this post was submitted on 27 Aug 2025
831 points (97.4% liked)

Technology

77096 readers
2786 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
831
The entire US Social Security database was uploaded on a random cloud server, Whistle-Blower Says (www.nytimes.com)
submitted 3 months ago* (last edited 3 months ago) by Davriellelouna@lemmy.world to c/technology@lemmy.world
93 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] mic_check_one_two@lemmy.dbzer0.com 79 points 3 months ago (11 children)

I’ve said for a while that the SSA should do basically this exact thing. In a more controlled manner, but still the same result. Announce something like “in two years, we’ll make our database public. Every single name, DOB, and SSN will be publicly searchable.

It sounds radical, but SSNs were never meant to be a secure form of ID. Old cards even said something like “do not use this as ID” on them. But organizations quickly latched onto it because they wanted to have a way to identify individuals with the same name and DOB. And SSNs were convenient because people already had them.

It would force organizations to develop their own way to ID people. It would be a huge step towards making an actual secure form of ID. And the warning time would give people enough time to design the new system and roll it out, while still giving a hard deadline for when it needs to be done.

[–] vacuumflower@lemmy.sdf.org 24 points 3 months ago (1 children)

There was a time when bank card number was practically all you needed to get someone's money.

I think Estonia's electronic IDs are the best, they have the government sign (sometimes provide, but generally just sign) your public key. It's both that the government doesn't have your private key and that it's immediately usable for many things. I don't know if they do, but one can also make ID cards (with a necessary chip inside, of course), where a private key can be written and used for signing operations, but not read back.

Modern technology allows so much goodness that politicians and corps have just started globally gaslighting us over what can be done and what can't. Stalling on technically easily solvable issues, so that it wouldn't come to real ones.

[–] turtlesareneat@discuss.online 10 points 3 months ago

The simple act of comparing signatures meant that it was very difficult to randomly target people. We don't have anything like that today, like a key/token pair.

load more comments (9 replies)