Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://gladtech.social/users/cuchaz/statuses/110657401154875400">Jeff Martin (cuchaz@gladtech.social)'s status on Wednesday, 05-Jul-2023 12:40:44 JST</a><a href="https://gladtech.social/@cuchaz" title="cuchaz@gladtech.social"><img src="https://gnusocial.jp/avatar/12818-48-20221016161137.webp" width="48" height="48" alt="Jeff Martin" style="position: absolute; left: 0; top: 0;">Jeff Martin</a><div><a href="https://gladtech.social/@cuchaz/110656799301241124" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://infosec.exchange/@varx">@varx</a> Oh snap. I think I poked a huge hole in my contact graph anonymity scheme. :blobcatverysad: </p><p>The senders can't be anonymous for ... reasons. But the hope was at least the recipients can be anonymous and that would be enough to prevent eavesdroppers from harvesting contact graphs.</p><p>Turns out I can anonymize message recipient lists all I want, but as soon as a recipient ever responds, their signature is on the response. A simple signature verification operation using a list of all known identities could very quickly reveal the responder's (and therefore the recipient's) identity.</p><p>I mean sure, I could setup shared secrets for every pair of identities to hide identity info from eavesdroppers, but managing that many secrets would be a huge pain in the ass. Do not want!</p><p>Ugh. Privacy is hard. I'm not sure contact graph anonymity is worth it anymore.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/1734482#notice-3408050">In conversation</a><time datetime="2023-07-05T12:40:44+09:00" title="Wednesday, 05-Jul-2023 12:40:44 JST">Wednesday, 05-Jul-2023 12:40:44 JST</time> <span>from <span><a href="https://gladtech.social/@cuchaz/110657401154875400" rel="external" title="Sent from gladtech.social via ActivityPub">gladtech.social</a></span></span><a href="https://gladtech.social/@cuchaz/110657401154875400">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Jeff Martin (cuchaz@gladtech.social)'s status on Wednesday, 05-Jul-2023 12:40:44 JSTJeff Martin
in reply to
- varx/tech
@varx Oh snap. I think I poked a huge hole in my contact graph anonymity scheme. :blobcatverysad:
The senders can't be anonymous for ... reasons. But the hope was at least the recipients can be anonymous and that would be enough to prevent eavesdroppers from harvesting contact graphs.
Turns out I can anonymize message recipient lists all I want, but as soon as a recipient ever responds, their signature is on the response. A simple signature verification operation using a list of all known identities could very quickly reveal the responder's (and therefore the recipient's) identity.
I mean sure, I could setup shared secrets for every pair of identities to hide identity info from eavesdroppers, but managing that many secrets would be a huge pain in the ass. Do not want!
Ugh. Privacy is hard. I'm not sure contact graph anonymity is worth it anymore.
In conversationWednesday, 05-Jul-2023 12:40:44 JST from gladtech.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice