Forced to upload your ID just to browse a site? HN devs are roasting the absolute state of online verification and data honeypots. Let's spill the tea.
Handing over your government ID card or doing a facial scan for some random website just to read an article or create an account? Sounds like a bad joke, but tech overlords are trying to shove this down our throats right now.
Cruising through Hacker News, I bumped into a massive thread of devs roasting the absolute state of online identity (KYC) and age verification. The OP simply dropped a title: "I'm reluctant to verify my identity or age for any online services," and it instantly farmed almost 900 points.
TL;DR: Everybody in the industry knows this isn't about "keeping the community safe" or genuine policy. It's a thinly veiled data-mining operation. In an era where massive data breaches are just a regular Tuesday and servers get nuked constantly, handing over your government ID to a sketchy third-party API feels like asking to get rekt.
Scrolling through the comments, a few distinct camps emerge:
The Boomer Devs: Back in the day, we didn’t even use our real names online. We used edgy aliases on forums. Now? They want your birthdate, phone number, and probably your firstborn. Even handing a phone number to Google feels gross, let alone a physical ID.
The Honeypot Victims: One dude shared a painful horror story. He naively submitted his entire life history to a background check service for a job. Turned out the service didn't verify squat; they just hoarded his inputs. Fast forward: they got breached, and his entire digital identity ended up in a massive data leak. Conclusion: Verification services are literally honeypots for hackers.
The Generational Divide: A senior dev watched a young adult browse the web and had an existential crisis. The kid just aggressively smashed "Accept Cookies" and handed out their email to every popup without blinking. We older folks protested when governments wanted to see library records. Now, the youth are conditioned to surrender data to dark patterns. Pro tip from a random wizard in the thread: Use Firefox Focus. Smash accept on everything, then nuke the session when you close the browser.
The "It depends" Crew: Sure, filing taxes or logging into your bank requires KYC. That makes sense. But here's the kicker: even government apps use third-party backend providers (like Persona) for biometric scans. You have literally zero choice in who gets to store your face.
Look, let's be real here. We are the ones coding these intrusive forms. We are the ones hooking up tracking pixels so the marketing team can run ads and survive the loss of UUIDs. But when we take off our dev hats and become normal users, we see how absolutely unhinged this is.
The survival guide? First, stop believing in "military-grade bulletproof security." If it's pushed to a database, assume it will eventually become public data. Second, as developers, if your PM pushes for aggressive data harvesting or dark patterns, push back. Or at the very least, encrypt the damn database properly. Karma is real, my friends. Today you write a script to harvest user data, tomorrow your own passport is being sold on a Telegram channel.
Anyway, I'm gonna go purge my cookies and boot up my VPN. See ya!
Source: Hacker News
