Read on Twitter
Classic example of disasters in not differentiating aadhaar authentication, eKYC, eSign, eMandate. Everything needs only one OTP and no knows what transaction happens in backend. @India_Stack will be happy because all they care is volumes not user interest. #Consent #Fraud
External Tweet loading...
If nothing shows, it may have been deleted
by @digitaldutta view original on Twitter
A simple way of fixing this mess, is to not allow signatures by just sharing OTP, but involve some bit of user action and adding friction to make sure signatures can't be made with just OTP. User can send a SMS from registered mobile with SIGN <OTP_SENT_TO_ENTITY> to get SIGNOTP
What this would mean is, while signing is still happening through the same set of APIs, it codifies user action, which reduces frauds like these. eSign still has more issues, but this is rudimentary.
This is example of why #eSign lacks non repudiation. On going deeper levels, even biometrics can't solve them, as it can be cloned. Adding mobile action from user can only minimise, not completely eliminate.
But all these add cost, involve Infrastructure changes and cost of signing will marginally increase coming back to customer. We aren't even looking at rights cost here.
This is yet another experimental tech by @India_Stack for digital lending industry interests. There is a very simple non-tech way of fixing the mess. Dogfooding, international use will automatically lead to people scrutinizing the tech of eSign
1. DogFooding -- Has @NandanNilekani signed any document in 2.5 years of its existance. Please show me examples @India_Stack. My bet is he hasn't. Which clearly means, some tech is for poor, vulnerable, while proponents care about safety, privacy. #Shameless
2. Govt use -- Has @rsprasad ever e-Signed a parliamentary document, all the while promoting it on twitter? Mostly no again, For him to do so, his office (ministry) would need to scrutinize the tech for its risks. Again, prove me wrong, show me one eSigned document of yours.
3. International use. Globally, this eSign will be shunned upon for its hacky design. There are multiple levels of fraud possible on this layer, preference for commoditization over quality, preference to give more power to lenders while stripping consumer interests.
eSign is broken and is proven with above fraud. While it takes time to fix the mess @India_Stack has created, how do you safeguard yourself in the meanwhile? Here are some simple ways, try using them where possible, boycott if its impossible.
Since the problem is about not knowing the use of biometrics / OTP on a system and whether its used for authentication (Aadhaar auth) / eKYC (KYC details shared), Authorization (eSign), Financial Authorization (eMandate). Do the following.
Ask a written document, signed with by the person you are sharing with, along with Aadhaar number of the agent, GSTIN of entity you are transacting with to give you written assurance how they using and what transaction they are performing.
Ideally, not just biometrics / OTP, ask this for anyone who is asking your #Aadhaar number. This will reduce power asymmetry, but not solve all problems. Resist transacting if the agent / entity is not willing to give you this confirmation in writing
The above only reduces counterparty fraud/risk. My belief is #eSign is a speech control technology.Your ability to eSign a document rests with the state (body UIDAI),authenticating through its shoddy,non transparent,unaccountable authentication system & bunch of intermediaries
#eSign fundamentally involves a host of third parties for mutual agreements. While in some cases, notaries, intermediaries are legal requirement, a single digital intermediary controlling ability to sign is someone holding the pen and you are their mercy for signing.
On the alternate definitions of @India_Stack I call this speech control technology. Your ability to sign lies with the state and bunch of intermediaries. Good luck trying to sign after eating beef / pork or tweeting against powers.
External Tweet loading...
If nothing shows, it may have been deleted
by @logic view original on Twitter
unroll
• • •
Missing some Tweet in this thread? You can try to
force a refresh
