Bitcoin Forum
November 19, 2017, 10:03:03 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: ID'ing yourself online and avoiding identity theft.  (Read 3463 times)
Herodes
Hero Member
*****
Offline Offline

Activity: 868


View Profile
September 10, 2012, 06:23:49 PM
 #1

Seeing that even very large companies (Sony, Linkedln) and others have break ins, and loss of customer data, it must be assumed that any information and/or data that you send anywhere, could at one point fall in the wrong hands, be it after a IT break in or some rogue employee stealing the information.

To decrease the likelyhood of identity theft, I have often put visible watermarks on copies of my passport that I upload to a company and also blacking out the last numbers in my social security number. This way, even if someone get's their hand on this identification document, it's that much harder to misuse it.

Now, dealing with a legitimate company that's been in business for many years, I have no reason to think that they're going to misuse the information, but depending on how this information is stored within their company, it could be compromized at some point in time.

Looking at the nightmarish stories about people that's been subject to identity theft, I would like to avoid that 100%, or reduce the chance of it happening as much as possible.

So, in the event that my uploaded identification paper ever get's lost, I would like to have some method of knowing where it was compromized, so that I could have evidence in the event there ever was identity theft.

Some companies doesn't allow an uploaded ID scan to be altered, so how could I protect myself in this case ? Obviously I would go after the company if the uploaded ID scan was ever lost, but if I have accounts with several companies, how would I know where the leak is ?

I was thinking, would there be possible to have some kind of 'invisible' watermark on the uploaded documents, which could be spotted (by a program for example) if the document ever were to be lost ? That way I think the evidence would be very clear, in the event there ever was a problem.

Another idea was to make notarized copies of my passport every time I do this, with different dates, and then noting down which copy was sent to which company. However, this would incurr some logistic costs (which would far outweight the cost of identity theft itself admittedly), but would still be a hassle.

So, the easiest way would perhaps be to have some kind of watermarking embedded in the picture, that would remain, even if the ID scan was ever copied by some high res cam taking picture of a screen.

I'm surely going to investigate this online, to see if existing methods for watermarking exists, would also be glad if anyone had input on this.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
September 10, 2012, 06:29:04 PM
 #2

Sadly there is really no good solution.  Methods like digital watermarking can be used but that just allows you to determine where the ID was leaked from.  It doesn't do anything to prevent the ID from being leaked/hacked to begin with.   The only solution to that problems is for only highly trusted people to have access and the number of people kept to a minimum.

What really needs to exist is a CA (or more likely multiple competing CA).  The CA would be bonded (so you can sue the living crap out of them in the event of negligence) backed by deep pockets and have full time security staff on the payroll.  You create a GPG keypair and submit your required docs/ID GPG signed and encrypted.  The CA could take additional steps like doing public records & credit report search to deter identity thieves.  The CA would be audited and adopt strong security policies (like never keeping ID/docs online, using hardened facilities, encrypted off-site backups, etc).

Third parties (like exchanges, OTC trading partners, merchants, etc) could then trust your ID if they trust the CA.  Of course in some instances this would require legislation (i.e. AML rules modified to say that if a FinSEC approved CA has confirmed the indentity then the bank/exchange can use the cert of CA as proof without original docs).   These kinds of problems exist simply because Bitcoin is on the cutting edge.

Herodes
Hero Member
*****
Offline Offline

Activity: 868


View Profile
September 10, 2012, 06:49:44 PM
 #3

Sadly there is really no good solution.  Methods like digital watermarking can be used but that just allows you to determine where the ID was leaked from.  It doesn't do anything to prevent the ID from being leaked/hacked to begin with.   The only solution to that problems is for only highly trusted people to have access and the number of people kept to a minimum.

What really needs to exist is a CA (or more likely multiple competing CA).  The CA would be bonded (so you can sue the living crap out of them in the event of negligence) backed by deep pockets and have full time security staff on the payroll.  You create a GPG keypair and submit your required docs/ID GPG signed and encrypted.  The CA could take additional steps like doing public records & credit report search to deter identity thieves.  The CA would be audited and adopt strong security policies (like never keeping ID/docs online, using hardened facilities, encrypted off-site backups, etc).

Third parties (like exchanges, OTC trading partners, merchants, etc) could then trust your ID if they trust the CA.  Of course in some instances this would require legislation (i.e. AML rules modified to say that if a FinSEC approved CA has confirmed the indentity then the bank/exchange can use the cert of CA as proof without original docs).   These kinds of problems exist simply because Bitcoin is on the cutting edge.

The CA idea for ID documents is actually a good one, IMO. At the moment, I think the best bet would be to know where the leak was, and then to go after that company. It surely is a problem, as the risk of your ID leaking to some black market or being stolen increased the more places you submit it too, but many places you can't trade unless you give out your photo ID.
DublinBrian
Full Member
***
Offline Offline

Activity: 197


View Profile
September 20, 2012, 03:43:33 PM
 #4

Some companies doesn't allow an uploaded ID scan to be altered, so how could I protect myself in this case ?
Which companies do not allow this? I would not do business with a company like that.

I usually send my ID to companies, with the words "For company x use only 20/9/12" printed across the document, including across the photo.

However, I would like to know how other people encrypt their identity document and send by email, if the company does not have a public key? Sometimes I have used winzip, but I dont think its very secure.

I was thinking, would there be possible to have some kind of 'invisible' watermark on the uploaded documents, which could be spotted (by a program for example) if the document ever were to be lost ?
Invisible watermarks are no good, unless other companies look for them, when the ID is presented to them, for account opening.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!