Elon Musk Finally Realizes That Verification Requires More Than A Credit Card, Planning To Make Users Upload Gov’t ID
from the id-this dept
As you’ll surely recall, Elon’s first big brilliant idea upon taking over Twitter was to conflate two separate offerings that Twitter had: Twitter Blue, a premium upsell with extra features (some of which were useful) with Twitter’s blue check verification program, which was created to help more well known users avoid impersonation. The original blue check system was far from perfect, but it was actually a verification program, in which Twitter went through something of a process to make sure an account actually belonged to the person who claimed to be behind it.
Elon merged the two, took away all the “legacy” bluechecks and basically gave them to anyone willing to pay $8/month. It hasn’t gone well. There have been multiple stories of impersonation, while the bluecheck now seems to symbolize foolish Elon Musk fans with poor decision making ability. Or, you know, neo Nazis.
Now, many months later, it seems that Musk is finally coming around to the realization that maybe “verification” requires more than a functioning credit card.
Of course, as per how things work with Elon, he’s choosing to do it in a sketchy manner. Engadget reports that ExTwitter is now experimenting with a new “ID Verified” option, powered by one of the many 3rd party services that provide ID validation, Au10tix, which makes users upload a government issued ID and a selfie.
Owji, who often uncovers unreleased features in X, first spotted an “ID verified” badge on Musk’s profile earlier this month. Now, he’s discovered an in-app message detailing how it works, suggesting that it may be getting closer to an official launch. “Verify your account by providing government-issued ID,” it says. “This usually takes about 5 minutes.” It explains that users will need to provide a photo of their ID and a selfie.
It seems X is partnering with a third-party “identity intelligence” company Au10tix on the feature. The fine print notes that information shared for verification will be seen by Au10tix as well as X. X will keep “ID images, including biometric data, for up to 30 days” and will use the information “for the purposes of safety and security, including preventing impersonation.”
There are a few of these services out there and… they’re not exactly known for being particularly reliable.
Still, it will be interesting to see how many of Elon’s groupies will be thrilled about having to upload a government issued ID to the company. They seem to trust him implicitly, but they also seem to be the sorts of folks who often don’t really like to give up their real identities.
Meanwhile, does anyone really feel comfortable that if a user who uploaded his or her ID to exTwitter does something to piss off Elon that he wouldn’t use information regarding their identity against them?
So, once again, Elon seems to have realized that his way of doing things doesn’t really work, which brings him all the way back around to the way that Twitter used to do things, but with an extra layer of stupidity/danger involved. It’s not the first time that’s happened, nor will it be the last.
Filed Under: elon musk, government issued id, identification, privacy, selfie, twitter blue, verification
Companies: au10tix, twitter, x
Comments on “Elon Musk Finally Realizes That Verification Requires More Than A Credit Card, Planning To Make Users Upload Gov’t ID”
Of course, part of the problem here is that it assumes all interesting identities are “real world” identities.
That’s not the case.
Major streamers, for example, may have an account solely for their online persona, and it may have no relation (including visually, as is the case with vTubers) to their real identity.
Similar concerns abound with things like drag performers, who may wish to have an account for their stage name… but it’s their stage appearance that would be considered important, which is usually not going to match any government-issued id.
Even absent any privacy concerns, many of these services often poorly understand or serve smaller countries or regions, or non-western ones. ID cards vary widely across the globe… and aren’t required documentation in all countries, perhaps most relevantly in the US.
Also, I’m wondering how the case of things like bot or pet accounts are going to be covered, where the account is being used for an entity that can’t get an ID in the first place…
Re:
Yeah, I have this problem with Facebook, Where this is my public/professional name/identity. Because I ran the facebook page for TorrentFreak (as part of my job) last march they wanted me to ‘secure’ my account with 2 factor. But they sent me this request a week after I had a nervous breakdown so I was in no position to do anything about it. A few months later, when I was to the point of being able to use a computer again, I went to try and access it, but it demands a 2nd factor I don’t have because it created it itself, and never gave it to me. So I have to send identity documents. I have nothing in my ‘professional name’ that they’ll accept, and nothing that’s a government ID matches the name on the account. So it’s locked. And It’s why I felt the idea of Meta making this an upsell earlier this year was a bad thing, and offered my experience to Mike as an example.
So yeah, this is really going to screw a bunch of people up.
Re:
Yes. That’s one problem.
Here’s another: Imagine I gave you a few scans of New Zealand IDs. Some are genuine. Others have had the image and/or text altered after they were scanned. How would you tell which were altered ?
I haven’t heard of any deals between Au10tix and the NZ government, so you don’t get access to any government databases.
Re: Re:
Most of them make you take the selfie in real time. And of course you couldn’t possibly fake that out. Some even require you to blink. Again a foolproof plan.
Re: Re: Re:
The selfie has to be in real time. The picture of the ID doesn’t, and Bilateralrope was talking about altered scans of the IDs.
Even if the picture of the ID had to be in real time, it would need to be able to weed out fake IDs without access to government databases
Re: Re: Re:2
Maybe I should have included a sarcasim tag?
Re: Re: Re:
facebooks does not require you to take a selfie real-time. just upload up to two pictures.
Re:
Omg I’m doing work with IDPs in the govt -to-business space right now and I can’t tell you how difficult it is to get people to understand that ID verification is for an INDIVIDUAL, but the ways in which we interact with online services of all kind may be on some completely other legit basis—as a group, a company, a couple, household. Etc. this is a security issue I don’t think has been thought thru very well least of all by the IDPS.
This looks like a decision that is pre-schedule for catastrophe and spectacle.
Re:
That could describe everything Musk’s done since announcing his intention to purchase Twitter.
This comment has been flagged by the community. Click here to show it.
This is the fourth X-Twitter article today. That is like a new record for TD.
MAMA MIKE’S COOKING A FEAST AGAIN!
Re:
Huh? It’s the second article today.
Re: Re: MAGAmath
It’s the same MAGAmath the use when they draw a curve then plot points.
Re: Re: Re:
The way you project forward statistically from current data is first decide what you want the answer to be and then fit the appropriate curve. Remarkably, you always get the answer you want that way.
I remember teaching a class a long time ago and used real world AIDS data to predict:
1) AIDS would be an extinction event.
2) AIDS was not yet critical to human survival, but it should be watch closely.
3) AIDS would never come close to impacting as many people as heart attacks or car accidents caused deaths in a year.
Remember, there are lies, damn lies, and statistics.
Re: Re:
Sorry, I’ve been working a ton and the perception of time has no meaning to me.
Re: Re: Re:
Time, what is time? Sounds like something a Blind Guardian would ask
Re: Re: Re:2
Sales associate, 1 to 10, almost every day.
Re:
Are you that catturd jackass from twitter? You sound clever enough.
Re: Re:
No, I’m sorry. Just me being a jackass at the moment, didn’t realized that only two articles regarding the mess that is X-Twitter was made in one day and not four.
I have complete confidence that the man notorious for not abiding by contractual agreements will absolutely abide by the stated privacy policy and keep my information secure.
I wonder how this would play out in Scotland, where your name is the one you choose to use. You can make it official, but for many purposes a letter or bill addressed to you under your chosen name is sufficient as identity proof.
That story was about the IRS, which means it was basically just about American identification documents. There are perhaps a few hundred or thousand types of those, but probably tens of thousands of international ones. Remember that some don’t (or didn’t) expire. If someone shows up with a circa-1967 certificate of Canadian citizenship or a city-issued library card (people sometimes forget that cities are governments!), you’ve gotta be prepared for that. But you’ve also got to be on the lookout for stuff like Department of Defiance employee badges and Sealand passports.
What could go wrong?
No worries, I’m sure Elon will be just as careful with the personal identification data of his users as he has been with every other aspect of the platform.
There is no way that this doesn’t end with a massive data breach and the doxxing of a few hunded thousand blue checkmarks who mistakenly trusted Elon to keep them anonymous while they were posting pro hitler memes.
It may require more than a credit card, and all he cares about is the credit card…
I’m as likely to give this arsehole my real identity and documented proof as I am to pay for his ‘premium service’.
I’m as likely to let him implant a chip in my brain as do either of those things.
Which is to say, the heat death of the universe will happen before I do any of that.
I can’t wait see how this goes in the EU.
Identifying a person as being that person, sure. I mean my government has a digital ID program for that. I just get the feeling that Musk/𝕏 wouldn’t make use of that, or the ones offered by other EU countries (if they have a digital ID program).
And any homebrew solution would likely result in every regulator over here lining up to whack 𝕏 as if it were a pinata.
Re:
The top advice against identity theft that I hear/read most often (at least here in the EU) is a strict warning NOT TO UPLOAD PHOTOS OF YOUR ID/PASSPORT AND INCLUDE A SELFIE! ANYWHERE!
They don’t give any advice on how to deal with services/businesses that just demand it.
Re:
I’ve recently opened an online bank account in EU, I needed to take my ID front and back, with different angle, to ensure that some security features appear (like a colored reflections when looking at the ID on the side), and a video of my face while rotating the camera around. I
It took me about 30 minutes to get this validated (after 5 times) and doesn’t seem to be really secure (all images I took could have been only pictures at different angles), but in my case, it’s mainly the bank that would decide, based on my expenses and my behaviour (or random factors), that I’m not impersonnating somebody else, not some pictures.
It’s pretty common in west EU for online banks, I’ve never heard of it for any other service. So I guess banks have a special treatment. The main problem is where is data is stored, biometric laws are strict enough in EU so there is no way any ID picture would leave the EU. So this “feature” would be US only, I don’t think India or China would approve this neither.
I don’t even trust my government to keep my data safe.
And I’ve quit games over the RealID bullshit.
So, why should I hand Elon my ID? He clearly can’t handle anything, and I’m very sure he would set his dad’s fucking former emerald mine on fire if he had to manage it…
and that's a big nope
Any site anywhere that requires a “government document” from me will simply not get my business. I draw the line at a credit card, and that’s only for companies whose business hinges on subscriptions. The assumption being, they’ve had some time to practice handling credit cards in a competent manner.
Re:
The credit card companies have enforceable security requirements for that: get it wrong, and you’ll be cut off from accepting credit cards. There are no such requirements for government ID cards, because governments don’t generally expect people to be using their cards to prove their identity online (even if they effectively require it, as the IRS did with their Montenegrin contractor). If they did, they’d design it to (try to) be secure for that purpose, as Estonia did.
There might be some laws or rules in principle, for businesses in certain jurisdictions. The USA is not one of those. Do not send such photos to American companies, or into any country which lacks enforceable laws. Ideally, not even then. It’s security theater—can’t possibly work, given the multitude of non-standard identity documents worldwide—and acceding to it will only help normalize it.
how did it used to work
out of curiosity how did the id verification used to work on twitter?
Re:
If you applied to be verified, a government ID was mandatory. But many happened without one, because Verification happened without the individual applying. There was little transparency to the process, likely to avoid gamification. For many people, a badge just appeared one day. The process was likely more expensive than $8 or $20 however.
Cross referencing I assume was a core skill. I.E. If @mmasnick is listed on Mike’s Techdirt profile, twitter can gain some value that the handle is associated with the website’s owner.
Beyond that? I don’t have the answers unfortunately.
According to this TAC’s real name is McLovin…
"Elon Musk finally figures out"
To me that sounds like “the water finally figures out the location of the leak”. To me, “figuring out” is something that happens instead of exhausting all other options.
Indeed, Musk and water seem to have a similar propensity of solution-finding by going downhill.
There was a time when developers’ dream job was at Twitter but now I think the situation has changed.
Verification
I use one German service that requires not just a government ID, but requires uploading a 3-5 second video of me taken live on the site I’m on, through my webcam. Then it compares the video to the ID.
Bingo
I see no way that this doesn’t fill every xTwitter bingo card within an hour of going live.
I aborted my attempt to sign up for Instagram when they started this kind of shit with printed codes and selfies. It’s not going to go any better with government ID.
And there are people around here who have no need for government ID – no driving license, no passport, nada.
Thankfully the individual I’m thinking of also has no need for XTwitter.
I notice while Musk says he champions free speech, he doesn’t champion anonymous speech.
McIntyre v. Ohio Elections Commission 514 U.S. 334 (1995)
Protections for anonymous speech are vital to democratic discourse. Allowing dissenters to shield their identities frees them to express critical minority views . . . Anonymity is a shield from the tyranny of the majority. . . . It thus exemplifies the purpose behind the Bill of Rights and of the First Amendment in particular: to protect unpopular individuals from retaliation . . . at the hand of an intolerant society.
From a 1st amendment perspective, Musk is no help.