Tuesday, July 16, 2019

My Ideal Online Identity Protection Service

Do you have people you trust enough that you wouldn't mind them knowing when you log into your bank account?  How about other financial accounts or your email account?  I do, and I bet most people do, and I think these trust relationships can be used to eliminate identity theft for all those institutions that it hurts.  I'm going to describe an idea here which is intended to do just that.

Once the code is written, even the very basic code, anyone who knows about it can visit the site which will invite them to become a member for free.  You get a username and a password, and if you were referred to the site by someone you know, you can enter their username.  You can then enter your legal name, your phone number, your address, the usernames you use on various other services, etc.  You don't have to enter any of these things, but the last startup task for your account is to provide Identifiers (usernames or numbers) and Connection Methods (telephone, snail mail, email, various real time chat applications) (which we call ICMs) for people you know.  If they are also in the system, you can type in their usernames and select "Another member" as the Connection Method.  This will allow them to see that someone claims to be you by showing them the information you entered, and they can reach out to you to make sure.

This sets you up to build your "inalienable identity."  This is a theoretical object composed of the willingness of people you know to help identify you.  This help comes whenever someone (usually you) tries to connect as you to any subscribed system in order to verify that the someone is actually you.  You build it by letting friends know that you're interested in having them help you in that way.  The system itself is the first subscribed system.  You'll see a list of the identifiers with a proposed message to be sent to them through the connection methods you listed.

For example, you'll see something like
Your request message is 'Hi! Your friend [First Last] needs a six-digit code for [Service].  Will you pass it on if we send it to you? (y or n is enough).' If you'd like to edit this request message, >Click Here<.  Whenever you log in to a subscribed service, we will send this message to at least one of the following identifiers:
    1. As a text to [a list of cell numbers]
    2. As an audio file through Telegram to [a list of Telegram IDs]
    3. As an email to [a list of email addresses]
    4. As ...

FAQ: How long does it take? Your request message is followed after a delay you set (default: one minute) with another (also configurable) message that says "We've reached out to some of [First]'s other contacts for help with this matter, so no reply is necessary now," because when a contact is unresponsive, we reach out to others.

While you are entering ICMs, you will see a button "Assign ICMs" which allows you to find subscribed services and identify the ICMs you'd like to rely on when logging into those services.

I believe I sent a description like this one to Keybase.io, but I have not been able to find it.  The idea is now in the public domain.  If someone runs a website that implements the idea, I will be happy and probably use it.  If you see holes in it, or other problems that don't appear to be easily addressed, please leave a comment about it.

No comments: