Ah, but there are third-party services that provide identity verification, such as id.me. And now that there are for-profit entities involved in a government service, you will never be able to convince the government to implement their own solution. It's telling that id.me is headquartered in McLean, Virginia; gotta be in the DC metro area so your lobbyists have easy access to Congress.

I want you to be wrong, but you probably aren't.

I think that is the goal of https://id.me

Would that be https://id.me ?

It's what the IRS uses.

That's of course the stupidest possible domain for a government website. (Or at least it's up there)

Fundamentally, it has given control over the DNS records to a different country (.me == Montenegro).

It's training people that really, any domain could be a government domain, you'll never know.

It's also not a government web site. It's a private company who, for some reason, my own government outsources identity verification to. Meanwhile, the authorization system the US government has built (login.gov) is deemed "insecure" by the IRS and Social Security for some inexplicable reason. (But it's fine for Trusted Traveler Programs.)

Social Security has implemented Login.gov integration. IRS returned detailed feedback that GSA is working on.

This is good news. Thanks for sharing.

> It's a private company who, for some reason, my own government outsources identity verification to

Welcome to the neoliberal wet dream.

It's not a government website.

It's the company providing the service that the government could provide on its own, but that service is being provided by a private company through a lucrative contract agreement.

Because it's not a government website, it's a company the government contracts with.

Yes. I know how this works. This doesn't change that's it's stupid. You can't outsource stupid and then claim it's not your problem.

Yes, welcome to the rest of the world.

You're aware that there's a registry per country, no? And that that each country can choose to set aside a subdomain for all government services?

Yes, it's unfair that the US gets naked .gov - but that doesn't preclude the rest of the world from doing the right thing, and it certainly doesn't excuse the US government doing the stupid thing.

The US government can still basically yoink any ccTLD very very easily. It won't, but it could.

And what a steaming pile of dogshit it was when I registered:

"Scan the front and back of your Driver's License."

[upload scan of front of DL @ 200DPI]

"Unable to find a face in the image you uploaded."

[upload scan of front of DL @ 300DPI]

"Unable to find a face in the image you uploaded."

Huh. Maybe I'll try with a lower resolution.

[upload scan of front of DL @ 72DPI]

"Thank you, now please upload the back of your Driver's License."

Hmm, 72DPI worked for the front, so...

[upload scan of back of DL @ 72DPI]

"Unable to read a barcode in the image you uploaded."

[upload scan of back of DL @ 200DPI]

"Unable to read a barcode in the image you uploaded."

[upload scan of back of DL @ 300DPI]

"Thank you for verifying your Driver's License".

Apparently Venmo also has a option to look up an image of any person, we could use that too.

I think they (quietly) turned that off after a researcher exposed it earlier this week.