The main security consideration ... is that a querying node have to reveal their content filters of interest to the queried node, hence potentially compromising their privacy.
Light protocols, in general, have weaker privacy properties than P2P protocols. In a client-server exchange, a client wants to selectively interact with the network. By doing so, it often reveals what it is interested in (e.g., subscribes to particular topics).
A malicious Store server can spy on a client in the following ways:
track the topics the client is interested in;
analyze the periods of history interesting for the client;
analyze the timing of requests;
link requests made by the same client.
Privacy-preserving service credentials may be one (not necessarily sufficient) countermeasure - see #60 .
Citing the Store specification:
Light protocols, in general, have weaker privacy properties than P2P protocols. In a client-server exchange, a client wants to selectively interact with the network. By doing so, it often reveals what it is interested in (e.g., subscribes to particular topics).
A malicious Store server can spy on a client in the following ways:
Privacy-preserving service credentials may be one (not necessarily sufficient) countermeasure - see #60 .