Frequently Asked Questions

I think the choice between security and ease of use is a false
choice. I believe we can have them both.

I’ve designed a protocol that makes it easy to control your privacy.
In fact, the cryptographic aspects are completely hidden from view,
protecting you, the user at all times.

I call it Eccentric Authentication.

Here are the answers to some questions that might arise.

What are the goals of Eccentric Authentication?

The main goal is to increase privacy on the internet. Privacy for the common man and woman.

In other words, privacy is the most important aspect. More
important than the ability of a site owner to track users.

Why favor the end user?

We believe that unless the end users have control over their privacy,
they don’t have privacy at all.

As I’m an end user most of my time, I want my computer/phone/tablet to
protect me at all times. I don’t want my computer to spy on my for
‘better advertisements’ or worse. I don’t want to have to jump through
hoops to protect myself. That path leads to madness.

This protocol puts the end user in control of their true identity.

The protocol can’t do this protection on its own. You still need to be
wary and use other protection mechanisms too. We’ll point you towards
these where applicable.

How do you protect the privacy?

You can stay completely anonymous by only using sites that don’t need
an account.

But that’s too limited. There a strong need to have accounts at
sites. To manage a blog, to keep shopping baskets from mixing up and
so on.

The real need is to tell different users of a site apart.

We fulfill that need with a digital pseudonym. The
pseudonym identifies you as a user of the site withour revealing your
identity. Not even the site learns who you are.

Email addresses are identifiers that are tied to a person. Most people have only one.
Not good enough, to us. We don’t use email address, nor passwords.

We use client cryptography.

What about the anonymous connection?

The anonymous connection, uses a plain old HTTPS connection. The same
type of connections that – currenty – show the green padlock. It
protects against eavesdropping and tampering.

There is a difference in the way we sign the server certificates. We
do that for good reasons, but that’s a later question.

What about digital pseudonyms?

A digital pseudonym is the ‘name’ you share between you and the site. You come up with the name.

To create an account at a site, you press a button on your web browser
and it requests a pseudonym with your chosen name at the site.

We use client certificates to implement these pseudonyms.

What? Certificates without identifying information?

Yes, the technology behind client certificates do not require you to
provide any user identifying information. Without any identifying
information a certificate is a just a strong secure bond betweeen the
private key of the user and the private key of the Sites’ CA.

Each site signs the certificates with its own CA.

A CA for each web site?

As these certificates replace the email address and passwords, we
don’t want to replace them with something that ties stronger to your
real identity.

The client certificates from the global Trusted Third parties require
full identity before signing exactly that. Your digital
passport. That’s even worse than the current mess with passwords.

When we place a Certificate Signer into each website, it doesn’t need
any identifying information. Just a certificate to bind the private keys together.

Your browser creates a new certificate for each site where you sign
up. The certificate is the account. You can have several different
certificates at the same site, these are different accounts.

When you come back later, the site asks you to log in. Your browser
detects that request and offers you to select your previously created
certificates. You choose one and your browser logs in with that
account. Or you choose not to log in and stay anonymous for that session.

Nowhere during the sign up phase do you need to provide an email
address.

The certificates don’t contain anything that reveals your identity.
That’s how we can create these privacy protecting connections, each
certificate is a pseudonym.

Why sign the nickname in a certificate. The public key of the user is already unique.

True, the public key of the user is unique, unforgeable (so no one can
impersonate a key). And it is anonymous as its just a long random
number.

But there lies the problem. These long random numbers are too long and
too random to be recognised and remembered easily by humans.

The nickname in the certificate is the human recognizable identity.

It allows you to recognise other people at the website by their chosen
nickname.

Here we go from simple access control to a website towards secure
messaging.

How do you envision secure messaging?

Inside the certificates is the public key of the owner. It allows you
to encrypt a message so only that person (with the private key) can
decrypt it.

Now all you need is a delivery mechanism.

How do you deliver encrypted messages?

There are two options: The first is to deliver the encrypted message
via the website that signed the certificate. You know that the person you
are writing to has an account there. I

If that site does not have a mailbox for (some or each of) their
users, you’ll need to find a mailbox service. If your recipient has
opened a delivery service somewhere she’d created a signed statement
stating where to drop off messages for her.

Where to find that signed statement is for a future question. Or look at the site: Anonymous private messaging and further chapters.

What if I reveal my identity?

On purpose?

If you decide to reveal an identity, you let the world know that you
(the person) control that certificate. All your other
certificates remain unidentified.

By accident?

If you reveal your identity by accident, you lose the privacy aspect
of that identity. It’s no longer a pseudonym, it has become an alias
to your true identity.

It still is secure. No one can impersonate you. You can decide to
continue using this account or not.

Why would sites use this?

  • respect for customers:

  • cheaper to host;

  • cheaper in case of breach, given Teevens proposal to fine an undisclosed breach of privacy Eur 450.000,- max.


expect more to come soon.

Interestingly, if you run a business that adopts this protocol to
assure your customers’ privacy, you’re benefitting too: cheaper
security costs and easier scalability, amongst others.