Proof of work setting allows address correlation

[nimdahk]

Summary

Sending a message to a recipient with a nonstandard proof-of-work requirement allows the sender to determine whether or not the originating address is part of the receiver's address book. This poses a problem because it allows address correlation.

Reproduction steps

• Alice has a proof-of-work setting of 2.
• She maintains two addresses, A1 and A2, which she does not want correlated.
• A1 communicates with Bob frequently, so Alice adds his address, B1, to her address book.
• Bob can now confirm that A1 and A2 are the same person by sending each two messages, one from B1 and one from B2. B1 will be notified by both A1 and A2 that it only needs a proof-of-work difficulty of 1, while B2 will not.

---

Suggested remedy: Remove the custom proof of work functionality, at least from the client. Source: https://bitmessage.org/forum/index.php/topic,2969.0.html

[Atheros1]

This is a UI problem. Alice wants A1 to be friendly with Bob but A2 to not be friendly. We need to control that somehow.