Hello Privacy Subscribers of Lemmy, I’m Webhost0101. With the help of ChatGPT, I’ve been exploring the challenges we face with digital identity, particularly regarding the use of email addresses. I’ve developed a concept aimed at enhancing privacy and security in our digital interactions.

Identifying the Problem: Our dependence on email addresses as universal identifiers exposes us to various privacy and security risks. The dual nature of emails - serving both as identifiers and gateways to personal communication - presents a significant challenge. The goal is to create a system that can help gradually step away from this bad practice.

The plan

The plan involves converting email addresses into hash codes to serve as digital identifiers, with these codes usable in both digital and physical realms through personalized QR codes. This approach offers a secure and private method for identity verification. While similar systems exist that use QR codes for login purposes, this concept is distinct because it does not store any authentication keys. It only maintains a ‘username,’ which is the hashed email, and instructions on how to convert an email address into this username. This ensures enhanced security, as the ‘Sign’ system is designed primarily for identity verification without directly facilitating authentication or access.

The Concept: Creating Your ‘Sign’

  1. Initial Step: Visit the ‘Sign’ website and input your email to start the process.
  2. Email Verification: Receive a unique link via email, confirming your email’s validity.
  3. Hash Generation: Use the unique link to select from multiple hashing algorithms or a default option. This generates a hash code, presented as both a string and a QR code, encapsulating the hash and the algorithm/options used.
  4. Optional AI Art Generation: You have the option to generate AI-based art from the QR code, adding a personalized aesthetic touch.
  5. Finalizing the Sign: Enter your ‘Sign’ into the system, which stores only the sign including the algorithm/options used. No email addresses, names, or URLs are kept.
  6. Receiving Your QR-Art: Obtain a high-quality image of your QR-art for printing on various personal items.

Using ‘Sign’ for Digital Identification

  • Online Login: On supported platforms, log in with your ‘Sign’ rather than your email address. The service checks for a corresponding email in their database that produces the same hash with the chosen algorithm/options. Services can eventually replace emails with ‘Signs’ for regular users.
  • Real-Life Usage: In physical stores, use your QR-art ‘Sign’ when asked if you have an account/booked at table.

Security and Privacy Considerations

  • Robust Encryption and Data Protection: Implement strong encryption and secure data handling practices.
  • Multifactor Verification: Use the ‘Sign’ as part of a multifactor identification process, alongside other verification methods.
  • Handling Hash Collisions: Establish protocols to manage the unlikely event of hash collisions, ensuring system integrity.

Advantages and Use Cases

  • Enhanced Privacy: Limits the need to share email addresses, reducing spam and data breach risks.
  • Versatility: Applicable both online and offline, enhancing convenience.
  • Personalization: The AI-generated art offers a unique, personal touch to each ‘Sign’.

Conclusion: The ‘Sign’ system proposes a novel approach to digital identity, focusing on privacy, security, and user convenience. It represents a potential step forward in how we handle and protect our digital identifiers across various settings.

  • Em Adespoton@lemmy.ca
    link
    fedilink
    arrow-up
    9
    arrow-down
    1
    ·
    edit-2
    1 year ago

    It seems doable, but it also seems like a solution to a set of already solved problems, with a chain of new dependencies that require global acceptance of new infrastructure.

    The reason email works is because it pre-dates ubiquitous Internet and is something everyone has.

    That said, the public PGP key I generated in 1994 is already in published keystores, can verify my email address, and be shared as a QR code. It even has a recognizable visual thumbprint that works similar to your generated art.

    The downside to it is that despite being around since 1993, PGP and OpenGPG never became ubiquitous for this purpose, so even though it solved these issues, it became a curiosity for identity management instead of the de-facto method.

    It works though, as long as everyone involved has the tools needed.