This story is over 5 years old.

Maybe Think Twice Before Uploading Your ID to Twitter

Security experts say that partaking in #MuslimID may be a risky behavior
November 21, 2015, 8:48pm
Image: Shutterstock

Repeat after me: Twitter is a public space.

Bearing that in mind, it might be worth thinking twice before tweeting your work-issued identity card, even if it is for a noble cause, as experts say doing so may expose you to identity theft or other forms of crime.

Earlier this week, Republican presidential candidate Donald Trump said he would consider setting up a database system to register Muslims, according to NBC News. Shortly after, an American marine named Tayyib Rashid, who happens to be Muslim, tweeted to Trump "I'm an American Muslim and I already carry a special ID badge. Where's yours?" Rashid included a censored image of his armed forces identity card.


In the wake of this gesture, dozens of other American Muslims have tweeted their own identity cards, under the hashtag #MuslimID.

Those include alumni of Massachusetts Institute of Technology and Harvard University, United Nations consultants, and an attorney at a Supreme Court.

But, security experts say that tweeting these cards may lead to unintended consequences.

"Most people may not be too concerned with others learning where they work and what kind of role or title they have, but publishing the full ID card could make it easier for someone to create a fake copy," Runa Sandvik, a privacy and security researcher, told Motherboard in a Twitter message.

"These days you probably have additional security measures in the cards, such as RFID, but a fake piece of plastic that looks as good as the real one may get you further (into a building/when talking to someone) than no card at all," Sandvik said.

Indeed, the identity card of the Supreme Court attorney is afairly basic affair, with just a few personal details and a signature.

Uploading these cards to Twitter may make it easier for someone to use the person's identity for various things. For example, photographic ID can be used to register computer servers, and just having the cards publicly on the internet can create easy templates for cybercriminals to mimic.

"While I applaud the sentiment, this can be a risky activity," the operational security expert known as The Grugq told Motherboard in a Twitter message.

So, although the #MuslimID campaign is aimed at dispelling bigotry, maybe, like Rashid, censor some of the information on the card before uploading it to Twitter.