On Wed, 9 Jul 2025 20:38:02 -0000 (UTC), Chris wrote :
How is an encrypted digital entity less secure than a
unencrypted openly visible paper passport in a bad actor's hands.
Hi Chris,
I never thought about this until it came up here, as the last thing I'd do
is put more of my data on yet another database, so let's look at this
issue.
Logically.
Sensibly.
Where is the traditional paper identification database stored?
a. In the government archives.
b. In your wallet.
c. Often in any database that "copies/saves" it (e.g., banks).
d. We also know LE often accesses the government archives.
e. And, possibly, bad actors will access these archives, when possible.
f. Anywhere else?
Where is the digital encrypted identification database stored?
A: (tell us the answer)
Now, has *that* location ever been hacked?
A: (look up Pangu Team's 2020 Discovery of an unpatchable exploit)
That unpatchable exploit allowed attackers to extract Apple Pay
credentials, biometric info and passwords from your mobile device.
How often do you read or
see on the news that the most protected data has been breached by
privacy thieves from thousands of miles away?
In US loads of times because there's no oversight and even less so now. In
other countries it's rare, because the regulatory penalties can be very
serious. In the UK for example, the fine can be up to 4% of annual *global*
sales. So if Apple or Google were to fuck up they risk fines of hundreds of
millions.
Yet again Europe is keeping your companies in check for you. You're
welcome.
Looking at things logically & sensibly, I don't doubt that regulations are
stiff in the EU and in the UK for database breaches, where I'm clearly on
record for applauding the EU & UK if they are actually holding Apple's feet
to the fire.
The problem that I have with Apple isn't so much it's one of the most
deceitful companies on the planet, but that I don't trust their encryption.
Almost everything Apple makes has been hacked, including the secure enclave
and the iOS kernel (and yes, Android has had many zero-day hacks also).
And example of iOS kernel hacks is Operation Triangulation, in 1923.
An example of Android kernel hacks are CVE-2024-53104 & CVE-2024-53197.
Note: If the hack doesn't make the news, I don't have any special access to
the data. But we all *know* that nothing stored on a mobile device is safe.
How often do people get
their identities stolen from a random database? At least my wallet is
in my direct possession and no one will get their hands on it unless
they have direct physical access to it, and that would only happen if
I'm mugged or careless.
Exactly.
Being logical and sensible, if I understand the two opposing discussions
correctly, each method has almost the same set of attack opportunities,
save for the last item in the list initially proposed above.
Both methods store your data...
a. In the government archives.
b. In your wallet (or phone).
c. Often in any database that "copies/saves" it (e.g., banks).
d. We also know LE often accesses the government archives.
e. And, possibly, bad actors will access these archives, when possible.
f. Anywhere else?
Note: I never looked at this problem until today so I'm open to discussion
as it seems only one of the storage items is different.
The rest are the same.
digital id
Re: digital id