So, I'm an +Ingress player, as more than a few of you know. The game is a lot of fun, but there are some unique challenges to it. For instance, the in game communication system is not secure. Both sides have players with accounts on each side (Resistance agents have Enlightened accounts, and vice versa, specifically to watch for intel on what the other side is doing).

Because of that, there is a need to communicate outside of that channel. This produces new needs: How can you verify that the person you are talking to actually is the owner of the account, once you switch to a different channel?

To put it differently: If you start talking to AgentA via the Ingress app, and then switch to Google+ Hangouts, how can you be sure that you're still talking to AgentA, and not AgentB, which is actually from the other team, but was observing, and interjected himself into the Google+ conversation strategically, claiming to be AgentA?

Here's a solution to that problem, and it will work regardless of distance. You can do it face to face, or you can do it from around the world.

First up: You need to know the agent name of the person you wish to talk to outside of the comm channels. Find that via whatever means you would use.

From the intel map (not your scanner, since that obviously won't work for this), pick a random remote location where nothing appears on the comms. Middle of the ocean, somewhere over the Sahara, north pole, south pole, heart of the Amazon river basin, whatever. Start with this location to reduce the chance of the other side even knowing you're trying to make contact. From here, send an @message to the person you are trying to contact.

Give that person the information needed to contact you off-comms. Use http://bit.ly/15XDRZI for instructions on how to give a good bit.ly URL that makes sense. Create a throwaway email account, and use that as another method. A good message will look like this:

@ingressagent I need help in your. Please contact me via http://bit.ly/url or myemail@example.com so we can discuss.

You might need to try out several people, but the replies will happen at some point. Now, the next question: How do you know that the reply came from the person you contacted, and not someone who simply saw your message by accident?

At this point, the two of you need to exchange some made up phrases. Pick a few random words. It doesn't matter what they are, just that they are not things that would normally appear in conversation. "My name is Inigo Montoya" would be bad. "butterfly camera trap" would be a good one.

Each of you gives a random phrase to the other, and then you each take the phrase that was given, and send that (via @message) over the comms to the person you're trying to reach. So, for instance, if you chose to use "butterfly camera trap", the person you are speaking to would send that to you via comms, and you would send the one they gave to you to them.

You will now have confirmed that the person you are speaking to on Google+ is the agent you are trying to speak to. This is not the end of security, though. That account could belong to a player of the opposing faction who is cheating.

You should still find another means of verifying that the player you are speaking to is actually someone you should be speaking to. I don't have advice for that one. Not yet, anyway.
Shared publiclyView activity