the only time you should hand over your ID like a passport or stuff like that is when you absolutely need to. for example like crossing international borders, opening or operating a bank account or applying for a driver's license. those are all valid cases and highly regulated.

but this for profit corporation will just use your data to target you for profit. they even sold mobile phone numbers used for 2FA to advertisers. can you really trust them now with this nonsense?

@nixCraft Why? Don't you want to be next?

https://www.voicemedia.global/article/sweden-s-digital-id-system-hacked-public-s-data-sold-on-dark-web

@twit_terrorist @nixCraft Click bait.

"CGI also stated that the attackers accessed an older version of the source code and insisted there was “currently no indication of any impact on customers’ production environments, production data, or operational services. Information to the contrary is not accurate.”

The Swedish Tax Agency echoed that position.

“We take all incidents seriously, but we don’t see anything that affects us right now,” IT Director Peder Sjölander said."

@txtx @twit_terrorist @nixCraft

> However, cybersecurity experts warn that exposure of source code, even from test environments, can provide attackers with a roadmap to exploit live systems, including authentication flows and security architecture.

This always bugged me.. just as we say open-source is better for security due to the many eyes, shouldn't we say open architecture is better for the same reason?

Yeah, while your arch is closed it is more likely crappy, but that would change fast.