jm + identity   10

UIDAI’s Aadhaar Software Hacked, ID Database Compromised, Experts Confirm
The authenticity of the data stored in India's controversial Aadhaar identity database, which contains the biometrics and personal information of over 1 billion Indians, has been compromised by a software patch that disables critical security features of the software used to enrol new Aadhaar users, a three month-long investigation by HuffPost India reveals.

The patch—freely available for as little as Rs 2,500 (around $35)— allows unauthorised persons, based anywhere in the world, to generate Aadhaar numbers at will, and is still in widespread use.

This has significant implications for national security at a time when the Indian government has sought to make Aadhaar numbers the gold standard for citizen identification, and mandatory for everything from using a mobile phone to accessing a bank account.
security  aadhaar  identity  india  privacy  databases  data-privacy 
8 weeks ago by jm
Trans kids & the people who hate them
Research (Mental Health of Transgender Children Who Are Supported in Their Identities, Olson et al. 2016) has shown that children whose preferred gender identity is accepted by family and friends have no worse mental health outcomes than other children. But those who are not accepted are much more likely to have mental health issues, self harm or take their own lives.
We can take from this that acceptance causes no harm, but non-acceptance causes harm — so why are so many people angry with parents for accepting their trans kids?
trans  children  kids  parenting  society  gender  identity 
june 2018 by jm
BBC News - South Korean ID system to be rebuilt from scratch
There are several reasons that the ID cards have proved so easy to steal:

Identity numbers started to be issued in the 1960s and still follow the same pattern. The first few digits are the user's birth date, followed by either a one for male or two for female;

Their usage across different sectors makes them master keys for hackers, say experts;

If details are leaked, citizens are unable to change them


via Tony Finch.
south-korea  identity  id-cards  ppsn  hackers 
october 2014 by jm
Nyms Identity Directory
The way that [problems with the PGP bootstrapping] are supposed to be resolved is with an authentication model called the Web of Trust where users sign keys of other users after verifying that they are who they say they are. In theory, if some due diligence is applied in signing other people’s keys and a sufficient number of people participate you’ll be able to follow a short chain of signatures from people you already know and trust to new untrusted keys you download from a key server. In practice this has never worked out very well as it burdens users with the task of manually finding people to sign their keys and even experts find the Web of Trust model difficult to reason about. This also reveals the social graph of certain communities which may place users at risk for their associations. Such signatures also reveal metadata about times and thus places for meetings for key signings.

The Nyms Identity Directory is a replacement for all of this. Keyservers are replaced with an identity directory that gives users full control over publication of their key information and web of trust is replaced with a distributed network of trusted notaries which validate user keys with an email verification protocol.
web-of-trust  directories  nyms  privacy  crypto  identity  trust  pgp  gpg  security  via:ioerror  keyservers  notaries 
august 2014 by jm
The University Times: TCD Provost Under Pressure To “Re-think” Identity Initiative
Students, staff and alumni put pressure on Provost to reconsider changes to Trinity College Dublin's name and coat of arms.
alumni scholars from 2004 and 1994 who had been invited back for the dinner shouted ‘Dublin’ after the Provost welcomed them back to “Trinity College”.
tcd  tcuod  rebranding  fail  identity  dublin 
april 2014 by jm
Experian Sold Consumer Data to ID Theft Service
This is what happens when you don't have strong controls on data protection/data privacy -- the US experience.
While [posing as a US-based private investigator] may have gotten the [Vietnam-based gang operating the massive identity fraud site Superget.info] past Experian and/or CourtVentures’ screening process, according to Martin there were other signs that should have alerted Experian to potential fraud associated with the account. For example, Martin said the Secret Service told him that the alleged proprietor of Superget.info had paid Experian for his monthly data access charges using wire transfers sent from Singapore.

“The issue in my mind was the fact that this went on for almost a year after Experian did their due diligence and purchased” Court Ventures, Martin said. “Why didn’t they question cash wires coming in every month? Experian portrays themselves as the data-breach experts, and they sell identity theft protection services. How this could go on without them detecting it I don’t know. Our agreement with them was that our information was to be used for fraud prevention and ID verification, and was only to be sold to licensed and credentialed U.S. businesses, not to someone overseas.”


via Simon McGarr
via:tupp_ed  privacy  security  crime  data-protection  data-privacy  experian  data-breaches  courtventures  superget  scams  fraud  identity  identity-theft 
october 2013 by jm
Fingerprints are Usernames, not Passwords
I could see some value, perhaps, in a tablet that I share with my wife, where each of us have our own accounts, with independent configurations, apps, and settings.  We could each conveniently identify ourselves by our fingerprint.  But biometrics cannot, and absolutely must not, be used to authenticate an identity.  For authentication, you need a password or passphrase.  Something that can be independently chosen, changed, and rotated. [...] Once your fingerprint is compromised (and, yes, it almost certainly already is, if you've crossed an international border or registered for a driver's license in most US states), how do you change it?  Are you starting to see why this is a really bad idea?
biometrics  apple  security  fingerprints  passwords  authentication  authorization  identity 
october 2013 by jm
Surprisingly Good Evidence That Real Name Policies Fail To Improve Comments
'Enough theorizing, there’s actually good evidence to inform the debate. For 4 years, Koreans enacted increasingly stiff real-name commenting laws, first for political websites in 2003, then for all websites receiving more than 300,000 viewers in 2007, and was finally tightened to 100,000 viewers a year later after online slander was cited in the suicide of a national figure. The policy, however, was ditched shortly after a Korean Communications Commission study found that it only decreased malicious comments by 0.9%. Korean sites were also inundated by hackers, presumably after valuable identities.

Further analysis by Carnegie Mellon’s Daegon Cho and Alessandro Acquisti, found that the policy actually increased the frequency of expletives in comments for some user demographics. While the policy reduced swearing and “anti-normative” behavior at the aggregate level by as much as 30%, individual users were not dismayed. “Light users”, who posted 1 or 2 comments, were most affected by the law, but “heavy” ones (11-16+ comments) didn’t seem to mind.

Given that the Commission estimates that only 13% of comments are malicious, a mere 30% reduction only seems to clean up the muddied waters of comment systems a depressingly negligent amount.

The finding isn’t surprising: social science researchers have long known that participants eventually begin to ignore cameras video taping their behavior. In other words, the presence of some phantom judgmental audience doesn’t seem to make us better versions of ourselves.'

(via Ronan Lyons)
anonymity  identity  policy  comments  privacy  politics  new-media  via:ronanlyons 
january 2013 by jm
Massive identity-theft breach in South Korea results in calls for national ID system to be abandoned
In South Korea, web users are required to provide their national ID number for "virtually every type of Internet activity, not only for encrypted communications like e-commerce, online banking and e-government services but also casual tasks like e-mail and blogging", apparently in an attempt to "curb cyber-bullying". The result is obvious -- those ID numbers being collected in giant databases at companies like "SK Communications, which runs top social networking service Cyworld and search site Nate", and those giant databases being tasty targets for black-hats. Now:

"In Korea’s biggest-ever case of data theft the recent hacking attack at SK Communications, which runs top social networking service Cyworld and search site Nate, breached 35 million accounts, a mind-boggling total for a country that has about 50 million people and an economically-active population of 25 million. The compromised information includes names, passwords, phone numbers, e-mail addresses, and most alarmingly, resident registration numbers, the country’s equivalent to social security numbers."

This is an identity-fraudster's dream: "In the hands of criminals, resident registration numbers could become master keys that open every door, allowing them to construct an entire identity based on the quality and breadth of data involved."
south-korea  identity  fraud  identity-theft  web  bullying  authentication  hacking 
june 2012 by jm
Me and Belle de Jour – ‘Could it be Brooke?’
LinkMachineGo knew the true identity of Belle du Jour way back when -- and set a Google trap to ensnare snooping journos. nice work
belle-du-jour  google  blogging  blogs  via:waxy  privacy  googlewhack  identity  daily-mail  journalism  from delicious
november 2009 by jm

Copy this bookmark:



description:


tags: