Ask HN: Hetzner asking for passport for new account? just me, or everyone?
Just made a Hetzner account, activated 2FA, the usual.
Then go to buy a storage box, and I get this;
> Our automated system check indicates that your account information has an increased level of risk. Please choose one of the following verification methods:
And you can pay 20 EUR up front by PayPal, or hand over your passport (fat chance!)
Is this genuine, or does everyone get this and it's a fake reason?
(I've signed up to pay by bank transfer, so I'm also wondering why they don't ask me for pre-payment by bank transfer. As it is, no way on God's clean earth they get a passport, and I'm not on Paypal, so will try to use a friend's, but seems my second try to board Hetzner train has bounced - first time I left almost immediately, when I saw spaces not permitted in passwords.)
Hi there, Katie from Hetzner here. We are extra careful about new accounts because we find that it helps us to prevent abuse, and in situations where a new account is somewhere in the grey zone of possibly real or fake, we may ask for additional information, or a PayPal payment, like in this situation. If you choose PayPal, the €20 will go on your account in the form of credit and will automatically be used towards your future invoices. If you decide to cancel your account, and there is credit left on your account, we will refund you for that amount. For the passport (or other documents) -- We have very strict data protection laws here in Germany and the EU. We only use this data to confirm your identity, and after that, it is automatically deleted from our systems after a short time. We have a data protection team who customers can contact if they have any questions at data-protection@hetzner.com. --Katie
You raised some red flags with the information you provided. This doesn't happen to everyone. A support rep from Hetzner has spoke a bit more about this process on WebHostingTalk before[1], although they don't get into which specific heuristics may result in flagged accounts for obvious reasons. I'd imagine it's a combination of things like unpaid balances on previous accounts, IP address reputation, uncommon e-mail domains and so on.
[1] https://www.webhostingtalk.com/showthread.php?t=1810197&p=10...
Good.
I've seen, or I think I've seen, AWS and Twitter giving completely fake "security" reasons for eliciting additional information. I made an account on Twitter, did nothing with it at all, next day was told I violated the T&C and needed to prove my identity by handing over phone number.
So I'm cagey about this sort of thing. Obviously, actual real security concerns are a good thing to see, people are thinking about the issue and taking care, and asking for validation is naturally what you do and it's better than a flat no. OTOH, passport is BS - solves their security risk but gives me a security risk.
Either you want to be a customer or you won't.
Using a friend's paypal will get you banned for sure.
Why not just provide the passport if you want to use their service, jf that's their requirement.
It's an expensive document which is hard and slow to replace, and when Hetzner get hacked - and they like everyone will be, sooner or later - I would have to do that.
No problem for Hetzner, and it solves their authentication problem. Big problem for me.