[Canada]

DocuSign doesn't really do anything to reasonably guarantee that it was any particular person who signed the PDF. Not that it really matters. If there was something worth suing over then usually there will be plenty of other evidence as to who signed the agreement.

Really the only thing that DocuSign does is timestamp the actions on the document. In order to get that a self hosted implementation would need some kind of third party system to act as a witness.

[haswell]

They’re capturing more than just timestamps. If possible, they’ll associate a signature with a DocuSign profile, which itself has a history of interactions with DocuSign servers. They also capture associated emails, IP/browser info, drop cookies, location data if enabled, etc.

None of this guarantees Person A signed the doc, but the point is to systematically collect as much info as possible to be used if someone does sue, and to check the boxes that customers need checked in a consistent manner that they can sell as an effective solution that stands up in court.

I’m not saying they’re doing anything unique here, but customers - especially enterprise customers - buy it for all of these things, not just because it makes coordinating many signatures easier.

The typical “no one gets fired for buying DocuSign” adage applies here.

[zokier]

Depends on country how much verification DocuSign is able to do, and also the higher levels of verification are opt-in. In some countries it can be backed with fairly strong auth schemes, in other places stuff like video calls are used.

This link has list of different IDs they support in different countries:

https://support.docusign.com/s/document-item?language=en_US&...

[colechristensen]

Do you know what DocuSign is doing on the backend, what logs they're keeping and data they're tracking?

[Canada]

I know that I can sign things on a brand new device without making an account. They can log what any web site can log. None of it really proves anything, except as other commenters pointed out - if I sign tons of stuff with the same browser/session, with an account I made, or if I used some premium ID verification they offer. (which I've never done)

My point that it doesn't really matter that much. If I DocuSigned some contract, delivered work described in the contract, maybe got paid for some of that, and then later some dispute comes up.. at that point we're arguing about terms or other facts.. Neither party is going to be in any position to argue "oh I never DocuSigned that agreement" because all of the other work and communication and transactions are enough to prove that's not true.