3y ago

Yesterday I opened an online account at a bank, using my phone. The website asked me to take clear pictures of my ID card, and then record a selfie video doing a few movements and saying a few numbers. Done, in literally 5 minutes. Then of course regular logins are done with a password and 2FA, it's not like I have to show my ID every time, but I suppose if I got locked out of my account it's what they would use to identify me.

If banks can do it I don't see why Google can't. For many people, getting locked out of a Google account where they hold all their photos, connect to people via email, have their purchased Android apps, etc. is not much better than getting locked out of a bank account (depends on how much money on the account, I guess, but in many cases this is so).

tinaclaussen3y ago

the point that no one generally knows your IBAN number or calls the customer service - reset this account by telling this is my new ID card as I lost my previous ID.

Whereas your google email is known to many. What happens if some one photoshops a ID and says it is you?

Further more how should the ID prove I am the owner for john.doe@gmail?

mistercheph3y ago

It doesn't matter how complicated it is, given how critical a google account can be in a person's life, Google has an obligation to make a good faith effort to resolve issues like these, and if that obligation is not expressed in their terms of service, then legislatures and regulators should compel them by force of law.

The fact is that Google is already in the business of authenticating identities and actually does so in circumstances where the law compels them to, but they have deemed it too expensive to do so in the context of recovering accounts, where they remain uncompelled.

As it stands, the GDPR compels Google to make a meaningful attempt to authenticate whether you are the legitimate account holder when you submit an SAR or Data Deletion Request. But, Google, under no circumstances will attempt to identify you if you fail or are deemed ineligible for their automated account recovery process, unless you are eligible for their "In cases of nepotism or media pressure" emergency account recovery procedure.

supernova87a3y ago

Well, wait a second, I think you're going too far. Just because maybe you use Google to a very dependent level in your life, doesn't make it a public good that people have an entitlement to and suddenly you place legal obligations on them.

Your email is not your identity, and your particular email address is not a right. If Google has made available options to secure your email address, what exactly are you entitled to compel Google to do that does not conflict with the security decisions they've also made to protect your account from fraud?

2 more replies

j / k navigate · click thread line to collapse