And god do I hate every second of it. My bank is the worst offender, because they allow me to log in, look at my balances and everything. It is until I decide to transfer funds from savings to checking, do they suddenly decide “WAIT! VERIFY YOUR IDENTITY!”. All the while that I’m logged in!

Trying to call customer support to a car dealership to discuss changing dates on your lease? Welp, be prepared to know your child’s name, your state, your blood sample and all other shit just to reach an agent so you can ask one simple question.

Google sucks balls for this too, obviously. Can’t just simply sign in anymore, nope, gotta go find your phone and tell that, that it’s you trying to log in and then you can go in.

Not to mention the amount of fucking codes we have to enter along the way. This shit piles up, people. We waste minutes to hours, collectively, on doing this shit.

  • oberstoffensichtlich@feddit.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    The government already knows my name and where I live, so if I trust them or not isn’t important.

    To alleviate the issue with copied cards, cryptographic signatures and certificates can be used. The certificate is on your card and it’s signed by the government. Your certificate contains a private and a public key. The private key never leaves the card, only the public key. The public key is signed by the government.

    So if a service wants to ensure your identity, they will give you a cryptographic challenge. That is then signed using your private key on your card. The service then can verify your signature by using your public key. The service can then verify your public key by contacting a government server. That way you can prove to anyone that you’re in possession of the physical ID card. The private key on the card can be further protected by a pass phrase.

    So if someone wants to steal your identity, they would need your physical card and your passphrase.

    If your physical card and passphrase gets stolen, you report it to the government and they revoke their signature of your public key. So if a service wants to verify your identity, the government server will reply that the ID is not valid.

    This is how SSL and public private key cryptography works in general. The issuing authorities don’t have to be governments.

    • Onno (VK6FLAB)@lemmy.radio
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      I understand your point. I’m not sure that you understood mine.

      Let’s say that we do as you say. To issue the signature, the Government would need to verify your identity, which as you point out, they already can. Here’s the kicker. After verification, the signature is now linked to those same details in their systems. This makes them a massive target. One that they are ill-equiped to deal with.

      That’s why I am not a fan of this idea.