20
votes
What do you think about putting your driver's license in your digital wallet?
I forgot my driver's license today but had my phone with me. I remembered seeing stories that google and apple both allow these (for some states) in the digital wallet.
Before doing this, I thought I would ask people here to weigh in on whether it is a good idea. Is it considered secure? Is it going to cause me more privacy issues than a physical card in my wallet?
This is also related to recent discussions about online age verification.
This is a related Tildes post from last year: Google Wallet adds age verification and more government ID support
It might be good as a backup, but you should also consider the one huge downside when using it. If you need to show/give it to the cops, they now have full access to your unlocked phone. I can't think of other situations where someone would need to walk away with your ID, but cops do need to take your ID back to their car if they've pulled you over.
Why? You just need to tap your phone against the reader.
Maybe I'm misunderstanding the implementation (if there's an explanation or demo of a country having implemented this, I'd love to see it), but the version I've seen is pretty much just a picture of your license in your digital wallet. Maybe it also came with an NFC signature, and I missed that part of the explanation.
But you also have to consider what happens if you're travelling outside of your home state/province/country and need to use your ID elsewhere. At that point, they may not be equipped with the proper reader, and would need to see your physical ID or the digital representation on your phone.
If you're outside your home state, they can also just not accept the digital ID to begin with, so that seems like a moot point.
That depends on jurisdiction. Some states only require people to "exhibit" IDs upon police request, and SOP then is for the officer to take a snapshot with their phone to take back to their cruiser for lookup. Nothing gets under a cop's skin like making their job a little harder by adhering to the letter of the law when it comes to civil rights however, so you better damn well know your rights back and forward and be prepared for a routine stop to turn into an hours-long ordeal if you want to insist.
To sort of jump on this at the root, digital ID implementations are NOT standardized right now. It should be more than possible to make this not a concern, but it is with some designs, and of course we can't pick a standard or get our courts/congressmen involved for shit these days.
It sounds to me like a very bad idea, and at least for my use case it's entirely unnecessary.
I think if you can provide it without unlocking the phone or physically handing it to law enforcement it’s not a bad idea. One less thing to carry and a potential backup in case you did forget.
In today’s political climate having backups of your identification is probably not a bad idea.
Additionally part of me wonders if Apple/Google could provide age verification abstractions by having your ID on the wallet. IE apps would have an “over 18?” API that the wallet could just respond yes or no to with user permission. No face scan. No uploading ID to another third party etc..
I would rather not provide personally identifying information like that to a company that does not have mine, or anyone's, best interests at heart.
Would I rather supply it to Apple or would I rather supply it to every individual application? I’d pick Apple in that scenario, assuming that age verification is a hard requirement.
I’d trust Apple over Blue Sky or Discord for privacy and security.
I’d rather not provide it to anyone but that’s not the way laws are moving.
So give up your personal information only when required to, not just because it's convenient, imo.
I don't trust any of the examples you cited, and many more besides, with my information. Enough information is already out there about every one of us. We don't need to make our devices one stop shopping for everything about us - at least, not moreso than they already are.
So if every online service requires age verification, what's the solution?
Refuse to use any service no matter how important that requires ID verification. Second to that TOR or use the Pirate Internet/underground VPN's that will surely form.
A VPN.
I don’t understand how a VPN helps here? Age verification laws are spreading globally.
They aren't everywhere yet. I'll still hold out hope that cooler heads prevail in the long run.
Until then, I'm more than happy to pay a few dollars a month if it means I don't have to give my ID to a company.
It in theory can be stored in such a way as to mostly be useless to the company storing it, but this would require reasonable standards and legislation.
Last time I looked at this for Apple Wallet it was only useful when going through the TSA. Normal law enforcement didn’t seem to accept it as valid ID yet.
Yeah, in my state (Colorado) the Apple/Google wallet one is not accepted by anyone but TSA. There is a digital ID/DL in a separate myColorado app that is accepted, but that has the whole handing over an unlocked phone to the cops problem still.
I've personally only used it when I've forgotten to grab my wallet and am buying some beer or wine at the grocery store with other things, I don't think I'd be comfortable with anything beyond tapping the phone on a reader while it stays in my possession when it comes to the cops.
Yeah anything that requires me to unlock my phone and had it to a cop is an instant red line. If I tap my locked phone to theirs and it brings up my ID though? That might be fine.
Well, it looks like they've recently added a feature to the myCO app where it'll generate a QR code for the other person to scan to verify the digital ID. If that's all one has to present to a cop, and they don't take possession of the phone? Slightly less worried, although I'd still worry about a shady cop just yanking the phone out of my hands while it's unlocked in that case still.
Even then I don't think it's fully rolled out across the nation. I think only select TSA checkpoints allow it.
I went through a TSA checkpoint with signage saying they accepted it, but the TSA agent either didn't know how it worked or didn't want to be bothered with it.
Relatively speaking? Absolutely not. The mere act of it being stored on an internet-capable device will inherently make it less secure than a card. Physical items need only be secured from local attempts to access them; digital ones need to be safe against the entire internet.
Not to mention that the more you centralize everything important to you on your phone, the more of a single-point-of-failure it becomes. Putting your ID on there would mean that if your phone should ever get stolen or hacked, or should you simply lower your guard at the wrong moment and fall for a scam, the consequences are that much worse than they already were.
Having information stored with notoriously data-hungry companies like Apple or Google is a privacy issue to begin with. Doing so with information this sensitive is even more so. You have to trust their security now, as well as trust their privacy policies on top. I wouldn't do either, regardless of the implementation they use.
If you don't trust their implementation (Secure Enclave, for Apple), then you've already lost the game. Most people, maybe not you, use biometrics (face or fingerprint identification) to authenticate with the secure element and unlock their phones. If it's not truly secure as described, then that data leaking is way more detrimental than a driver's license which holds a picture of the user and an address that has likely already been leaked tens of times by now.
Not sure if this is meant to be a counterargument or not, but if so it doesn't really work. Biometrics are definitely already a bad idea, but that's besides the fact that the more that's on your phone, the worse losing control of it is. So putting your ID on your phone is a bad idea regardless of how sensitive existing data is.
It was meant to be a counter argument. There's no use worrying about a burglar tracking mud into the house. Same thought process: if my phone is not secure or I cannot trust my OS-provider, my ID is the least amount of information worth worrying about. Biometrics, passwords, browsing history, messages, etc. In comparison, an ID is composed of very little information of which little is that secret.
By the same logic, a grease fire isn't much compared to an exploding car. Someone getting your ID as well is still bad, and comparing it to tracked mud is disingenuous.
This goes for more given that an existing, established alternative is available. The same cannot always be said for other data on your phone.
I agree that if my car has exploded, I don't care that there was some grease in there that also lit on fire.
My ID has my name, my address, my height, my eye color, and a photo of me. Every bit of information there exists in some form or another through data you can find on the rest of the phone. The only thing that's not present would be the 12 digit identification number that is practically useless unless you're a cop looking up my record. Against the backdrop of my entire life savings (banking apps?), those 12 digits mean squat.
As it happens, I lost my wallet yesterday. It had my driver's licence, my ID cards and my bank cards.
My very first thought was: why couldn't I have all of these things in my phone? Why do I need to carry a physical wallet in 2026? My phone is more secure than my wallet. Had I lost my phone, I might have been able to track its location or wipe it remotely. I realised that I'd be more comfortable losing my phone than my wallet.
It didn't make things better that I'm in a foreign country. Sure, I was able to put a temporarily hold on my bank cards from my phone, but having to get embassies (in my case plural) involved in cancelling my IDs and getting a temporary driver's licence felt like a major headache.
Fortunately, the story had a happy ending. I retraced my steps and found my wallet in a restaurant that I had visited earlier.
Of course, I don't know if someone copied all of my cards while I didn't have my wallet. Had I lost and found my phone instead, I could be reasonably certain that no one had any access to my data.
I'm now thinking about getting an AirTag or something for my wallet to make it easier to find. And perhaps I don't need to have credit cards in my wallet since I pay everything with the phone's digital wallet anyway.
But that leaves things like IDs and the driver's licence. There is talk about digital versions being launched where I live, but I'm a bit apprehensive about it, living in a country whose current regime doesn't have the greatest record in protecting its people's privacy, and is openly hostile against minorities and those who don't agree with government agenda. But if the implementation was one that, instead of a proprietary app, used Apple Wallet or similar, I feel I would be fine with that. It's sad that I trust a profit-driven corporation more than a government.
Maybe I should just get one of those phone cases that can take a couple of cards: my IDs and driver's licence. It wouldn't prevent data loss if my phone was lost, but at least I wouldn't need to carry a wallet.
I know this is unsolicited, but I can recommend chipolo brand wallet trackers. They have an Apple find my compatible version, to take advantage of the large install base of Apple devices.
I can also heartily recommend paring down your wallet as much as possible. I only carry a passport card, driver license, Costco card (I think this is still needed for their gas stations), and a debit card. To be honest, I could probably get away with just the driver license and the Costco card. And since California takes Apple wallet licenses now, I could get away with just the Costco card if I didn’t sometimes need an id to purchase alcohol.
Tacking onto this, Nomad also have a credit-card shaped Apple Find My compatible tracker as well, I think it's called the Tracking Card Air. I've been using it now for a few months and it works pretty well. It doesn't have super fine-grain tracking like the feature that says "Item is 2 feet away in X direction" but it gives you a GPS coordinate and has a pretty loud beeper speaker. The card also charges wirelessly which is a nice touch.
You also don't entirely need your physical Costco card gas btw, you can now use the app to scan a barcode on your phone screen to then let you fill up. Also, does the Apple Wallet license really work throughout California? I thought the DMV had a separate myCalifornia app or something and digital licenses only worked on that?
Good to know about the gas! I am still annoyed that you can’t just scan the Costco credit card through Apple Pay and have it look up your account that way (although I might try that next time).
California does have that app. I downloaded it, but I can’t remember if I ever added my license. CA license is now supported directly in Apple Pay. I set mine up without the CA app even being installed. It has you scan the nfc in the card and take a few « live selfies ». It’s like setting up face id but has you do something weird, like look in a specific direction, open your mouth, smile, and possibly other things. It appears to pick 3 actions randomly so you can’t keep a video of someone to fake as easily. Despite apple’s problems, I trust them far more than a government app when it comes to data privacy.
It claims to be a valid usable id for any interaction with the government. I’ve never used it, since the only interaction I could think of it being useful for is getting pulled over, and I don’t get pulled over that often. I can’t remember if it can be legally used for age verification (it either doesn’t mention it or explicitly says it can’t). I work in alcohol service and I can say for sure that I would be hesitant if someone tried to use one when I ID’d them. Not because I think it would be wrong, but because the alcohol laws are so strong with active enforcement that even a trustworthy id that isn’t « one of the correct ones » can be problematic.
It sounds like the Nomad is nearly identical to the chipolo. I went with chipolo since I previously had their original wallet tracker. It wasn’t rechargeable, and I think was the first find my wallet tracker. They gave me a discount when my battery died. The new one is chargeable just like the nomad. I believe the precision finding is exclusive to the AirTag with the ultra wideband chip. So we won’t get it in a wallet tracker without Apple getting off of their ass and actually addressing the market that is obviously there.
California's Mobile Driver's License is in a pilot program that I guess will be accepted more widely at a future date.
Ah interesting good to know about the license, maybe I'll try it but I'm still a bit skeptical even though I love being on the bleed edge of technology sometimes haha. Looking at the Chipolo, yeah it does seem to function exactly the same. I only picked up the Nomad since it was on sale for like $25/card.
Last time I checked it was basically a useless feature since it's not recognized by law enforcement as valid ID. Maybe that's changed, or maybe it's state by state, but I don't see the point if that's still the case.
I looked into this a while ago, and I don't see a major security or privacy problem with it over a physical card (since if someone can compromise the phone to get your name and address out they can compromise the phone to get a bunch of way more valuable stuff that's not already public record).
But I do see a major availability problem: phones lack the ontological inertia of a physical card, and you don't want to be relying on something to prove you're allowed to be driving that's one dead battery away from not being able to do that.
And there's a security problem with the system as a whole, which is that nobody knows how to check a virtual ID. Maybe the cops do, but if you want to prove your identity to a random business or a person you are trading with on Craigslist or something, they won't have the software or expertise to actually check the certificates/signatures involved. So you'd just be showing them an app on your own phone and claiming that's your ID. Which means when a scammer shows up and shows an app on their phone that claims they are you, nobody can tell the difference. So it's bad evidence, just like knowing someone's social security number, and one shouldn't go around expecting others to take it as good evidence.
Seems harmless enough. Probably more useful as a backup, but could come into handy. Whether or not it’s accepted by law enforcement would depend on the state, so best to check that in advance.
Years ago, I accidently memorized my driver's license number, so that's my fall-back if I lose or forget my wallet.
I can thank the mass of job applications I filled out back in 2009 for still knowing my driver's license number, all these years later. That, and the digit "9" appearing in an alternating fashion, three times.
Sucks if you're in a state that issues a new DL number any time it gets renewed, though. Montana worked that way when I lived there.
Luckily Colorado not only keeps it the same, you get the same number back if you move to another state and then move back and get a new driver's license issued. It even stayed the same going from an ID to a learners permit to a driver's license, surprisingly.
Hypothetically it would be useful, I would love the ability to have my ID on my smart watch when I am running to avoid having to bring my health card with me (semi-required for accessing public healthcare within my country).
In reality, not only does it require development by the teach companies, it also requires potentially multiple levels of government to accept it as ID. Until then, it is somewhat of a paperweight, only increasing your exposure to identity theft.
At this point I dont think its worth it, but hypothetically I could see myself using it for some ID if it was uniformally accepted in my jurisdiction.
...do you use your license regularly?..
...the only times i need mine are for voting, military base passes, and commercial air travel, which amounts to maybe three times per year: i just leave it at home and only toss it in my pocket on rare occasion i need it...as earhart noted above, i also have my license number memorised, so when traffic police pull me over i just tell them i forgot it and they look it up on their system...
I need it when I'm driving. If I get pulled over by a policeman I'm required to provide the license and proof of insurance.
I do have my license number memorized but I think they need to see the physical card with picture ID.
It's not like I get pulled over often but I don't want the risk.
Pointless unless it's officially an accepted type.