degregat
commented
4 years ago Yes we have thought about that, and the approach of CoEpi (which I just pushed a link to), has solved this already.
Closed lknik closed 4 years ago
degregat
commented
4 years ago Yes we have thought about that, and the approach of CoEpi (which I just pushed a link to), has solved this already.
lknik
commented
4 years ago So will this risk (+treatment) be documented?
dwt
commented
4 years ago @lknik The protocol documented here also tries to solve this by hashing the private ids before publishing them via bluetooth, thus preventing everyone else from publishing something in my name.
It is however something that might not have been documented yet, working on that.
degregat
commented
4 years ago @dwt It's not, you're right. Weighing the up and down sides of the different approaches. @lknik There will be updates today, including spam mitigation.
degregat
commented
4 years ago Updated now. I also added an enumeration of the attacks we thought about so far. If others come to mind, please let us know. Also do you know of approaches to mitigate spam without extra infrastructure?
Thanks for your feedback so far!
Hello,
Did you consider a risk of clients submitting to the DB real (not fake) PIDs, but in fact those of other people (i.e. those who the malicious client encountered somewhere)?
Such misuse would of course be bounded by the interval between the PID rotation and the "N past days". It might also be good to start from a random PID but to rotate it using a "chain of blocks" in counter mode (you consider this risk as something that correlates PIDs, we have here a tradeoff of privacy vs misuse/data quality, therefore)