So you're saying the signature itself is irrelevant? It's just an elaborate checkbox? The question then is how do you prove I was the guy who checked the box?

It’s sort of is actually. What really matters is the providence of the approval, the adult trail or whatever you want to call it. You are creating a record of when and that you agreed to something and the signature is an artifact of that agreement.

A signature is somewhat harder to take them and checking a checkbox and can be somewhat more easily traced back to the signatory, so it’s probably somewhat better than a checkbox.

So in hipster terms: it's a paper blockchain that isn't immutable and has no real identity ;-)

I mean it's just a paper record. It's existence alone doesn't necessarily prove anything on its own. It's when you're making a case to a judge that you didn't buy 1700 rolls of toilet paper they can say bring it out and say "Yes you did and we have your signature."

You're free to counter and say it's a forgery just as you would be to counter and say someone stole your private key. But the point of a signature in particular is that it's supposed to signal considered intent rather than mindlessly checking a box or being rushed and saying "sure sure whatever."

We pop up dialogs to ask users for confirmation before doing dangerous actions. What's wrong with the paper equivalent?

And is pretty easy to forge collisions.

Audit trail... see also companies like Jornaya that specialize in making any form interaction auditable for consent to receive marketing.

Actually yes. You can mark with an X, and that was somewhat common when the literacy rate wasn't as good as it is now. The answer to your last question is to have witnesses, either in person or proxied via a notary.

That's what a notary does; https://en.wikipedia.org/wiki/Notary

The willingness or need to enforce seems to correlate with the measures a company requires you to take on signing.

* TOS - a simple checkbox - or even just a "continue button" * Moderately large purchase - type your name * Larger purchase - draw your name * Major contract - use this widely recognized signature flow

It's like how you have to type a whole word into a box to delete a repo on github.

That's really just a defense against deleting the wrong repo. If you're typing in the whole repo name, including the account it's under, you're very likely to know which repo you are deleting when you hit the button. (Consider the horror scenario where you both own an org repo and have a personal fork, and you mean to delete your personal fork but delete the main repo instead.)

Signing something, in the same way, is a defense against someone claiming that they really didn't mean it.

Life-or-death contract - write out 2048-bit DSA private key from memory; no, you cannot import a key file instead

The moment you write out the private key it's no longer secure. Anyone who sees it (and has a good enough memory) could copy the key to another contract.

You'd need to perform the DSA algorithm in your head on the content of the contract, using your memorized private key, and write out the resulting signature block.