Posted by guiambros 5 days ago
Why do we treat passport numbers as passwords instead of a login?
They're required to, it's part of the in-person hotel check-in process to require showing photo id, and registering all guests with the local police department.
If you're a foreigner, and rather use a service where in-person check-in is impractical, they'll naturally ask for a photo to meet their legal obligations.
Because some stupid people thought that photos of passports have any security / validity (including banks, brokerage firms). Interestingly none of them would accept photos of cash as payment though.
Banks had been hesitant to embrace cryptocurrencies, but they see the value of CBDCs and so are trying to push those. So they will accept something close to that as long as there a large legal market for crypto, which there is from their point of view and role in the market.
I will trust his lawyers are right _for Australia only_ (although I have my doubts, and would love to see their reasoning), but in the UK this feels like a clear breach of the Computer Misuse Act[0], and I can't recommend enough that you don't do this.
What is the "vulnerability" by the "airlines" here?
Finding a former Australian prime minister’s passport number on Instagram (2020) - https://news.ycombinator.com/item?id=34966909 - Feb 2023 (41 comments)
When you browse Instagram and find Tony Abbott's passport number - https://news.ycombinator.com/item?id=24488224 - Sept 2020 (340 comments)
Edit: The blog post also mentions this:
https://mango.pdf.zone/finding-former-australian-prime-minis...
- https://www.myid.gov.au/verifying-your-id-in-myid#myid-Austr...
- https://www.afp.gov.au/sites/default/files/PDF/NPC-100PointC...
- https://www.equifax.com.au/personal/identity-verification-10...
The blog post has more use case examples:
https://mango.pdf.zone/finding-former-australian-prime-minis...
A passport is a primary document (equivalent to a birth certificate) and gives you 60-70 points. It can't be used alone, but in conjunction with another id (forged or stolen) would allow for identify theft.
Knowing the passport number + name + birthday gives you access to someone's US travel history.
They basically used a series of escalation of seemingly innocuous personal data to eventually take over everything.
IIRC they somehow got his last 4 credit card details from Amazon then used that to get through the Apple account recovery flow from there they then had his entire key chain.
So "what is a passport number really used for" is like that but on steroids.
I also recall someone's daily life turned into a nightmare because someone successfully socially engineered their power company and maybe phone company to generally harass them. So while I also have no intuition for why or how a passport number is sensitive I rationally know better and am very careful about even how I discard old boarding passes etc
EDIT also worth adding that as a foreigner/non native my passport number is also often used in place for a social security number
With passport and driving licence, you can do anything you want, but at least they are photo ID with some anti-forgery features.
The time to steal someone's identity is before they get their first driver's licence and passport!
Closest might be a Medicare Card which gives you access to free/discounted public health that can be used as part of identification. Usually children are on their parents card.
Drivers licence is also a primary identifier, and students can use their school student id.
It always reminds me a lot of here in the US: Incredible land, a vast ecology, great history and subcultures, and some truly amazing people unfortunately drowned out by a staggeringly large population of loud morons who seem hellbent on voting in the worst possible people to run the whole thing, people who often couldn't care less about the things that make their country truly great, while leaning heavily on populism and deception as a means to retain power.
I wouldn't be surprised if the US eventually requires ID for phone numbers, either, the way things have been going.
Like, "buy a burner phone and go offgrid, where nobody knows your name" isn't something I've ever wanted. That's a cowboy dream. Its not really an australian dream. Its certainly not something I've ever wanted. I want to live my life with a competent government and competent police force that - for the most part - I can trust to do the right thing. So long as its not abused, I'm ok with a court order being able to coerce my email provider into giving the police access to my emails. As I understand it, almost all of these requests happen because of crimes. I want the police to solve crimes. Judges here aren't elected. They're mostly retired lawyers trying to do the right thing. I want to trust them. And - I think - for the most part we can.
I lived in Melbourne during the pandemic. Our whole state got shut down hard for months. I can't tell you how weird it was seeing news of protests in NY on our behalf. Like, thats so sweet of you. And so stupid. And so unwelcome. Locals overwhelmingly supported what our state premier, Dan Andrews was trying (and failing) to do. In the next state election, most of the other parties barely bothered campaigning because Dan was so popular.
I get that lots of americans think of australia sort of like a weird extra state. But we're not. We have our own country, our own values, our own culture and our own, super boring constitution. You can see who we are plain as day in this blog post - where eventually Tony Abbott (think Bill Clinton or Obama) calls up the blog post writer on the phone and asks him for tech advice, and admits he doesn't understand anything about computers. Thats the australian way.
Americans having hot opinions about australian politics is like russians having hot opinions about american politics. Even when I agree with you on the details (and I sort of do), its a bit weird and creepy.
For example, my country routes internet traffic to Australia solely to take advantage of its pro-surveillance laws while undermining my rights as a US citizen to resist unauthorized search and seizure. Australia is a global player in the intelligence community and that should not be ignored.
Furthermore, the great barrier reef is of global importance, but Australia's government often works against the UN's preservation efforts and doesn't take preservation or climate change seriously. That is something that should alarm someone from any country. So let's dispense with the pejoratives, and dispense with the bias over protests I had no part in and shouldn't be associated with just because I'm American. This is a big country, with lots of opinions.
The UK, the US, AU, and others have long cross outsourced spying on citizens for the hand washing aspects, US private companies are responsible for a hefty load of that and happily sell their privacy invasion summaries to US and other intelligence services.
Then sort out the laws in your country.
As an Australian citizen, I can't "fix" US politics. I can't and I wouldn't want to try - because its not any of my business. If the US government really wants to infringe on your american civil liberties, there's nothing I - or any other Australian - can do to stop them. (Well other than meddling in your elections or invading - and I don't think anybody wants that). Its up to you and your countrymen. Nobody else can vote.
As for the environment and the great barrier reef - politically I totally agree with you. Its an unfolding, unforced tragedy. But you've also gotta understand, if your president says he wants to largely ignore the rest of the world and do whats best today for americans, it weakens your moral standing when you lecture others about doing the same. You can't have it both ways.
That's great, but I didn't ask you to, and I am pretty confused where you got this notion that I was.
> if your president says he wants to largely ignore the rest of the world and do whats best today for americans, it weakens your moral standing when you lecture others about doing the same.
It absolutely does not weaken my moral standing. I did not vote for the traitors currently making a farce of my country. That has absolutely zero to do with what I've mentioned here.
I'm really not sure the purpose of your comments or what value you're attempting to add to this thread.
It would be cheap to shoot back with criticisms of the US. But that would be pointless. So, I think its a more interesting conversation to talk about where the wall should be here. How do we talk here, between our countries?
> It absolutely does not weaken my moral standing. I did not vote for the traitors currently making a farce of my country.
I don't agree. I don't think your voting habits in particular give you enough distance to absolve you entirely for anything your leader does internationally.
I see it as an API boundary question. Imagine if your company ships a buggy product. From inside the organisation, it's legitimate to say "The bug is not my fault!". But from the outside, nobody cares. The whole organisation is collectively responsible for their successes and failures. The reputation of the whole organisation is elevated when they put out good products. And that brand reputation suffers when they put out bad products. I don't care which engineer in particular implemented a bug on my iphone. I care that my iphone is buggy. And the inverse - my airpods are amazing, and that makes me want to buy more apple products.
Its the same with countries. You and I both live in representative democracies. We're represented by whoever wins our elections. Even if you didn't vote for Trump, collectively your country voted for Trump. Like him or not, as a nation, you've collectively decided to make him your leader & representative. He represents you on the world stage. In some sense, thats what a nation is: its a collection of people who tie their fate together. Who rally around a collective vision for the future.
Its the same for me. I would like it very much if our country stopped ruining our coral reefs. I didn't vote for those policies (and I personally pushed back against a lot of Australia's surveillance laws). But internationally I still have to wear some shame for what my country is doing.
I once bought a very cheap Optus phone just to use for work 2FA (might have been PingID). Never registered it but it could still authenticate via the Optus cell network using a lower level transport protocol. Meant I could use 2FA with no wifi connection and the phone in airplane mode to conserve battery.