What is Telegram Passport?
Telegram Passport is a new feature by the makers of Telegram that is designed as "a unified authorization method for services that require personal identification".
Some companies may require further proof of identification when users create accounts, want to unlock payment limits, or unlock a locked account. The social media giant Facebook may request government issued IDs from locked out account owners to reinstate the account.
All you could do up until now was to take photos of your IDs or documents, transfer them to your computer, go to the website of the service, upload the documents, and wait for the service to verify them.
While sites and services use encryption for the transfer, it is usually unclear how the documents are stored, whether they are shared, and who can access them.
Telegram Passport promises a better solution to the verification process, albeit with the caveat that it services and sites need to integrate it.
Here is how it works: you upload your important documents once and may share the data with services directly when the need arises Apart from the upload-once-and-forget part, it is a lot securer as the system uses end-to-end encryption. The data is encrypted with a password that only the users of Telegram Passport know so that it is impossible for Telegram or anyone else to access it.
When users share data with services, the data is made available directly to the services. Data is stored in the cloud in encrypted form currently; Telegram revealed that it plans to move it to a decentralized cloud in the future.
The first service that implemented Telegram Passport is ePayments, an electronic payments system. The service supports registration and verification with Telegram Passport.
Telegram users need the latest version of the Telegram to make use of the feature. All uploaded data can be accessed under Settings > Privacy & Security > Telegram Passport (on iOS: Settings > Telegram Passport.
Developers can check out the API documentation which includes SDKs and examples.
Will Telegram Passport revolutionize online registration, verification, and authentication processes? That is still up for debate; much depends on wider adoption of the service and the services that users use.
It seems unlikely that larger companies such as Facebook, Google, or Microsoft will adopt it as they prefer inhouse solutions. Telegram Passport won't become a universal standard for this but it could very well assist Telegram users who make use of it in these processes.
That’s going in the right direction.
Unfortunately it is fundamentally flawed when private companies are in control of the auth service.
It needs to be a decentralized open source solution that acts as a global standard which belongs to no one.
Ideally the data would be stored encrypted and only accessible by the user, with an option to store locally. The user would then give access to data to third parties when the need arises.
We would need laws in place that prohibit third parties from storing sensible data like passports themselves. Instead they get temporary access via API or can perform one time look ups for confirmation.
When the user decides that data should no longer be shared, the third party instantly loses access to the documents/data (except when storage is required by law).
What is the value of something like Telegram passport if it is just another centralized service where sensible information is stored and onle a handful of services allow interaction? Even worse, you still share the data with third parties, which once they have the data, will not give it away again.
All of this should be coupled with a central account management platform where the user can directly and instantly manage their accounts with third party and change/delete information like email and passwords when needed.
For both personal data and accounts/passwords, etc. the user would have complete control over the data stored with third parties because everything is connected via APIs. This data is then secured by the user with a hardware security key.
Trying to decide the typical user of such a service. I can think of a couple off the top of my head:
1) Recovery of your online accounts that are identity orientated eg facebook, email address. As opposed to say forum accounts.
2) Money payment services eg western union, moneygram, paypal.
3) Sites that need to do anti-money laundering checks, eg gambling websites.
My problem with this whole system, is that yes it is up in the cloud sitting securely, but it is all controlled by one password.
Also if you are able to share that data with other companies, then that still does not control how they are storing them – which seems to be the key concern here.
ie that companies may not be storing your passport biodata page or some such, correctly.
I think I would much rather on the one or two occasions that I need to send such data to someone, do it directly one on one, rather than through a third party, where it sits forever and a day waiting for someone to hack into.
Does that make any sense to anyone else?
The Five Eyes (or however many they are nowadays) sneakily trying to gather everyone’s data. Lolnothankyou If a service is asking me for my ID card then I will find alternatives. Thankfully VK is not insidious like faecesbook. Never been asked for such insane stuff.
> The Five Eyes (or however many they are nowadays)
FSB or KGB if you like, the same who own your precious vkontakte.
The only entities that I will give identification to are those that actually have a good legal reason. That means banks, employers, etc. And even then, I’ll do it in person, not electronically.
The likes of sites like Facebook, email providers, or even identity services like Telegram Passport? Not a chance.