2

I'm building a web-based app centered around security, privacy, and anonymity. One of the key principals of the app is that users can store sensitive data anonymously.

As a result, I expect to outsource system authentication entirely, preferably using OAuth or OpenID.

Is this even possible? I'd like to avoid storing email addresses or any other kind of user-identifying information on my side.

EAMann
  • 4,128
  • 2
  • 29
  • 48

2 Answers2

2

To begin with, OAuth is a completely different thing, separate from your project's scope.

I guess it depends on your definition of "anonymous". If you use OpenID, you would be saving your users' OpenID URLs. In other words, your system would be precisely as anonymous as your users' OpenIDs.

A more intrinsically anonymous solution might be to simply let your users enter an arbitrary string to identify themselves. Returning users would simply type in that same string again. If you want to display a user's "identity", you could run that string through a hash function. No registration required (and not unlike 4chan's secure tripcodes).

Dolda2000
  • 25,216
  • 4
  • 51
  • 92
2

A friend of mine was working on this a few years ago. His idea was to hash an email address and a thumb or fingerprint into a unique image (biometric data is just a stream of bits, and in theory a fairly unique one compared to a human-input password like "123456").

That image could then be stored on that person's devices using their own password or bitlocker, or even printed out and locked away physically. The image would be the key when shown to a webcam or uploaded, sort of a reversal of QR codes.

Of course, the image-creation would be the potential tracking point. But if that was done entirely in memory or with a free and widely-distributed key generation tool then you would probably have some legal-protection from being compelled to reveal original users' data or identities. (this all glosses over the need for wide use of biometric scanners and secure connections all around)

Edit:

Biometric data streams are slightly different each time they're taken. There is no "password recovery" if you hash a stream like this as-is, it will likely never be the same. Most dimensionality-reduction would make it far less secure, and might still leave a chance that it couldn't be reproduced.

Mike Bijon
  • 52
  • 1
  • 6
  • I was just thinking about this and the difficulty in getting a unique stream of biometric data ... you could use someone's avatar image or an image they choose from a large set as the stream to hash along with their password (probably best to use the color values from the image, instead of the encoded characters that tend to have patterns). – Mike Bijon Feb 17 '12 at 00:39
  • Choosing from a large image-set would be like most banks offer along-side their password entry fields, and be of medium-enhanced security vs a password. The avatar or uploaded image option would be greatly-enhanced security vs a password -- but the downside is there's a (very small) potential to use the hash to uniquely identify the image that it was built from and then find that image's owner. – Mike Bijon Feb 17 '12 at 00:45