ID.me: Difference between revisions
finally got to writing this |
No edit summary |
||
| Line 15: | Line 15: | ||
====Privacy==== | ====Privacy==== | ||
According to the privacy policy, ID.me "will not sell, rent, or trade your Personal Information", however user information such as biometric, first name, last name, date of birth, phone number, email address, and physical address may be shared with federal government agencies.<ref>{{Cite web|url=https://www.id.me/privacy|title=Privacy Policy|date=2024-07-30|work=ID.me|access-date=2025-08-24|archive-url=https://web.archive.org/web/20250710163620/https://www.id.me/privacy|archive-date=2025-07-10|url-status=live}}</ref> In addition, the company may share user information to third parties, such as customer support, web hosting, information technology, payment processing, direct mail and email distribution, and administration, and analytics services. | According to the privacy policy, ID.me "will not sell, rent, or trade your Personal Information", however user information such as biometric, first name, last name, date of birth, phone number, email address, and physical address may be shared with federal government agencies.<ref>{{Cite web|url=https://www.id.me/privacy|title=Privacy Policy|date=2024-07-30|work=ID.me|access-date=2025-08-24|archive-url=https://web.archive.org/web/20250710163620/https://www.id.me/privacy|archive-date=2025-07-10|url-status=live}}</ref> In addition, the company may share user information to third parties, such as customer support, web hosting, information technology, payment processing, direct mail and email distribution, and administration, and analytics services. | ||
To create an ID.me account, you need to give personal information, which can include: | To create an ID.me account, you need to give personal information, which can include: | ||
| Line 27: | Line 27: | ||
*Postal code | *Postal code | ||
When a user requests to close their account, data is retained for three years. This data includes "events, logins, and transactions as well as verification history (e.g., community, vaccine, or identity details including documentation and data elements used for verification". | When a user requests to close their account, data is retained for three years. This data includes "events, logins, and transactions as well as verification history (e.g., community, vaccine, or identity details including documentation and data elements used for verification". Selfies for initial biometric verification are deleted twenty four hours after completion.<ref name="WSJ">{{Cite web|url=https://www.wsj.com/personal-finance/taxes/tax-identity-theft-ip-pin-irs-ab021643|title=Protect Yourself From Tax Identity Theft. Here’s How I Did.|first=Laura|last=Saunders|date=2025-02-28|work=Wall Street Journal|access-date=2025-08-24|archive-url=https://archive.ph/3tItJ#selection-5339.0-5339.59|archive-date=2025-02-28|url-status=live}}</ref> | ||
====Business model==== | ====Business model==== | ||
| Line 45: | Line 45: | ||
According to John Titlow from Business Insider, while trying to change his phone number on is ID.me account to apply for unemployment, the support agent asked for his sensitive information over email, including scans of a passport and social security card.<ref>{{Cite web|url=https://www.businessinsider.com/never-get-a-new-phone-number-multi-factor-authentication-security-2025-1|title=Take It From Me: Never Get a New Phone Number, It's a Tech Nightmare|first=John|last=Titlow|date=2025-01-12|work=Business Insider|access-date=2025-08-24|archive-url=https://web.archive.org/web/20250729044602/https://www.businessinsider.com/never-get-a-new-phone-number-multi-factor-authentication-security-2025-1|archive-date=2025-07-29|url-status=live}}</ref> It is a standard rule of thumb to never send sensitive information over email due to many email providers such as [[Gmail]] and [[Outlook]] not encrypting the contents of emails.<ref>{{Cite web|url=https://www.buffalo.edu/ubit/news/article.host.html/content/shared/www/ubit/news/2019/keep-sensitive-data-safe.html|title= Keep sensitive data safe: don't send in emails|first=Joe|last=Ferguson|date=2021-03-01|work=University of Buffalo|access-date=2025-08-24|archive-url=https://web.archive.org/web/20250824232327/https://www.buffalo.edu/ubit/news/article.host.html/content/shared/www/ubit/news/2019/keep-sensitive-data-safe.html|archive-date=2025-08-24|url-status=live}}</ref> | According to John Titlow from Business Insider, while trying to change his phone number on is ID.me account to apply for unemployment, the support agent asked for his sensitive information over email, including scans of a passport and social security card.<ref>{{Cite web|url=https://www.businessinsider.com/never-get-a-new-phone-number-multi-factor-authentication-security-2025-1|title=Take It From Me: Never Get a New Phone Number, It's a Tech Nightmare|first=John|last=Titlow|date=2025-01-12|work=Business Insider|access-date=2025-08-24|archive-url=https://web.archive.org/web/20250729044602/https://www.businessinsider.com/never-get-a-new-phone-number-multi-factor-authentication-security-2025-1|archive-date=2025-07-29|url-status=live}}</ref> It is a standard rule of thumb to never send sensitive information over email due to many email providers such as [[Gmail]] and [[Outlook]] not encrypting the contents of emails.<ref>{{Cite web|url=https://www.buffalo.edu/ubit/news/article.host.html/content/shared/www/ubit/news/2019/keep-sensitive-data-safe.html|title= Keep sensitive data safe: don't send in emails|first=Joe|last=Ferguson|date=2021-03-01|work=University of Buffalo|access-date=2025-08-24|archive-url=https://web.archive.org/web/20250824232327/https://www.buffalo.edu/ubit/news/article.host.html/content/shared/www/ubit/news/2019/keep-sensitive-data-safe.html|archive-date=2025-08-24|url-status=live}}</ref> | ||