University makes us sign our documents electronically. What this means is that we're required to put pictures of our signature onto all sorts of declarations. Since none of the documents we "sign" this way are important it could be okay, but I don't understand why it's beneficial to encourage us to keep a photo of our signature on our computers, paving the way to identity theft.

Legally, “click-through” agreements are just as valid, and significantly safer in this regard.

Those might require some strict compliance around logins, though, which a school website cannot hope to meet. Not a lawyer so idk.

@Root They authenticate with Microsoft and have mandatory 2FA, login security isn't an issue.

@homo-lorens Well then!

@Root Also we're signing things like originality declarations, they could literally skip the whole thing since they announced at the very beginning that if you plagiarize you get the boot. I don't think they need a declaration to remove someone for plagiarism.

Signatures aren't your identity, you can always make any agreement invalid if you didn't sign it, and chances of theft are really low.

@theabbie That is not true, depending on where you are not only are many written agreements legally binding without a signature if your approval can be verified in some other way but occasionally recorded verbal statements can be considered proof of approval as well.

@theabbie Chances of theft of digital goods from personal computers is extremely high as very few people know what they’re doing in terms of infosec.

Proving that you didn’t sign a document that quite literally has your signature on it is also difficult, especially for accounts that look like you created them due to someone stealing enough of your info to masquerade as you. That’s why identity theft is so awful: not only does it usually come with financial burdens, it incurs many legal burdens as well.

@homo-lorens
Click-through is valid.
Written is valid.
Recorded verbal is valid.

Source: I work in fintech, and built the autopay authorization system for my employer.

@AtuM I sign what they tell me to sign, obviously, but if I can't criticise their shitty practices in the mean time they are free to put their degree where the sun doesn't shine.

@Root don't those risks exist on paper signatures as well, someone could easily forge your signature, the only protection against that are laws, and if your photo signature if used for something else than asked for, is already illegal, so, college won't do it, for theft, you protect them like you protect your passwords.

@theabbie The number of people that can forge my signature at the moment because they have seen it is rather low. The number of people who know that I likely have a picture of it on my computer and are on the same subnet as I am equals everyone in my uni.

@homo-lorens There has to be some encryption methods for that, human verification system sucks anyways.

@theabbie Additionally, figuring out my legal address (which is my house and room on campus) based on network topology and my address range is so easy I can do it without any infosec training.

@theabbie The reason forging isn’t as common is both because it’s more difficult, and because it often requires physically being somewhere to sign it— and therefore on camera. That makes it easier for both their victim to prove it wasn’t them, and for the thief to get caught.

1. Generate key pair print on paper and sign document stating that this is your public key.
2. Sign documents using gpg.
3. When someone steals private key sign document that your key was stolen and this is your new key.
4. Profit?

@TheSilent I know but in this case security is less important than that 60 year old music theorists can use it.

@homo-lorens Just tought the idea of printing out a public key and signing it by hand was funny. Wasn't ment as a constructive suggestion ;)

@uCLI 80 year old musicians with a deep fear of digital electronics have to be able to use the same system we do, so nothing fancy can be used. And really, none of the documents is important enough to warrant a signature.