Pruver certifies people's identities (e.g. they're a Warwick student), without revealing anything else.
Why?
There are many use cases for Pruver. It was designed for solving problems with feedback surveys:
We want people to be anonymous, so they can be entirely honest in their answers.
We want to be sure the same person can't submit multiple times.
We want to target a specific group (e.g. just 2nd year Warwick CS students).
How do I use it?
You generate a link, and share it with people you want to verify
People visit the link and verify their identity (e.g. login to their Warwick account).
They give you the code, e.g. by copy-and-pasting it into a survey.
You can verify this code and extract the data from it
How does this work?
Our system takes the user to the login page of the necessary provider (e.g. Warwick University).
When they login, they're taken back to Pruver which compiles the requested data and signs it.
Cryptographically signing the data uses clever mathematics to prevent anyone else forging a code.
It can also generate a uniqueId by scrambling the user's ID with a seed of your choice. This can be used to prevent duplicate submissions.
Want more detail? See the technical explanation (and the code) on GitHub.
FAQs
Why not use IP addresses?
Checking IP addresses doesn't work with students as they usually live with flatmates who we don't want to exclude, and it's easy to circumvent with a proxy or VPN. Also, doesn't certify submissions are from a particular group (e.g. CS students only).
What prevents someone with access to the code reusing it in the future?
Generated codes contain a reference and seed which Pruver will include in the signed body. This means you know the user specifically certified themselves for that reference and seed - we recommend using a new seed for each survey.
I think I've found a security or privacy-related problem