Thursday, March 1, 2018

The only way to not screw up Aadhar and its data anymore in india

Before we start let me make a bets.
You show me an
easier for consumers(citizens)
more secure
easier for clients (service providers)
least maintenance
more efficient (time invested in this vs benefits)
I am willing to share give away my salary.
I do not want to get into the whole controversy and conspiracy about the whole purpose of aadhar being data mining, monitoring of indians by the indian and international govts (big brother and others). What I want to get into though is how silly and easy it is to get any citizens details by any crook for the lowest price.
This aadhar number is attached to
1. bank accounts
2. all investments
3. All facilities that you obtain from govt (gas connection)
4. your phone connection
5. your internet connection
6. your insurances (health, automobile etc.,)
and more...
Such data was available on sale in the black market for as cheap as 500 INR (approx 7.5 USD). It was also easily hacked by one of the french researcher. It is becoming next to impossible or at least difficult to obtain anything which is any citizen's right, without providing aadhar details. So,
how can one provide aadhar details without providing aadhar details?
how can one authenticate or validate their authenticity of citizenship or aadhar without compromising it?
Simple. It already exists. I will first give an example.
you go to feedly.com and you can create an account or login without creating an account. how?. login with google or login with facebook or login with twitter.
you go to stackoverflow.com and you can login by just clicking on login with google or any other authentication provider.
you have today many big companies have such feature. microsoft allows you to apply to their jobs with linkedin button. you click on the login with linkedin button. It opens the pop up button which has the username and password section of linkedin and an allow access button with a cancel button.
so how do we solve this problem?

case 1: get gas connection or authenticate gas connection with aadhar

a) log into bharatgas app. click on add aadhar details button.
b) the above action triggers the aadhar app to open and allows us to choose yes or no.
c) If I choose Yes then it makes me log into the aadhar app and once I do the aadhar attachment or KYC (know your customer) process is done; If i choose no then it gets cancelled.
d) When I log into my aadhar app I can also see all the services to whom I have allowed my aadhar to use. I can just revoke the access to any of these at any point of time. ex: If you go to facebook or google it provides the list of all apps who have access token from them or these apps allow login from google or facebook. I can click on the x icon next to them and it revokes access.

Case 2: get phone connection 

a) download the service provider app
b) click on link aadhar or add aadhar button.
c) aadhar app pops up and asks us to allow this app to use its token.
d) If i choose yes on aadhar then the KYC is done and if i say no then it gets rejected.

We can also set an expiration date for such tokens to these services. If the use for example doesnt renew the KYC for his bank account then it gets expired. The service is put on hold. It makes sure that the services are not exploited by the users or user data is not exploited by the service providers.