Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://gladtech.social/users/cuchaz/statuses/110653055243111478">Jeff Martin (cuchaz@gladtech.social)'s status on Wednesday, 05-Jul-2023 12:40:54 JST</a><a href="https://gladtech.social/@cuchaz" title="cuchaz@gladtech.social"><img src="https://gnusocial.jp/avatar/12818-48-20221016161137.webp" width="48" height="48" alt="Jeff Martin" style="position: absolute; left: 0; top: 0;">Jeff Martin</a><div><a href="https://infosec.exchange/@varx/110652792868833296" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://infosec.exchange/@varx">@varx</a> yeah, it's a tricky problem. I'm currently looking into using k-anonymity to probabilistically anonymize the list. Ie, each recipient will have to do O(log(n)) checks to confirm their number, but an attacker will never be able to get an exact match.</p><p>Or set up some kind of shared secret or other anonymized id to use instead of the real id. This is actually a much simpler approach, but due do where the API layers land wrt ecapsulation, it's harder to design the software so each API layer makes sense.</p><p>Ugh, why is everything so difficult? :blobcat_thisisfine:</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/1734482#notice-3408043">In conversation</a><time datetime="2023-07-05T12:40:54+09:00" title="Wednesday, 05-Jul-2023 12:40:54 JST">Wednesday, 05-Jul-2023 12:40:54 JST</time> <span>from <span><a href="https://gladtech.social/@cuchaz/110653055243111478" rel="external" title="Sent from gladtech.social via ActivityPub">gladtech.social</a></span></span><a href="https://gladtech.social/@cuchaz/110653055243111478">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Jeff Martin (cuchaz@gladtech.social)'s status on Wednesday, 05-Jul-2023 12:40:54 JSTJeff Martin
in reply to
- varx/tech
@varx yeah, it's a tricky problem. I'm currently looking into using k-anonymity to probabilistically anonymize the list. Ie, each recipient will have to do O(log(n)) checks to confirm their number, but an attacker will never be able to get an exact match.
Or set up some kind of shared secret or other anonymized id to use instead of the real id. This is actually a much simpler approach, but due do where the API layers land wrt ecapsulation, it's harder to design the software so each API layer makes sense.
Ugh, why is everything so difficult? :blobcat_thisisfine:
In conversationWednesday, 05-Jul-2023 12:40:54 JST from gladtech.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice