Showing results for 
Show  only  | Search instead for 
Did you mean: 

Self Sovereign Identity phishing alert

Making moves

Hello everyone. Here at Sideos we developed a platform for Self Sovereign Identity or SSI for brevity, which makes use of JWT which are mainly converted eventually into QRCode. In general scanning a QRCode with an app, and eventually exchange information is prone to phishing attacks. It is easy to fake a real page with a fake similar URL and induce a user to scan a QRCode, thus transfering information to the wrong place. Since there is no way to check this at the backend server level, the only option is to have something done at the browser level. In other words I would like to see if it possible somehow in the browser do a kind of authenticity of the QRCode content i.e. map a precise URL in the code with the actual URL in the bar, to alert a user that something can be wrong. We can make sure the QRCode contains the specific field, and content in the right place, but wanted to make sure then the browser with some settings (enable QRCode verification for example) does the job of checking. SSI is evolving and there are lots of projects out there which use QRCode including our product, to enable passwordless login, exchange of personal information etc.etc. I believe in the next few years the market will explode with decentralized solutions, and this will become an issue which can be resolved only at the browser level. A secure SSI browser will be the best partner for decentralized data solutions.