Can Selfies Be the Key to Online Security?

By: Lee Rickwood

October 8, 2015

A new Canadian technology company is developing a multi-platform social network that uses selfies to verify a member’s identity.

The LegitChex application is launching in a beta test mode today, the Toronto-based company describes, with a few last minute tests and needs to be addressed.

app screen

The LegitChex mobile app interface.

It’s been designed to support and ensure safe online transactions, and so its user base and target market in the start-up phase includes online buyers and sellers, games, businesses and member of dating sites. The app promises features such as real-time chat messaging, an eWallet tool, and even a security assist option that notifies loved ones if the user is in danger.

LegitChex is confidently gearing up for as many as 25,000 users in its first year, a number that surely is well below the number of folks who say they want or need anonymity online.

It’s where the Internet started, after all: anonymity was not necessarily a strategic plan, more a by-product of the technology itself, yet a welcome one: remember the early days of the Internet, back when anyone could be a dog?! Not only a great New Yorker cartoon, that anonymous aspect of the ‘Net was the meme of the day, as it seemed to open up a democratic space where everyone was equal, because in part everyone was anonymous.

There are surely reasons for anonymity, just as there are reasons to be identified.

Anonymity is one of the biggest obstacles to fighting harassment online, providing an online cover for inappropriate or illegal activities; it is also seen as one of the biggest tools to preserve political independence, civic activism and democratic rights around the world.

Twenty years (yes, twenty!!) after that canine cartoon first appeared, it may well be that the anonymizing aspect of our online, mobile and digitally-mediated world has contributed to many of today’s cyber-concerns: it’s way too easy to hide behind a made-up user name, a fake online ID or Facebook account, even an obscured IP address – and then let harsh those words fly freely.

(MediaSmart, a Canadian non-profit advocacy group for online and digital literacy, conducted a survey in which almost half of the teen-aged respondents acknowledged they “were someone else online”, and they used a fake ID in order to protect their own identity. Many said it was to play jokes on friends, to flirt or to register for age-restricted websites.)

Even without anonymization (a controversial subject on its own), words fly way too freely in many situations (yes, that can happen when face-to-face, or when on the phone, so it’s not digital devices alone that enable our careless or malicious nature), so software tools that give us more anonymity may not be the solution we really need here.

But in cases of commerce and online transactions, anonymity is regarded as reasonable protection (not having to surrender personally identifying information and thus be vulnerable to spam, for example).

And surely in the case of online dating, anonymity at least at the start is key to building trust; eventually, carefully, that online trust may well lead to a face-to-face meeting (at which time some kind of protection may well be even more needed).

That’s why LegitChex wants to get its solution into the hands of individuals and businesses, so they can communicate and conduct transactions in a safe and trustworthy environment.

A screen grab from LegitChex YouTube video, hosted by the Toronto tech company's founder,

A screen grab from a LegitChex YouTube video, hosted by the Toronto tech company’s founder, Jericho Digos.

“The smartphone app helps to prevent scams, fraud, harassment and tire-kickers that have no intention of meeting,” Jericho Digos, LegitChex’s founder, said when announcing the app. “Safety is our number one priority and our members have the power to engage in unlimited secure transactions. Best of all, we never share a member’s personal information.”

That latter point comes up as a result of LegitChex’s unique member verification strategy: once a prospective user submits a government-issued photo ID, it is then matched to a database, and a LID (LegitChex’s own proprietary identification) is created.

The government issued ID is scanned by the LegitChex application, at which the company’s software authenticates its validity utilizing computer vision technology to verify credentials issued. It’s described as a quick and seamless process that takes just seconds.

The user is then instructed to validate ownership of the ID through facial recognition. For this verification the user simply takes a selfie, send that in, and it is cross-referenced with the photo on the piece of identification provided.

Upon successful authentication, the user becomes “Legit”; it’s the LID that is used in online communications and transactions, with no other personally identifying information being shared (with consent).

Of course, sending one’s photo ID online to some company could cause privacy and security concerns all by itself.

LegitChex says the submitted ID will never be exposed to anyone, and that is has gone to great lengths to keep the information private and secure. For privacy and security purposes, all data is transmitted using secure transport with strong cipher suites and stored encrypted using AES256, a kind of symmetrical encryption algorithm that’s used to encrypt transmitted and stored data.

Whether it is when buying a used washing machine online, trying to find a loving partner or criticizing a despotic regime, there are ‘legit’ reasons to be secure online, to protect ourselves and our privacy.

But to be clear, anonymity is not the same as privacy: An anonymous action is one taken without attribution, with no name attached, with no source identified. A private action is one taken without external interference, without outside intrusion, without outside attention, but with at least an implied willingness to be identified (if only to select partners).

That willingness to be identified must be what LegitChex is counting on: there’s no need to reveal all, right away, right up front, but eventually, a certain amount of trust can be established, and at the end of that process, identities can and should be revealed.

Yes, tools are needed for both the protection of privacy and the assurance of anonymity; but more to the point, a good understanding of why, where, when such tools are needed and are appropriate is important to have, as well.


Leave a Reply

Your email address will not be published. Required fields are marked *