@nixCraft A workaround is to have the person take a selfie with their id document, both at creating the account and when doing something very risky (like taking a big loan).

Automated face recognition should be used by the bank to match both face *and* id document - image AIs are notoriously bad at creating small details, like filigree in the id document's surface.

@nixCraft It still looks a bit too nice for just a quick selfie, but still very close. Concerning as it will prompt for even more ID when it comes to some verification. Anonymity might really be gone in the new web.

@nixCraft This website is getting really good at this.
https://thispersondoesnotexist.com/

@nixCraft enthusiastically yes!

This kind of tech will be used in nefarious ways but ultimately it protects our right to privacy.

If this tech is left unchecked visual evidence will no longer hold the "proof" it does currently and the justice system will be required to do its job again and provide definitive evidence from multiple sources.

@nixCraft@mastodon.social as much as I hate KYC laws, this tech is just gonna force companies and the government to push further invasive forms of online verification. Hopefully in person registration for banks n such still remains an option for those who value their privacy ​:sob:​

@nixCraft why can't I simply prove that it's me by a gov issued TOTP or other cryptographic key pair? #wishlist

@nixCraft #fuckingcapitalists

@nixcraft if only this could stop the kyc madness and the invasion of #privacy it causes

@nixcraft

It was never secure to take presenting a webcam picture of an ID card and a person as some kind of evidence that you are who you say you are. Banks and other institutions need to stop deciding other people are you just because they can produce pictures of your stuff.

@nixCraft post looks like it's since been deleted and I can't tell if it's a troll from the imgur they linked

https://imgur.com/a/BsIiWpi

others in the comments have this right, that KYC is often a load of crap anyway

How thinking people have let moron led processes become the arbiter of legitimacy and identity is beyond me.

As usual, any "improvements" to KYC processes, punish all users, to protect against the bad behaviour of startlingly few actual bad actors

@nixCraft Well crap, there goes that authentication vector.

It’s crazy how well established human-tests that have exited forever can just suddenly cease to exist.

@nixCraft This is IMO good. This verification method was bonkers from day one. Merely an inconvenience for someone who really wants to impersonate someone and not-so-great for many reasons for ordinary people.

@nixCraft Next step: AI fakes a whole verification call with a Callcenter-Agent.

@nixCraft Doing security processes cheaply works until the attackers gain a capability that allows them to attack it cheaply.

For example, in Canada, I can log into the tax authority (CRA) using a trusted bank as an identity provider, most of which still do KYC the old-fashioned way, at the bank branch with Gov ID and so on (which is more expensive for an attacker, and harder to scale, not impossible though).

Cat and mouse, the game continues.

@nixCraft considering what the AIs are trained on I feel like ugly nonwhite people will be safer from this for a while longer.

@nixCraft Imagine when banks will introduce the "Verify your Bard" service.

@nixCraft this will change /r/gonewild forever

@nixCraft ну все, прощайте удобные банки и удаленные сервисы. Добро пожаловать снова в пение прогулки в МФЦ, банки и прочие собесы