Implementing a Secure and Trustworthy Badge Feature for Website Verification #1
Description
Feature description
Implement a new badge feature that can be easily displayed on websites.
The idea is inspired by Website Carbon which integrates a similar badge feature that can be easily embedded anywhere on a web page.
This screenshot was taken from the footer of Overthere link
Use cases
- Allow website owners to showcase their site as legitimate without adding extra steps for users.
Benefits
For website owners
- Retain users on the platform.
- Provide a safer and more trustworthy experience for users.
For users
- Enhance user confidence by confirming the legitimacy of the site.
For UNFraud
- Increase visibility.
- Broaden the usage range.
Questions/Discussions
- Preventing Badge UI Copying on Impersonated Websites
- Issue: How can we prevent malicious actors from copying the badge UI onto impersonated websites to deceive users?
- Discussion Points:
- Dynamic Badge Generation: Implement a system where each badge is dynamically generated with a unique identifier or cryptographic signature tied to the website's domain.
- API Authentication: Require authentication via API keys or tokens to fetch and display the badge, ensuring only legitimate websites can access and display it.
- JS Embed with Domain Verification: Use JavaScript embedding that verifies the domain of the site where it's embedded, ensuring it matches the domain registered for the badge.
- Evaluation: Despite these approaches, none of them individually may completely mitigate the risk of UI copying on impersonated websites.
Future Implementations
- Applicability in Finance/Blockchain Industry: Consider potential future implementations in industries like finance and blockchain, leveraging the badge feature to enhance trust and security.