think of digitally signing copied stat-text

lokprolokpro ✭✭
edited October 2019 in App Feedback (Archive)

Now in Prime we can have profile stats copied as text, which makes it easy to be transferred to other systems. I think Ingress can simply include a signed "HASH" field for other systems to verify its authenticity.


There are tons of 3rd party systems utilising Ingress stats for recording, comparing or other stat-race gameplay. For examples, notably Agent Stats, IFS, and many fan competitions organised with Google sheets.


As now, when a competition organiser want to verify one's stat, they need check the profile in game and may also need to ask the person to make it "not private". Sometimes we export screen (now Prime only part of the screen) to say the stat is more genuine.

I think including an official digital signature in the copied stat may help these things to be done automatically, and to avoid cheats so as to improve the overall experience of these 3rd activities.


---

Technically speaking (not professional),

to implement so, the copy action is not done locally, but to request the server to sign with Ingress's private key and return it.

The public key is given out for everyone to check for its authenticity.


Illustration borrowed from wikipedia:


To the best of my knowledge, a 256bit signature "HASH" is like this long

1dae8556e57bb04bf380b2dbf64f3e6c61f9c28cbb6518aabae95a003c89739a

which is not a big deal for the already bulky stat-text. And of course it may not need to be that long.


The most important thing is how to make it simple enough to let Javascript or Google Sheets appscripts to do the verification. I believe there are common libs around.


---

By the way, from what I see the timestamp (" Date (yyyy-mm-dd) Time (hh:mm:ss)") are in local time. For global games, it is better to also include the time zone; also good to include a universal time like getTime() in Javascript.


The time is also very important to many fan-organised gameplays.

Tagged:

Comments

  • 1valdis1valdis ✭✭✭✭✭
    edited October 2019

    I suggest ISO format for timestamp, like toISOString from Javascript. This is a standard for representing a moment in time, it holds time zone info and is easily human-readable (looks like 2019-10-30T20:57:27.427+02:00 ). Milliseconds format doesn't have the advantages listed in previous sentence.

  • Excuse me I would like to bump this thread because I think it is worth considering.

    And by the way, the timespan - "ALL TIME", "WEEK", "MONTH" - in exported texts are translated according to the app's language settings. It should always be in English, as it adds a difficulty to programming.

  • edited January 2020

    EDIT: Re-reading, you are talking public/private key, you're just using "hash" the wrong way.

  • A simple checksum would detect non-malicious errors.

    Any attempt at anything stronger (eg encrypting a stong hash) is doomed because the encryption key can be found by reverse-engineering the application - which only needs to be done once.

    Screenshots can be faked quite easily - given the right tools.

    If you want to remotely verify some stats (eg of a competition winner) you need to get their stats made public for a short time.

  • NineBerryNineBerry ✭✭✭✭✭

    The signature would have to be applied by the Ingress server part

Sign In or Register to comment.