New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I've seen some providers actually require you to take a picture of the ID while holding it beside your face lol.
That's probably the best way to verify the ID.
My bank hasn't had security issues either
By the way, does anyone know about past identification documents leakage besides Uber?
http://www.webhostingtalk.com/showthread.php?t=1440791&p=9326155#post9326155
Appropriate measures were taken in both security breach incidents. The first one being not as severe because the person who got into our systems simply just rm -rf'd everything and didn't take anything.
Avoid CoinBase. They are (like) scammers. Read: https://www.reddit.com/r/Bitcoin/
I just see a bunch of links to things like this: http://motherboard.vice.com/read/love-is-forever-when-its-written-in-the-blockchain
i add microdots to everything and sometimes randomly placed watermark (site name/company), does not prevent stealing but at least i know who leaked it - both to prevent further problems (I.e. know they have CC stored -> block it) and for legal things.
https://29a.ch/photo-forensics/
You of course have people who try to get by with adding a blur filter / tiny dots to avoid, but I always found an issue on fakes.
One of my favorites was an Eastern Europe carder site that didn't realize they had everyone with an obscure religion.
Providers delete these once verified from what I've seen.
Yes, In some countries it's not legal to ask... Well you purchased from a company in the US who has codes such as KYC, CIP, etc. for banks. And they do process your funds, so best to stay on their good side.
If they have a problem with a watermark, change the watermark like previously mentioned, or watermark it lightly with their company name / move it. That way they know you have the original.
Might differ when directly working with funds and KYC / CIP need to be enforced.
Nice idea
Love this idea, just adding for example 3pt CB in slightly off color to background could identify coinbase if leaked etc.. Doesnt prevent it being reused but at least you have a party to blame. Secret/non-obvious watermarking
I as rule try to never submit to any provider using [known billing/helpdesk with a track record of security on the level of solusvm and cpanel], when the next big 101 level wtf security issue happens (and it will, they are clowns) they're could be tens of thousands of IDs leaked. If I do submit to providers I also try to use a link to dropbox/google drive (which I revoke after a few days) hoping they at least dont save it in some cowboy coded helpdesk system, but I of course can't enforce that.
For passport/drivers license I guess it would be easy to shift some digits around so at least it can't be used for official purposes.
This is what I do incase any ID is leaked, you can use the 2-4 digits you changed to identify which.
Like the .company@gmail, but for IDs, and not obvious. And a tiny blur to avoid my own photo forensics techniques.
Don't send it. They are scammers. Just because they look big and appear in news articles doesn't mean you can trust them. If you've ever done business with them you'll know how unprofessional they are, with support outsourced who knows where, probably working for peanuts and clearly not caring about their job.
And all this KYC crap doesn't mean anything for your security, all it means is they share your information with who knows how many corrupt agencies and officials. Avoid.
KYC protects the customer to make sure their funds are being used.
KYC protects the company from possibly being indicted on money laundering. It's a big deal for financial institutions, and when you're dealing with funds, it means something.
KYC = Know Your Customer.
Clearly you know more about this than me though. On a side note, can I buy some surplus doomsday prepper food from you? /s
Citation? I've never hear of this. Protection is for the company so they don't get accused of money laundering. But like the numpty airport policies (less 50ml liquids etc..) it does nothing to deter real money movers just a massive inconvenience and invasion of privacy for regular people.
Poorly worded. So the company knows with some assurance that the person's credit card being used is actually them.
Stop trying to spin this into civil liberties with the 'many corrupt agencies'
No one gives a crap about you beyond making sure they aren't going to get a chargeback because your card was included in some dump going around.
Coinbase likely has to follow KYC and such... working with finances.
If you don't like it, use something like LocalBitcoins and don your tin foil hats. Tried explaining this from a provider's perspective, but logic doesn't work here.
I think Xapo also does buy/sell? Expect KYC as well though.
If you tell us what you wanted to use Coinbase for, we can tell you alternatives.
Kraken is great, I've heard.
https://play.google.com/store/apps/details?id=com.milvum.kopieid&hl=en
I'm happy that our government actually tries to prevent people just giving companies a full ID
Wow! Now that's a great app. How can it only have ~100k downloads?
It's only in recent years that companies have been asking people to take a selfie of themselves holding their ID. For many years now all you had to do was submit a scanned copy of your ID!
Sometimes you just have to smile and nod. Personally I don't trust a company that's more concerned with satisfying the requests of the most paranoid individuals than they are protecting their platform and their wellbeing through solid risk management via time tested techniques. We have a name for those and they're called "skid hosts." They're a dime a dozen and they come as quickly as they go.
There are many people who want just that though, and many of them post here. They're often the ones you'll see ordering from some kid reseller because they know the kid is too dumb to protect his investment. They get some service for a while and move on to the next when that one is used up.
Obviously privacy concerns are extremely important and we should all protect ourselves as customers, but any actual reader not just wanting to start an argument will note that I clearly said "the most paranoid individuals." That doesn't include the privacy hobbyist, which is generally the one who is most interested in arguing these matters. There is definitely a class of hobbyist surrounding privacy post-Snowden.
Yup. People in billing & abuse don't really file your information anywhere, more check to see it's not a fake ID or obviously carded, approve and delete from what I've seen.
No adding to big brothers database, no 1984 stuff. With Hilton hacked last year, Hyatt just releasing 250+ hotels breached since August, and credit card skimmers a dime a dozen at gas stations, Abuse is more interested in avoiding chargebacks.
But yeah, 1984, big brother, and cloud / Obamacare, etc. Whatever.
But then things like this happen and you understand everyone can distribute your ID.
If I'm correct, that link suggests merely that anyone can request your ID. Certainly that would always be true, wouldn't it? No policy at any company prevents someone from joining a live chat session and requesting customer information
If you're doing business with someone that you think would sell your information for $10, you're doing a few things wrong lol
If they're actively offering money to random hosts it's because they know some will sell.
I don't think submitting docs for validation is wrong (I have verified accounts in several dozens of sites, including financial ones).
But I agree that it's dangerous and that there is no guarantee that those who no longer need them (non-financial related) actually delete them (which makes them available in case of security breaches, disloyal employees, system errors...) so they are a potential source of problems.
I mean, maybe. It's hard to know for sure. Surely somewhere along the way people have to try new tactics and fail at them before discovering the ones that work
True. You just gave me an idea, dangerous one though so I won't post it here.
Just to be clear. I understand the checks hosting providers choose to do, and ideally have to do to avoid charge-backs and not risk the IP reputation of their space through spam/warez/bots abuse, this is good practice. Storing these in WHMCS etc.. is err... well I'll keep my tin foil hat and milk and cookies on that one
KYC was mentioned earlier in the thread, and interpreted to something else, my response was specific to financial KYC regulations, its not there to help chargebacks. I think there is some confusion around the general idea of know your customer (fine) and the specific KYC guidelines that organisations use when involved in the movement of money to avoid being accused of facilitating money laundering, the latter of which are problematic, overly pedantic in their requirements (the A and B list etc..) and do very little to serve the need they were introduced for (i.e. it wasn't to protect chargebacks). KYC regulation is not something that concerns hosting companies.
I'm not a tinfoil hat like a majority on here as I regularly send out a similar watermarked driver's license out when I transfer parts of my collection to a FFL dealer for Form 4473 compliance. It's over the signature area.
I wrote "Coinbase IDV" over my signature. Example of my state's ID below.