-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
agency-proof user authentication #5
Comments
As I find this very creative (no sarcasm intended), personally, I prefer some kind of captcha. |
don't agree. a captcha doesn't protect you from sophisticated attacks and has severe downsides in means of usability and ease of use (meaning: it is no barrier, if you have the resources, and no, you don't have to be the NSA for doing this) |
I like the captcha, but the one liners are pretty easy to solve using a simple OCR. Personally I would not like to upload an image. There are many generators for this on the net. What about doing captcha by knowledge e.g. asking for the latitude/logitude, zip code, location name and location admins possibly with a simple captcha like recaptcha. Current weather at the user location, something like this. To keep away the mass registrations. |
Who looks at all the pictures (we do hope it is going to be a lot, right?) and how do you decide whether they are "authentic" or not? |
what about this: we require a picture of the measuring-device and some written text the signup-form generates? this is the only valid assumption we can make about users: they own a certain measurement device... if they are legit, they should be able to take a picture of it. |
@tsujigiri we do - if we don't, we put all data credibility at risk |
this is much better IMO. It would be possible to use the location data in EXIF, if existent, to compare it to the location entered. lets say +-100km or something like this. |
@nullisnil and it would be possible to automatically check the timestamp in EXIF, too |
we need a form of user authentication which is at least mass-subscribing and government-agency-proof.
following design suggestion: every user has to submit a picture with him holding a sign.
on the sign written is some text generated individually by the signup-form, and his location
The text was updated successfully, but these errors were encountered: