Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>Grounding identity in a phone number is very reasonable for almost all normal usage

In many jurisdictions, telecoms form an abusive oligopoly, and you need to provide a state-issued identity document to get a phone number.

That is not at all reasonable for normal usage - unlike well-known non-abusive authentication methods, such as a keypair; or its even simpler cousin, the username/password.



I guess it depends on what you consider normal. Most of the humans I know find it vastly easier to produce a state issued id to an authority than to generate a public/private key pair.


What's easier: to obtain state ID, or to sign up to a website with your preferred username and password?


Well, I and a lot of the people I'm going to talk to through things like Signal are going to have a state ID regardless as I live in a country where one practically needs to drive a car to function in society.

On top of that so many other things just inherently expect one to have a phone number. It would be somewhat odd to not have a phone number for most of the people I know and talk to through platforms like Signal.

So to your question of which is easier, having the state ID and a phone number is easier because I'll already have that for a multitude of reasons.

If you live in a place where its rare to have a phone number, then yes I agree Signal probably isn't a good choice.


That's not what I asked.


You asked which is easier, and I gave my answer. It's easier for me and many many many millions (billions?) of others to have a phone number and state ID, because we'll have already had a phone number and state ID on hand for decades beforehand and have shared that number with the people we're already talking to while making a new identifier and sharing it would be quite a bit more work.

What's easier, using a tool that's already in your hand or going to the tool store, searching for a new one, and swapping to that one? Just using the tool already in your hands, that you're already using, that you've been using for a long time.

It's exactly what you asked, just not the perspective you cared to look at.


In the time it took you to selectively bring various outside context "for perspective" (instead of answering the question as asked) you could've registered a brand new account with username, password, email confirmation, and OTP 2FA, on any service that supports those.

If you insist that 2+2 equals "3 or 5 depending on perspective", ok sure let's work with your scenario of comparing registering a pre-existing state/telco ID with creating a brand new user/pass account (again: instead of what I asked you to compare). Well, suppose you were to lose your ID and/or your SIM - do you think you'd be able to renew them and regain access to your stuff in the same amount of time it's taking me to write this now?

Plus, I guess you've never seen bad actors buy fake ID/SIM accounts faster than you can block 'em - and much more quickly than any individual good-faith actor (with a single ID/SIM honestly linked to meatspace) would able to get out of harm's way in such a scenario.

>What's easier, using a tool that's already in your hand or going to the tool store, searching for a new one, and swapping to that one? Just using the tool already in your hands, that you're already using, that you've been using for a long time.

Hammers, nails... You're trying to make it make sense by dumbing it down.

In the end (again conforming to your framing), the "easier thing" is the one that fewer people will expend energy to prevent you from doing. And this last consideration kinda-sorta makes your reply be an answer to my question, except that I had to do the work of connecting the two, so now you owe me 100EUR.


> instead of answering the question as asked

I've answered it twice. Its easier to use the thing you already have than it is to make something new. Is that really difficult to understand?

> you could've registered a brand new account with username, password, email confirmation, and OTP 2FA, on any service that supports those

And then spend the many, many, many hours to share that new unique identifier with all the people I want to talk to. Or I can just continue using the same identifier they already know me by and have known me by for decades.

> I guess you've never seen bad actors buy fake ID/SIM accounts as quickly as you can block 'em

Whaaaa I thought you just told me a phone number is such an incredibly hard and challenging thing to get, now you're telling me anyone can easily get them anytime they want?

So phone numbers are incredibly challenging to get and yet people get them all the time easily. Otherwise, if phone numbers aren't hard to get and anyone can just freely get them what are we even really debating about?

For billions of users, having a phone number as their identifier isn't a challenge and is for sure the easier process and having to make a new unique identifier is a bigger deal and introduces far more roadblocks to effectual adoption. Its why WhatsApp uses it, its why iMessage uses it, its why Telegram uses it, its why WeChat uses it, and many others.


>Its easier to use the thing you already have than it is to make something new. Is that really difficult to understand?

I asked which is easier to make.

This is, evidently, an extremely difficult question to understand.

>Whaaaa I thought you just told me a phone number is such an incredibly hard and challenging thing to get, now you're telling me anyone can easily get them anytime they want? >So phone numbers are incredibly challenging to get and yet people get them all the time easily.

Not phone numbers; accounts gatekept by them.

Not anyone; only bad actors.

>I thought you just told me

What I just told you is written in the parent post.

You have the right to misread it any way you like, and think whatever comes to your mind easiest. But since that's not how a conversation works, I will ask you to exercise that right somewhere I can't see you - and by the way you still owe me 100EUR, but since I'm not an actual cyberstalker, I won't be chasing you down to collect. So relax.


> I asked which is easier to make.

Which is easier to make? The one I don't even have to make, I already have.

Which pizza is easier to make, the premade pizza that's already ready to eat and is right in front of you, or the pile of ingredients in the pantry and fridge? Uhh...the pizza in front of you ready to eat? Put it on a plate and eat, it's there, it's ready to go. And practically everyone already bought their pizza and it's already in front of them.

And no, you didn't ask which is easier to make.

> What's easier: to obtain state ID, or to sign up to a website with your preferred username and password?

Where's the word "make" in that?

> Well, suppose you were to lose your ID and/or your SIM - do you think you'd be able to renew them and regain access to your stuff in the same amount of time it's taking me to write this now?

Well, I'll end up wanting to replace that ID and SIM for once again a multitude of other reasons, so having that identifier tied to that really doesn't increase any complexity. Its really not that big of a challenge for billions of users, its something they're going to already do. When the school needs to urgently get a hold of me, they'll call my phone number not refer to me by some handle on a jabber server with a population of one. This same thing applies over and over and over and over for tons of people.

Meanwhile if I've got other accounts tied to other processes that get lost in their own unique ways, I'll have separate issues to get those unique identities recovered. Sounds like more work, not less work.

You now owe me 20,000,000,000,000,000,000EUR, but since I'm not an actual cyberstalker, I won't be chasing you down to collect. So relax. Such a useless thing to add to the conversation.


>the school

My condolences to any children who have to interact with you.

>You now owe me 20,000,000,000,000,000,000EUR, but since I'm not an actual cyberstalker, I won't be chasing you down to collect. So relax. Such a useless thing to add to the conversation.

Nah chill, I'll be there shortly with the money.


Obtaining your first id is obviously difficult. But so is obtaining your first computer. If you’re on good terms with your government, obtaining the id is easier. That’s really the key. Sure if you focus on hostile states this stuff all makes sense. If you’re insistent on hiding from authorities then many things become much more difficult, by design.


That's not what I asked.


You asked the wrong question. Sorry if you still don’t understand why. Seems others are also trying to help you understand but maybe you don’t want to.


>You asked the wrong question.

Oh, so there are "wrong questions" now? Yeah, I guess I'll have to get better at asking those real quick.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: