The enumeration attacks can become a real concern if IDs are not thoroughly decoupled from any de-anonymizing information. Thus any network is faced with a trade-off between usability and the anonymity of its users, often expressed through a policy governing what can be used as an account ID. In fact, even without assisted contact discovery other techniques may be available to an attacker so he/she can enumerate IDs with associated accounts. More privacy-aware systems only allow users to upload a one-way hash of each contact’s ID rather than send the ID in the clear.Īn inherent downside to assisted contact discovery is that it enables an attacker to enumerate IDs by creating an address book with a list of potential IDs and joining the network to find matching accounts. Yet, revealing user contacts to the network’s server is bad from a privacy standpoint. Most social networks also allow users to automatically check which of their known contacts already have accounts on the network. The idea being that a new user perhaps already has that information for their closest contacts, so why not make it easy to populate one’s address book within the app? To facilitate this somewhat arduous procedure, networks often opt for linking user IDs to pre-existing identifying information such as emails or phone numbers. When a user joins a social network one of her first tasks is to build a contact list. maintaining user privacy and trade-offs this conflict imposes and 2) how Wickr navigates this conflict when making its design choices in both Wickr Messenger and our business products. I’d like to run through some of the points made in various blog posts and comment threads to help our users and public at large understand a couple of things: 1) the inherent conflict between helping users with contact discovery vs. We have been following with interest an ongoing conversation about Signal’s design choice for contact discovery.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |