Hello Privacy Subscribers of Lemmy, I’m Webhost0101. With the help of ChatGPT, I’ve been exploring the challenges we face with digital identity, particularly regarding the use of email addresses. I’ve developed a concept aimed at enhancing privacy and security in our digital interactions.

Identifying the Problem: Our dependence on email addresses as universal identifiers exposes us to various privacy and security risks. The dual nature of emails - serving both as identifiers and gateways to personal communication - presents a significant challenge. The goal is to create a system that can help gradually step away from this bad practice.

The plan

The plan involves converting email addresses into hash codes to serve as digital identifiers, with these codes usable in both digital and physical realms through personalized QR codes. This approach offers a secure and private method for identity verification. While similar systems exist that use QR codes for login purposes, this concept is distinct because it does not store any authentication keys. It only maintains a ‘username,’ which is the hashed email, and instructions on how to convert an email address into this username. This ensures enhanced security, as the ‘Sign’ system is designed primarily for identity verification without directly facilitating authentication or access.

The Concept: Creating Your ‘Sign’

  1. Initial Step: Visit the ‘Sign’ website and input your email to start the process.
  2. Email Verification: Receive a unique link via email, confirming your email’s validity.
  3. Hash Generation: Use the unique link to select from multiple hashing algorithms or a default option. This generates a hash code, presented as both a string and a QR code, encapsulating the hash and the algorithm/options used.
  4. Optional AI Art Generation: You have the option to generate AI-based art from the QR code, adding a personalized aesthetic touch.
  5. Finalizing the Sign: Enter your ‘Sign’ into the system, which stores only the sign including the algorithm/options used. No email addresses, names, or URLs are kept.
  6. Receiving Your QR-Art: Obtain a high-quality image of your QR-art for printing on various personal items.

Using ‘Sign’ for Digital Identification

  • Online Login: On supported platforms, log in with your ‘Sign’ rather than your email address. The service checks for a corresponding email in their database that produces the same hash with the chosen algorithm/options. Services can eventually replace emails with ‘Signs’ for regular users.
  • Real-Life Usage: In physical stores, use your QR-art ‘Sign’ when asked if you have an account/booked at table.

Security and Privacy Considerations

  • Robust Encryption and Data Protection: Implement strong encryption and secure data handling practices.
  • Multifactor Verification: Use the ‘Sign’ as part of a multifactor identification process, alongside other verification methods.
  • Handling Hash Collisions: Establish protocols to manage the unlikely event of hash collisions, ensuring system integrity.

Advantages and Use Cases

  • Enhanced Privacy: Limits the need to share email addresses, reducing spam and data breach risks.
  • Versatility: Applicable both online and offline, enhancing convenience.
  • Personalization: The AI-generated art offers a unique, personal touch to each ‘Sign’.

Conclusion: The ‘Sign’ system proposes a novel approach to digital identity, focusing on privacy, security, and user convenience. It represents a potential step forward in how we handle and protect our digital identifiers across various settings.

  • ryan@the.coolest.zone
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    I’m not great at this sort of stuff, but if Sign is meant to be a third party website that other websites authenticate your identity against, given by step 1:

    Initial Step: Visit the ‘Sign’ website and input your email to start the process.

    Could this also be likened to a less secure OAuth?

    • webghost0101@sopuli.xyzOP
      link
      fedilink
      arrow-up
      1
      arrow-down
      2
      ·
      1 year ago

      Its not meant to be but can be used as one.

      My initial idea what that sites could look up a combo of an email and sign to see if they are a match by Looking up the algo used to make it.

      But I realized this wasn’t all that necessary once i realized you can include the hashing protocol in the code so sites that you have account for can verify on their own without third party.

      I guess i forgot that there is no point left for the sites to be used to verify as all it really will tell you is that yes that is a valid sign registered here. But i see no reason why a competitor cant try the same thing.