![]() ![]() What do you think? Does this attack work? Did I miss something? Regardless of the scheme proposed in the OWS post, I believe that Alice’s entire contact set would be exposed to Mallory. Mallory, noticing that the phone numbers are enumerable (they’re just numbers with special formatting, after all), enumerates every valid phone number and “pretends” (for the purposes of these schemes) they every phone number is associated with a user signed up to the service. If this was true in the Private Contact Discovery case, then I think the suggested OWS approaches would work well, but this is not the case.Ĭonsider for illustrative purposes an attack where a malicious actor, Mallory, provides a social service that Alice wishes to sign up to and perform Private Contact Discovery with. So far as I’m aware, most privacy-preserving intersection schemes assume that each participant has a set of private data, not known to the other participant. An attack on the Open Whisper Systems (OWS) proposals TL DR on the problem we’re trying to solveĪ user, Alice, is signing up to a social service run by Bob, and would like to discover which contacts in her contact book have signed up to Bob’s service, so Alice can add/follow/message them etc. This short post discusses the Open Whisper Systems post ‘ The Difficulty Of Private Contact Discovery’, a classic in this space that I have referred to often and am very grateful to them for publishing. I believe it’s important for us to enable social applications such as future messaging clients to be built on the Open Web, and for these to be able to bootstrap their social graph from the local contact book. ![]() Issues with Open Whisper Systems approach to Private Contact DiscoveryĬontext: I am currently researching Private Contact Discovery in attempt to determine if there’s a feasible way to bring an API to enable this to the Web Platform. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |