Classic example of disasters in not differentiating aadhaar authentication, eKYC, eSign, eMandate. Everything needs only one OTP and no knows what transaction happens in backend. @India_Stack will be happy because all they care is volumes not user interest. #Consent #Fraud
A simple way of fixing this mess, is to not allow signatures by just sharing OTP, but involve some bit of user action and adding friction to make sure signatures can't be made with just OTP. User can send a SMS from registered mobile with SIGN <OTP_SENT_TO_ENTITY> to get SIGNOTP
What this would mean is, while signing is still happening through the same set of APIs, it codifies user action, which reduces frauds like these. eSign still has more issues, but this is rudimentary.
This is example of why #eSign lacks non repudiation. On going deeper levels, even biometrics can't solve them, as it can be cloned. Adding mobile action from user can only minimise, not completely eliminate.
But all these add cost, involve Infrastructure changes and cost of signing will marginally increase coming back to customer. We aren't even looking at rights cost here.
This is yet another experimental tech by @India_Stack for digital lending industry interests. There is a very simple non-tech way of fixing the mess. Dogfooding, international use will automatically lead to people scrutinizing the tech of eSign
1. DogFooding -- Has @NandanNilekani signed any document in 2.5 years of its existance. Please show me examples @India_Stack. My bet is he hasn't. Which clearly means, some tech is for poor, vulnerable, while proponents care about safety, privacy. #Shameless
2. Govt use -- Has @rsprasad ever e-Signed a parliamentary document, all the while promoting it on twitter? Mostly no again, For him to do so, his office (ministry) would need to scrutinize the tech for its risks. Again, prove me wrong, show me one eSigned document of yours.
3. International use. Globally, this eSign will be shunned upon for its hacky design. There are multiple levels of fraud possible on this layer, preference for commoditization over quality, preference to give more power to lenders while stripping consumer interests.
eSign is broken and is proven with above fraud. While it takes time to fix the mess @India_Stack has created, how do you safeguard yourself in the meanwhile? Here are some simple ways, try using them where possible, boycott if its impossible.
Since the problem is about not knowing the use of biometrics / OTP on a system and whether its used for authentication (Aadhaar auth) / eKYC (KYC details shared), Authorization (eSign), Financial Authorization (eMandate). Do the following.
Ask a written document, signed with by the person you are sharing with, along with Aadhaar number of the agent, GSTIN of entity you are transacting with to give you written assurance how they using and what transaction they are performing.
Ideally, not just biometrics / OTP, ask this for anyone who is asking your #Aadhaar number. This will reduce power asymmetry, but not solve all problems. Resist transacting if the agent / entity is not willing to give you this confirmation in writing
The above only reduces counterparty fraud/risk. My belief is #eSign is a speech control technology.Your ability to eSign a document rests with the state (body UIDAI),authenticating through its shoddy,non transparent,unaccountable authentication system & bunch of intermediaries
#eSign fundamentally involves a host of third parties for mutual agreements. While in some cases, notaries, intermediaries are legal requirement, a single digital intermediary controlling ability to sign is someone holding the pen and you are their mercy for signing.
On the alternate definitions of @India_Stack I call this speech control technology. Your ability to sign lies with the state and bunch of intermediaries. Good luck trying to sign after eating beef / pork or tweeting against powers.
unroll

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Srikanth ஸ்‌ரீகாந்த்

Srikanth ஸ்‌ரீகாந்த் Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @logic

Aug 31, 2018
Repeat after me: #FASTag is an asset monitoring technology for the lenders (highway traffic measurement for infrastructure assets & vehicle control -- toll block / geo-fence -- for vehicle loans) masquerading as toll collection technology providing convenience.
Repeat after me: #BBPS is an investment lead generation technology for the lenders (consumption data of utilities for infrastructure for equity investments & family consumption/scoring for household finance) masquerading as bill collection technology providing convenience.
Repeat after me: #GSTN is a trade surveillance technology masquerading as simplified(!!) tax collection technology.
Read 6 tweets
Jun 5, 2018
Another story on #PayTech from @TheKenWeb, this time on @BharatBillPay #BBPS and NPCI being a behemoth the-ken.com/story/knock-kn…. Time for thread again, full disclosure I haven't read @tam_arund piece since I dont subscribe.
First up some fact checking on email, tweets. Then some commentary about BBPS, then the larger idea of NPCI being the behemoth, what it means to industry, @CashlessConsumr and the whole data game.
First, commentary on the email from @r0h1n

// Because there’s just no telling when it will decide to become a competitor. //

They are in for it to super control the market, not compete. Even on BHIM in UPI, technically, NPCI is operator, the banks are the players market wise.
Read 17 tweets
May 25, 2018
A thread on #UPI PSPs who come in all shapes and sizes, Some history from 2016, some thoughts on bank led model, API gatekeeping, unbundling of #UPI, hierarchy of players, business impact.
#UPI hit the market with ~18 banks going live in July 2016. All of them released an app, had their own PSP backends, were issuers. A week later @PhonePe_ became the first non-bank PSP with an YesBank partnership operating its own PSP backend.
Days later few more apps built by startups hit. All of them with YesBank partnership, using Yesbank PSP backend. SBI and HDFC were largely holdouts to UPI, did not have choice but to launch post #DeMo
Read 23 tweets
May 11, 2018
Now that the lawyers have run their marathon and we wait for the top court to rule, a small personal diary note thread on #Aadhaar & me.

Huge thanks to community of people who have widened my wisdom of how society works. Fellow helpless people helping each other.
It started sometime in 2011, when I knew nothing, enrolled along with family.But our enrollment packets were lost, EID wasnt even searchable. I did write some emails to support, but yielded nothing more than, please enroll again. As the need wasn't real, did not enroll.
Parents gave up at a later date, enrolled, got UID successfully generated. I resisted, mostly because of laziness, but did not have developed trust enough to enroll. On random browsing sessions, have heard Usha Ramanathan on YouTube, but never took deep dive into issues.
Read 33 tweets
May 4, 2018
Thread on Billgates connection to #Aadhaar. Does he know enough to comment (of course he knows a lot more, deep intentions, interests). Now that he himself has repeated the fact that, his "charity",WB are interested in it, like to fund the initiatives, lets look at larger picture
Read "Digital Poverty Stack". I will summarize these posts

Part 1 nextbillion.net/nexthought-mon…

Part 2 nextbillion.net/its-the-ecosys…

and add additional context on players.
Note that @India_Stack and Level One Project are parallel initiatives in India and Africa respectively? Why only these two geographies? Why not elsewhere?

Besides the usual guinea pig theory, the other common thing is, these are geographies where "Development finance"
Read 8 tweets
Mar 15, 2018
I dont have any soft spots for @NandanNilekani, but this needs demystifying for people to see larger picture and not get personal, potshot happy and forget, but its important to understand what ROHINI is, what the healthcare agenda is, so Thread.
IIB is registered society, promoted by insurance industry as an agency to provide sector level cooperation. Regulators : Industry bodies :: RBI-TRAI-IRDA : IBA / NPCI-COAI-IIB. These industry organizations exist to shape larger policy around industry to safeguard themselves
IIB was formed in *2009* and ROHINI is health insurance market analyzing product which the insurance industry needs. That they have effectively lobbied regulator IRDA to make it mandatory is another thing, all these before *Modi care*
Read 17 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(