/verification-extension-451

Primary LanguageHTML

verification-extension-451

When California residents exercise their rights under CCPA by asking data brokers to give them their information or delete their information, these users are asked to verify their identities. This verification process can be a nuisance, since it’s not uniform across different data brokers and users have to go through it with each data broker. Instead of making users navigate this arduous process each time they have to verify their identities with data brokers, we’re proposing a browser extension that verifies the user once, and sends a signal to the data broker that this user has already been verified and can skip the normal verification process.

Clone this git reposetory

Navigate to your terminal and use the following command to clone the repositoory in your desired directoory:

git clone https://github.com/soha17/verification-extension-451.git

Install the Uni-verify extension in Chrome in developer mode

Steps to install extension in Chrome in developer mode: https://bashvlas.com/blog/install-chrome-extension-in-developer-mode

Software architecture and worflow of the extension

EPS_Plugin_architecture

Install and run services

Run a sample data broker website

In order to test the uni-verify extension you will need to navigate to a data broker website. For this project we assume that data broker websites have a form with certain UI elemts so that the etxension can run successfully. We provide a sample data broker website.

Using your terminal navigate to /Data_broker_website directory and run the sample website

cd Data_broker_website
python3 -m http.server

Note: If you don't have python3, you can find instruction to download and install it here: https://www.python.org/downloads/

To access the website, using Chrome navigate to
localhost:8000/requestform.html

Now to run the backend server of the data broker website. From the Data_broker_website directory in your terminal run the following command:

node databroker_server.js

Note: If you don't have node, you can find instructions to download and install it here: https://nodejs.org/en/download/package-manager/

Run the verification micro-services

We need to run the verification micro-service so that the extension can verify a usre's identity.
In a new terminal window go into /verification_microservices directory and run the following commands:
cd verification_microservices
python3 -m venv .venv
source .venv/bin/activate
pip install flask
If you don't have pandas installed do pip install pandas
python -m flask run

Your Flask micro-service should be up and running!

Note:
If you don't have python3, you can find instruction to download and install it here: https://www.python.org/downloads/
You can find more information on Flask here: https://flask.palletsprojects.com/en/2.1.x/installation/

Run the Node server for the extension

In a new terminal wnavigate to the /Node_server folder and run the following command: cd Node_server
node app.js

This service lets you access the extension’s registration and privacy policy pages.

You now have all the services up and running!


Workflow

1. Go to your Chrome browser and navigate to localhost:8000/requestform.html
2. In your extension you should be able to see the Uni-verify extension, click on it, you should see the extension popup window.
3. Click on the "Registration" button. This should opoen a new tab with the registration form.
4. Fill out the form with appropriate values and hit submit. You should see message indicating your successful registration.
5. Go back to the data broker website and fill out the form.
6. Click on the login button on the extension windown. Login using your username and password that you registered with.
7. Click on the verify button.
8. You should see on the form the uni-verify has verified you.
9. Click the submit button on the data broker form.
10. Go to your terminal window which has the data_broker server running. You should see the data the form submitted through the post request. You should see the "uni-verify-signal" field set to 1, which indicates that you have been verified to be a legitimate CA resident and that the data broker does not need to do any additional verification.

Note: "uni-verify-signal" field set to 0, indicates that the user is not registered with uni-verify services and the data broker should use other means to verify this user.

Current work in progress

1. Currently we are in the middle of implementing 2FA using Twillio. The code for this can be found at: #11

In order to run this code and test 2FA capabilities, you will have to register with Twillio at this link: https://www.twilio.com/try-twilio
Upon registration take a note of the following informtion:
ACCOUNT_SID
ACCOUNT_TOKEN
RECEIVER’S_REGISTERED_PHONE_NUMBER
SENDER’S_TWILIO_PHONE_NUMBER


After you have registered an account with Twillio you will have to slightly modify the code as follows:
Open the code with your preferred editor and go to file "verifyButton.js". In there modify the code to replace the following details with the corresponding information from your new Twilio account:
at line 14 and 20: ACCOUNT_SID
at line 20: ACCOUNT_TOKEN
at line 22: RECEIVER’S_REGISTERED_PHONE_NUMBER
at line 22: SENDER’S_TWILIO_PHONE_NUMBER


Now follow all the steps under section "Install and run survices" to run all the services.
Follow steps 1-9 under the "Workflow" section above.

  1. After you click on the verify button on the extension, you should get an SMS with an OPT.
  2. Enter the value in the OPT field on the extension window and hit verify again.
    You should see on the form the uni-verify has verified you.
  3. Click the submit button on the data broker form.
  4. Go to your terminal window which has the data_broker server running. You should see the data the form submitted through the post request. You should see the "uni-verify-signal" field set to 1, which indicates that you have been verified to be a legitimate CA resident and that the data broker does not need to do any additional verification.

Note: "uni-verify-signal" field set to 0, indicates that the user is not registered with uni-verify services and the data broker should use other means to verify this user.

Future work

1. Currently we don't have proper access tokens for login and authentication. As next steps we will implement Google's OAuth 2.0 for authentication.
2. Currently there is no database integration. We have looked into different kinds of databases and want to use a NoSql database as we don't need a relational database for our use case.

Refrences

All images and logos used under: https://www.canva.com/policies/free-media-license-agreement-2022-01-03/

Reference to the Node js Server: https://nodejs.org/es/docs/guides/getting-started-guide/

Reference for the chrome extension guide: https://developer.chrome.com/docs/extensions/mv3/devguide/