new | ask | show | jobs
presentation 3 days ago  [ - ]

On the actual site for these digital addresses [1], they mention some risks and countermeasures - translated:

    > Risks and Countermeasures When Using the Service
    > 1. Obtaining a Digital Address involves the following risks. Please use the service after understanding them.
    >   a. If a third party learns your Digital Address, they may be able to determine the corresponding address.
    >   b. Randomly entering a Digital Address may display the corresponding address.
    > 2. Our company anticipates the above risks and has prepared the following mechanisms as countermeasures.
    >   a. Digital addresses can be deleted immediately, and the linkage between addresses and digital addresses can be disabled. Note that even if deleted once, a new digital address can be reacquired.
    >   b. The system has mechanisms to detect and prevent abnormal searches, such as a large number of searches in a short period of time.
    >   c. Even in the unlikely event of a personal information leak, our system is designed with leakage risks in mind to prevent personal identification. Digital address data is managed in a separate database from personal information such as email addresses and phone numbers, as shown below.
1a. is the primary concern for me, and while I can disassociate my identity from a digital address, that would defeat the purpose of using digital addresses to e.g. handle the case when moving. Sounds like they don't have a real answer to this security issue besides just accepting it.

[1] https://lp.da.pf.japanpost.jp

presentation 3 days ago  [ - ]

If it were me, I would design it more this way after thinking about it a bit:

  1. Japan Post lets you register your address to your Japan Post Account.
  2. No static short code is created for your address.
  3. Japan Post provides an API (like OAuth) for allowing you to persistently share your address location with a third party, say Rakuten, or Kuroneko Takkyubin, or something.
  4. Once you've linked it to those services, they can use this API to get your address at any point in time.
  5. You can unlink services whenever you want to revoke access, without changing any code.
  6. No way to request an address for a Japan Post account without permission granted.
  7. To handle cases like taxis, Japan Post can work with providers like GO Taxi, S.Ride, DiDi, etc. to do an authenticated one-time address share via NFC using the Japan Post App with the digital consoles already present in almost all taxis in major cities (no help for old taxis in the inaka, but that's a tradeoff).
     a. or alternatively, persistently link your GO Taxi, S.Ride, etc. accounts to Japan Post for the same purpose.
     b. and also potentially allowing to do such a key exchange with NFCs on smartphones or a standalone device, but probably taxi operators wouldn't be motivated enough to actually do that.
That way you just need to trust Japan Post and you can still get a decent amount of the convenience of address sharing.
fvrther 3 days ago  [ - ]

I just tried it and if you suspect it leaked you can delete it immediately and get a new one in 10mn

presentation 3 days ago  [ - ]

Yeah, but if a major point of convenience is that the underlying address can be changed without changing your digital address code, then that's lost every time you cycle it. Without that then this is an extremely minor convenience IMO.

tonyhart7 3 days ago  [ - ]

"1a. is the primary concern for me, and while I can disassociate my identity from a digital address, that would defeat the purpose of using digital addresses"

Yeah but you would still have better option than not being able to do that I think this is just move the security debt elsewhere which is bad/good it depends on theirs ends

presentation 3 days ago  [ - ]

I don't agree with that - it spreads complexity all over without much of a benefit. You get the privacy downside of digital addresses having this "stalker" effect, and in turn everyone has to not only work to add support for these digital address codes, but they also need to make their systems robust to digital addresses being revoked, which they probably wouldn't.

In the status quo, it is clear you need to update addresses if you move; even if you don't, because you have to file a 転居届, Japan Post knows they need to redirect mail to your new address anyway; and you don't have the privacy worries.

tonyhart7 3 days ago  [ - ]

well that why they can change,disable,multiple (?) address tho???

I can see something like this 1 address for work, 1 for house, 1 for vacation house etc

presentation 2 days ago  [ - ]

What I'm trying to say is that there are ways of achieving this without that privacy issue, since you're trusting Japan Post with your address anyway. See my other comment that I replied to this thread. It seems like the design itself is fundamentally flawed when a different approach could allow people to maintain their privacy while also achieving convenience. I say this as someone who actually lives in Japan, and after thinking about it for a few minutes, has come to the conclusion that this is probably not going to fly - Japanese people don't like the idea of a national ID at all, and are very sensitive to privacy concerns.