Classic example of disasters in not differentiating aadhaar authentication, eKYC, eSign, eMandate. Everything needs only one OTP and no knows what transaction happens in backend. @India_Stack will be happy because all they care is volumes not user interest. #Consent #Fraud
A simple way of fixing this mess, is to not allow signatures by just sharing OTP, but involve some bit of user action and adding friction to make sure signatures can't be made with just OTP. User can send a SMS from registered mobile with SIGN <OTP_SENT_TO_ENTITY> to get SIGNOTP
What this would mean is, while signing is still happening through the same set of APIs, it codifies user action, which reduces frauds like these. eSign still has more issues, but this is rudimentary.
This is example of why #eSign lacks non repudiation. On going deeper levels, even biometrics can't solve them, as it can be cloned. Adding mobile action from user can only minimise, not completely eliminate.
But all these add cost, involve Infrastructure changes and cost of signing will marginally increase coming back to customer. We aren't even looking at rights cost here.
This is yet another experimental tech by @India_Stack for digital lending industry interests. There is a very simple non-tech way of fixing the mess. Dogfooding, international use will automatically lead to people scrutinizing the tech of eSign
1. DogFooding -- Has @NandanNilekani signed any document in 2.5 years of its existance. Please show me examples @India_Stack. My bet is he hasn't. Which clearly means, some tech is for poor, vulnerable, while proponents care about safety, privacy. #Shameless
2. Govt use -- Has @rsprasad ever e-Signed a parliamentary document, all the while promoting it on twitter? Mostly no again, For him to do so, his office (ministry) would need to scrutinize the tech for its risks. Again, prove me wrong, show me one eSigned document of yours.
3. International use. Globally, this eSign will be shunned upon for its hacky design. There are multiple levels of fraud possible on this layer, preference for commoditization over quality, preference to give more power to lenders while stripping consumer interests.
eSign is broken and is proven with above fraud. While it takes time to fix the mess @India_Stack has created, how do you safeguard yourself in the meanwhile? Here are some simple ways, try using them where possible, boycott if its impossible.
Since the problem is about not knowing the use of biometrics / OTP on a system and whether its used for authentication (Aadhaar auth) / eKYC (KYC details shared), Authorization (eSign), Financial Authorization (eMandate). Do the following.
Ask a written document, signed with by the person you are sharing with, along with Aadhaar number of the agent, GSTIN of entity you are transacting with to give you written assurance how they using and what transaction they are performing.
Ideally, not just biometrics / OTP, ask this for anyone who is asking your #Aadhaar number. This will reduce power asymmetry, but not solve all problems. Resist transacting if the agent / entity is not willing to give you this confirmation in writing
The above only reduces counterparty fraud/risk. My belief is #eSign is a speech control technology.Your ability to eSign a document rests with the state (body UIDAI),authenticating through its shoddy,non transparent,unaccountable authentication system & bunch of intermediaries
#eSign fundamentally involves a host of third parties for mutual agreements. While in some cases, notaries, intermediaries are legal requirement, a single digital intermediary controlling ability to sign is someone holding the pen and you are their mercy for signing.
On the alternate definitions of @India_Stack I call this speech control technology. Your ability to sign lies with the state and bunch of intermediaries. Good luck trying to sign after eating beef / pork or tweeting against powers.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Srikanth ஸ்‌ரீகாந்த்
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!