How Aadhaar UID verified the identity of an anonymous Twitter handle
Something strange came to my attention today. An otherwise anonymous Twitter profile, but it had an Aadhaar UID number in the place of the name. The profile said the person was a IITian, a Brajwasi, Swayamsewak, BJPite, Gaurakshak and slave of the Indian state. Oooookay.
After speaking and tweeting and writing critically about the Aadhaar (as well as the Modi government), finding Modi supporters who will go to any extents, however insane to defend whatever he does has sort of started looking like a normal occurrence.
I believed that the Twitter handle was challenging those who claim that Aadhaar to be vulnerable to hack it and prove it. After all, Aadhaar’s greatest fake troll profile, run by Sharad Sharma himself had once tossed out a number saying it was an Aadhaar number as a challenge. It wasn’t inconceivable that another person would pull a similar stunt.
And honestly, after the brazen arguments the government had made in court to deny Indians a right to privacy, I was pisssed enough to want to show someone just how far a person could go with an access to an Aadhaar number. So, the first order of the day was to check whether the number was an actual Aadhaar number. For those who don’t know, this part is easy. UIDAI will do it for you without giving out too much identifiable information without authentication. The number was real.
Okay, so that raised the stakes a bit. Someone’s UID was out there. You read “gourakshak” on a profile and given the sort of news making headlines on a daily basis, you want to make sure at the very least that it is their own identity they are compromising and not some hapless other persons. So I decided to find out who he was. It was fairly easy to find his Facebook profile. That gave me his name and surname. Searching for that name and surname along with “Uttar Pradesh” (from the UIDAI website in above screenshot) got me one potential hit on a relatively less known networking site.
I now had an email and phone number. The last three digits of the phone number didn’t match those on the UIDAI website – last digit was different. As far as phone numbers go, a non-match is a non-match, but I remember making a note of it. I plugged the number I had into truecaller. That number gave me a domain name as his website.
The .in TLD doesn’t offer privacy – I know this as someone who owns .in domains. So the chances were good that the information he provided the registrar while booking, was public. So I checked the whois data of that website, and voila. I had a phone number for him with three digits that matched the UIDAI website, as well as an address. Incidentally, it differed from the first number by only one digit.
Truecaller showed his name for the second number as well. This isn’t a careless man. This phone profile hardly had much public information and it was used for what you’d call digital assets – ownership of a site, ownership of digital identity. The other seems to be the one for more casual use. But he’d made a big mistake using it for buying a domain that didn’t protect his contact information.
How far can a person go with this information? I don’t know. Available information suggests very very far, with some skill and tenacity. But it was about as far as I was willing to go to make a point about an irritation on Social Media. So far everything I had accessed was publicly available information, only collected from various sites and the address and three digits of the phone number matching that gave me the verification of the anonymous profile was publicly available information. The government may not believe citizens have a right to privacy, but I do, so I did not proceed further. I had all this is in less than 15 minutes of idling around on my computer. No major effort needed.
I may have drawn an ethical line, but I wasn’t done being irritated with the foolishness and decided that at the very least, a good scare was in order. I would ask him why he had put that number there, and if he issued a Sharad-like challenge to hack it, I’d reply with partial data for his personal information to show how easy it was to know his Aadhaar number and the phone number linked to it and given the straight matches in data, I wouldn’t be surprised if the address was correct too.
So I asked him. And I was in for the shock of my life. You may read the Twitter conversation that followed from this tweet on Twitter:
@raghav4india may I ask why you've put an Aadhaar number publicly on your profile?
— Vidyut (@Vidyut) August 1, 2017
Suffice it to say, this man is batshit crazy. He is also probably the only Modi supporter I respect. He believes in Modi, but he is alarmed about several of his decisions and is definitely against Aadhaar. He is being forced to link his Aadhaar to everything, so in a protest of extreme compliance, he is attaching his Aadhaar to his identity EVERYWHERE. Twitter included. As you see in the thread, once I realized what he is doing, I was uncharacteristically polite with him. Because damn hell, if this isn’t a Gandhian Satyagraha being done by a bhakt no less. Talk of the mind benders Twitter can throw at you. Long story short, I tried and failed to convince him to protect himself. I even told him the information I found out about him and how easily, but he did not relent.
“First they ignore you, then they laugh at you, then they fight you, then you win.” – Mahatma Gandhi
Done ignoring him, laughing at his folly, fighting to convince him, I had to concede he won. So I am now helping make sure his sacrifice does not go in vain. Yep. Let history note this moment, I’m openly supporting the actions of a staunch supporter of Modi – of all people.
Here is his explanation for why he is doing this. I hope the Modi and his cartel realize the kind of faith gullible people invest in them and try to serve citizens honestly instead of this digital colonization being imposed on the country without regard for individual or national safety.
I am an IITian. I studied Computer Science & Engineering for about half a decade at IIT Kharagpur. I thereby am quite initiated into the innate nuances and implications of the universe of computing. However my personal convictions took me to serve my homeland in Braj – the land of Sri Krishna – where I have been fighting relentless battles to protect, preserve and restore the heritage associated with Krishna’s pastimes.
I have been chased by mining mafia on gun point for resisting their attempt to decimate the heritage hills of Krishna frequented by millions from across the globe; have been wounded by encroachers in our bid to transform sludge tanks back to their natural splendour; have been extended death threats by the goons of religious organisations for pressing the practice of the precept; have been booked under various malicious sections of the IPC by errand officials of the state who couldn’t respond to the intellectual contest thus posed. I have been a fighter who has put my entire self to risk to bring home a point. So I don’t fear anything.
I do revere Prime Minister Narendra Modi, have immense respect for his sincere hard work, original thinking and political gravitas, but am getting extensively alarmed with his inordinate push for policies, projects and platforms without mulling over their far reaching implications both internally and internationally. Developing India within a single generation is a laudable vision, but can it be advanced at once by pushing the simpleton citizenry of this country to a precipice, remains a perpetual concern for me as a die-hard nationalist, developmental professional and technical insider.
Aadhar is one such platform which never had had enticed me since inception. I have seen it as an abrogation of personal liberties in consonance with Gandhi’s discomfort of carrying a fingerprinted ID paper while being in South Africa. Gandhian protest of those times sufficed with the doctrine of Passive Resistance and mass scale Civil Disobedience. But the dynamics in an ever inter-connected information age call for a different set of techniques to protest the supposed wrong doings on the part of powers of the day where citizens are being robbed off their basic liberties by a host of sinister but smart machinizations. You can only offer a creative resistance to such an oppression which does unfurl itself in ennobling eccentricities and eclectic excuses.
I thereby have chosen to ‘purge’ this all pervading monster of Aadhar by laying it open in the public domain. I chose this 98th Anniversary of Lokmanya Bal Gangadhar Tilak’s death as it’s somewhere the death of the ideal of Swaraj which he propounded and charged up the nation toiling under the clutches of British tyranny. The Aadhar tyranny is not going to be any different, it would be even worse.
If this is the ID, which would ensure my very existence, let it be out in the open. Let I surrender and forfeit my social identity of my name, surname, caste, religion et al and simply graduate to this all powerful ID. If this ID is required to make India a surveillance state, I am all out eager to wear a badge to this effect and to take a gps tracer injected in my blood stream so that the agents of the state can keep track of me in real time – What all I do, how much I do, how much more productive I can be.
I am all out to surrender myself as the Slave of Indian State, a condemned inmate who has got no rights & liberties. Let this Creative Resistance of mine be explicitly known to the mandarins of the state whose fetish for power is incessantly insatiable. Let me persecute & purge my own self dignity which was dearer to me more than my physical life for this incessant striving for a supposed national transformation. I invite the Indian State and all its actors to pounce upon me and squeeze out the minutest strands of self-pride, honor and self-respect left in me. I am after all an inmate of World’s largest prison called India. I am all out to celebrate this. Are you game?