http://appleinsider.com/articles/16...nded-biometric-id-technology-into-smartphones http://techfactslive.com/uidai-eyes-aadhaar-enabled-smartphones/4755/ As some of you know, I am from India. Here you need to have Aadhar ID for all purposes. It is going to be mandatory very soon for accessing any government services and also for train tickets, banks, business registration, SIM cards...everything you can imagine. If someone doesn't have Aadhaar, existing services will not be rendered until they have one. Aadhaar is quite similar to SSN but there are some differences. There were several "incidents". Let me quote one http://indianexpress.com/article/trending/man-arrested-for-getting-aadhar-card-made-for-dog/ So...what do you think?
So politics is off-topic. But for online privacy, it's not necessarily fatal. If you use VPN services and Tor, you can reach stuff outside India, and Aadhar ID will be irrelevant. If your activity gets deanonymized, there will be stronger evidence tying the physical uplink to you. But there's still the option of remote leeching on WiFi APs.
@mirimir Agreed. Actually, I use a dumbphone, and my online activities are from computer. So I am not directly affected.
I think state-run, state-mandated non-repudiate-able identity systems owned by the state is like crime in multi-story car parks:- wrong on so many levels. My reaction to the similar (but thankfully failed) Id-card plus National Identity Register in the UK was that this was a kind of "One Ring" to bind them in darkness, hugely dangerous, and a very un-democratic expansion of state control. It is quite possible to have identity systems which leave control and repudiation substantially in the user's hands, and which maximise privacy, at least those things have nascent solutions. You do not have to have a state-owned central database with the information in (they were thinking of keeping a huge amount of very valuable and private data in it in the UK). Not getting into politics or making any judgements about the competence of governments, but keeping this class of system safe is simply not a solved problem, the systems are dangerous, prone to breach and damaging to the individual. Almost always, there is little or zero in the way of recompense to when it goes wrong, and no criminal consequences to the individual or organisations involved in the specification, design or operation of the systems. And yet we have to work with what is - which means compartmentalisation, and minimising what is transacted and published in a compartment, by the systems which have to interact with the identity systems. Mandating that hardware implements the system makes that compartmentalisation harder, of course, but that means use of basic-phones, or other DIY functionality.
I'd say my internal "concern meter" reacted something like this: Identity system used in multiple contexts => Significant concern Used in substantially different contexts => MUCH greater concern Biometrics based => MUCH greater concern Coupled with a biometrics registry => MASSIVE increase in concern Government mandated => MASSIVE increase in concern Lack of restrictions on use, broad utilization encouraged => MASSIVE increase in concern Integrated into everyday consumer products => MASSIVE increase in concern Requires communication with central server/system => MASSIVE increase in concern producing an exponentially increasing level of concern that went off the chart. If I dug into it would I feel any better? I did note that the chip/software is being represented as a way to protect information from commercial companies. There was also something I saw which suggested the Indian government is limited in what it is allowed to collect and/or do with information. As you may know, I prefer to approach privacy subjects with worst case assumptions but look for solid/reliable/verifiable reasons to back off from worst case views. MAYBE there are some here, I don't know.
