Browser sends website the signed identity verification, then the website checks the signature against some key in a list of trusted identity verifiers. With the verification responsibility being pushed to the OS vendors, that will be a short list of tech megacorporations. And maybe Canonical or Red Hat, if we’re lucky.
Indeed, but wouldn’t the inevitable database breach give ample “identities” for anonymous users to cycle through (similar to aurora for play store infrastructure)?
To be clear, the circumstances are not good and ideally this destructive behavior is averted, but there will be maneuvers which can be taken if worst comes to worst.
Good point. I’m not keen on personally comitting fraud, but with the inevitable data breaches in mind, identity verification would do absolutely nothing to deter malicious actors.
I’m certain a “John Doe” false identity signature would be trivial to create.
Not if they use cryptographic signing.
Browser sends website the signed identity verification, then the website checks the signature against some key in a list of trusted identity verifiers. With the verification responsibility being pushed to the OS vendors, that will be a short list of tech megacorporations. And maybe Canonical or Red Hat, if we’re lucky.
Indeed, but wouldn’t the inevitable database breach give ample “identities” for anonymous users to cycle through (similar to aurora for play store infrastructure)?
To be clear, the circumstances are not good and ideally this destructive behavior is averted, but there will be maneuvers which can be taken if worst comes to worst.
Good point. I’m not keen on personally comitting fraud, but with the inevitable data breaches in mind, identity verification would do absolutely nothing to deter malicious actors.