-
-
Notifications
You must be signed in to change notification settings - Fork 21
Wasabee Niantic Community Verification
Niantic does not provide a mechanism to determine who someone is in Ingress; there is no API for this. Wasabee cannot know who you are in Ingress unless you tell us -- and we would be a fool to trust you if you just told us. So Wasabee provides several mechanisms for determining your in-game agent name (IGN). The most reliable and accurate (in our opinion) is verifying your Niantic Community account by posting a secure token generated by Wasabee and having Wasabee verify it. This gives us reasonable assurance that you are who you say you are.
Technically it assures us that at least one person who controls a given Google account also controls a given Niantic Community account. This is good enough for our purposes.
- Log in to the WebUI
- Switch to the settings tab.
- Put in your Ingress agent name (using the exact spelling and capitalization as in-game!)
- Click the "Get Proof" button.
- Copy the entire block generated
- Post that block at the Ingress Community's Activity feed
- Switch back to the WebUI and click the "Verify activity post" button.
- Log in the mobile app
- You should be prompted with the "Agent Community Verification" program (if you didn't ticked the "Don't show again" thing). If you did, go to your profile, and click on "Link Ingress account" button
- Follow the step-by step guide in-app
Just in case, here is what you have to do:
- Fill in your agent name (using the exact spelling and capitalization as in-game!)
- Copy the token
- Open the Ingress Community's Activity feed with the button and post the token
- Go back to the app and click on "Verify me"
- If all is good, the app will tell you that your profile is now displaying a '🐝' next to your Agent name
In December 2021, we noticed that many people were posting short codes to the Niantic Community and figured out that this was to verify people at Banergress. Wasabee-Mobile lead fisher01 prompted the dev team to build a similar solution. Wasabee-Server lead, deviousness, thought it was a dumb idea. fisher01 and Wasabee-IITC chief, LeJeu convinced him otherwise. Within 48 hours the team had built a solution modeled on Bannergress's good idea, but made even more secure by the use of strong cryptographic signatures.
Yes. That's true. The verification token isn't either of those things. Because of how the values in the token are encoded, it can't be used to log in anywhere. The token is designed to be posted publicly. You can paste the token into the jwt.io debugger or jwt.ms and see its contents. It has the name you are claiming to be and your google ID (not a protected value; many google APIs expose this publicly).
Yes. GIDs are not secure/private values. There is no reason to hide your GID since Google exposes it in many of its APIs.
Yes. Once you are verified, you can safely delete it.
It gives us a strong assurance that the person who controls the Google ID used to generate the token is the same person who controls the Niantic Community account. If people are sharing either account, or if someone forgets to log out of one of the accounts from a public terminal, then it could be tricked. But, if you are forgetting to log out of a public terminal, then your Ingress account is probably your least worry.
Yes. In theory a third-party could also read the tokens to develop a list of known Wasabee users by their IGN and GID. That is, RES could use this info to know that you are ENL.
OK, good luck with that. I won't try to explain cryptographic signatures to you.
Yes. We put the JKU in the token for that reason. If you want to trust our signature, go right ahead.
Visit https://wasabee.rocks/ to log into Wasabee.
Wasabee is not affiliated with Niantic Labs