back to article Please stop leaking your own personal data online, Indonesia's COVID-19 taskforce tells citizens

Indonesian officials have asked its nation's citizens to stop leaking their own personal data on social media by sharing pictures of certificates attesting to their receipt of COVID-19 vaccinations. In a Tuesday press conference, Indonesia’s COVID-19 task force spokesman Wiku Adisasmito explained that the certificates include …

  1. shortfatbaldhairyman
    Facepalm

    Why make it that easy?

    I have never understood why things are made super easy. Most people do not realise the risks and we cannot expect them to. Jewellery will be secured, a piece of paper? Yes, even now quite a few do not realise what that means.

    So, Either make it not so easy (no QR code and all), Or preemptive actions and make people aware of the risks.

    And, from exhausted experience, most do not realise until it is too late.

    1. Shadow Systems
      Pint

      Re: Why make it that easy?

      The template for the verification document could be altered to put in big, bold, all capital letters across the page some phrase akin to "Do not post this document to social media - it contains sensative personal information that could be used for identity theft."

      Folks would still post pictures of the document, but those are the same kind of folks that ignore the warnings to not lick downed power lines, not to juggle running chainsaws, or to not take the plugged in radio into the bath. Darwin awards are usually the final paperwork to get included with their obituaries. *Cough*

      On a separate note, I like your choice of user name, just capitalize the first letter of each word to make it easier to parse.

      *Hands you a super sized tankard & clinks in toast*

      Cheers!

      1. rg287 Silver badge

        Re: Why make it that easy?

        The template for the verification document could be altered to put in big, bold, all capital letters across the page some phrase akin to "Do not post this document to social media - it contains sensative personal information that could be used for identity theft."

        That still requires user compliance. Secure design would just suggest printing the QR on the back, in the same way the CVV code on bank cards are printed on the back (and not embossed).

    2. Alan Brown Silver badge

      Re: Why make it that easy?

      the same people show images of boarding passes/airline tickets with barcodes on them

    3. JassMan
      Trollface

      Re: Why make it that easy?

      Alternatively, they could spread the fake news that special code readers can read the phrase ”i am a kn*bhead” from the hamming code. Nobody would want to flash that about on social media.

  2. RM Myers
    Unhappy

    Oh Goodness

    My son just sent me a picture of his vaccination record today, showing his first jab. However it didn't have a QR code - just his name, where he got the shot, and the date. It also was in an (insecure) text message, not in a public social media post.

    1. Shadow Systems

      At RM Myers, re: your son's shot...

      You said that it included where he'd gotten his shot, but what does that matter? Nobody really cares to know if he got it in the arm or the arse. =-)p

      *Runs away before you stab me with a fist full of hypodermic needles filled with vaccine*

  3. Doctor Syntax Silver badge

    Put the QR code on the back of the certificate - it it's really needed at all.

    1. Robert Carnegie Silver badge

      But then you need double sided printing. However, it's a good point that putting that sort of thing away from the bit that you might show to a friend, is safer.

      If someone hasn't already suggested it below, it also would be nice for social media to scan images and blur or better, overwrite text and QR codes in a photograph by default.

      Google Street View is a little hit and miss on erasing house numbers e.g. 96 Trafalgar Crescent, Rockall may or may not have a visible "96" on the front of the building. However, I probably typed "96 Trafalgar Crescent" to get there. In the course of business, I'm interested in whether the property appears to be a field of wheat or a smouldering ruin - either may be not the present situation but it will account for letters not being answered.

  4. Richard Tobin

    No confidential data should be in QR codes

    They shouldn't be putting this data in QR codes. It should just be a unique identifier, used only for the vaccination program, that allows the person's data to be looked up in a secure database.

    1. Jeff 11

      Re: No confidential data should be in QR codes

      If it’s actually needed, then the data in the QR code should be a subset of all other visible information on the certificate. If there’s more, then that’s a failure of the gov or org that designed the certificates.

      That at least allows people to make their own decision on whether to air sensitive stuff on social media!

    2. Yet Another Anonymous coward Silver badge

      Re: No confidential data should be in QR codes

      Requiring everyone who needs to validate the certificate to have access to the national secure database?

      Having your name, address and dob on your drivers licence is obviously insecure. Instead it should just be an ID number and have every traffic cop, bartender, checkout assistant, check accepting corner shop have a terminal to access the database.

      1. John Brown (no body) Silver badge

        Re: No confidential data should be in QR codes

        "Requiring everyone who needs to validate the certificate to have access to the national secure database?"

        Assuming it's for use as a "vaccine passport", people checking should only need to scan the code and get a verificstion response back, possibly with confirmation of the persons name. Medical people may get further levels of access.

      2. Robert Carnegie Silver badge

        Re: No confidential data should be in QR codes

        Places where you spend money usually already have a terminal to access your bank account.

        But yes: a system where you provide a key that allows lookup of your information, maybe backed up with you using your own device to release the information, does not have to give up all your secrets.

        It could let them see a photo of the authorised user. This isn't really secret if you are there and they can see you anyway. It could reveal that you have some nice earrings if you were wearing them in the photo.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like