undefined | Better HN

0 pointsantoineleclair14y ago0 comments

I can't speak for SignNow.com, but on our side (Signsquid), we decided to ditch completely the hand-written signature, in favor of a better thought process.

We use a combination of a unique link, sent by email, and a unique secret code, told by phone, for each signatory. This way, we can be sure the good person signed.

Also, we decided to not enter the contract redaction process. You simply upload the pdf that will be signed.

Once the contract is signed, a page that contains the audit trail (who signed and when) is appended.

0 comments

beambot14y ago

How does a unique link (over insecure email) and a phonecall (to which number? how to verify speaker?) ensure the person's identity? That sounds dangerously straight forward to subvert.

antoineleclairOP14y ago

You make it sound like it's totally insecure. Look at all the alternatives, and I am pretty sure we are the more secure.

Most still use a fax, which is incredibly insecure (how can you be sure who signed?). Other online solutions either use simple email reply or a hand-written signature.

Just to clarify the process, once you uploaded your file and chose the signatories, Signsquid sends a link to each signatory. Each one of them has its own unique link. Then, the sender (you), gain access to the list of codes assigned to each signatory. Again, each one of them as one unique code. You have to call them by phone to tell them the code.

If someone wanted to "hack" the process, he would have to gain access to the inbox of the user and also fake his voice over the phone.

beambot14y ago

We've had a few thousand years to figure out decent ways to authenticate paper-based documents. Presumably, one of the biggest implications of a paper-based solution is that you get some level of contestability. In the case of a signature, you get penmanship (at least to a certain degree of expert evaluation); for currency, you get the paper type, watermarking, holograms, etc.

You have very little of that in the process described by the OP. The accountability is "email is secure, and you know the person's voice." That's fine if you implicitly trust your contracting counterpart (heck, then the contract has little purpose). But it does little if they later recant or refute the signature. In the end, the most important aspect: It needs to be tested in a court of law before I'd even consider it.

I'm not sure what the "right" solution is in the digital age, but my hunch is that it will involve some sort of PK Crypto. Perhaps we're not too far from having NFC tags embedded in our body for precisely this purpose.

_jb14y ago

You're supposed to know who you're dealing with when on the phone. If you deal with someone you kinda know (met in person before or on the phone), I really don't see how it's a problem.

On the other hand, if you're doing online business, you may not be the direct public for this service.

my 2c.

j / k navigate · click thread line to collapse

0 pointsantoineleclair14y ago0 comments

I can't speak for SignNow.com, but on our side (Signsquid), we decided to ditch completely the hand-written signature, in favor of a better thought process.

We use a combination of a unique link, sent by email, and a unique secret code, told by phone, for each signatory. This way, we can be sure the good person signed.

Also, we decided to not enter the contract redaction process. You simply upload the pdf that will be signed.

Once the contract is signed, a page that contains the audit trail (who signed and when) is appended.

0 comments

beambot14y ago

How does a unique link (over insecure email) and a phonecall (to which number? how to verify speaker?) ensure the person's identity? That sounds dangerously straight forward to subvert.

antoineleclairOP14y ago

You make it sound like it's totally insecure. Look at all the alternatives, and I am pretty sure we are the more secure.

Most still use a fax, which is incredibly insecure (how can you be sure who signed?). Other online solutions either use simple email reply or a hand-written signature.

If someone wanted to "hack" the process, he would have to gain access to the inbox of the user and also fake his voice over the phone.

beambot14y ago

_jb14y ago

You're supposed to know who you're dealing with when on the phone. If you deal with someone you kinda know (met in person before or on the phone), I really don't see how it's a problem.

On the other hand, if you're doing online business, you may not be the direct public for this service.

my 2c.

j / k navigate · click thread line to collapse