For discuss.nubits.com, I’ve been thinking about ways that users could authenticate without having to use an email address. Primarily, I’d like to provide an option that let’s people use something unique, but that does not also open them up to potential privacy concerns like email can.
BitMessage Authentication Plugin
Build an optional authentication plugin that would use BitMessage as the unique identifier. The simple setup would be that our forums could run their own headless BM client in the background. A user would input their BM address into a form (like they would if they were entering an email address) and then using the BitMessage API, the plugin would create a unique address within the forum’s BM headless client and use it to send a pre-structured message to the user’s enter BitMessage address.
Sample message (entirely too verbose, but we can wordsmith):
"Greetings.
This BitMessage address was used to attempt to register an account ({FORUM_ACCOUNT_NAME}) on discuss.nubits.com. To confirm that this is your BitMessage account, and that you intended to use it as your identifier within the Nu forums, please reply back to {NU_FORUM_SENDING_BM_ADDRESS} with the message:
ConfirmedIf this does not sound familiar, and you do not want to connect this address to the Nu forums, you do not need to do anything, and can just ignore this message.
Once this user account had been connected, it would work just like a normal account, and any communications that would typically go out to the user via email would instead be sent to the user through their confirmed BitMessage account.
Extension
While this makes for a great way to set up user accounts in an anonymous manner, it may also provide a useful way for people on the forums to set up a way for others on the forum to contact them without revealing any additional information. One possible extension to this plugin would be to enable any user account (even those authenticated with email, previously) to associate one or more BitMessage addresses with their accounts and then to allow those to be used for user-to-user communication. It could be displayed in a user’s “signature” if needed, as well, and provide for a “verified” badge on the forums.
