Open tholop opened 1 year ago
For the first problem some client side bound could help, for example the proposal of using rate limiting PAT: https://github.com/cpriebe/draft-priebe-ppm-dap-reportauth. But it is indeed to hard to limit same user data form multiple devices. ClientIPs and timestamps can be mitigated by a anonymous proxy like OHTTP, in DAP there is also a time precision field in task config to avoid revealing exact timestamp.
Keeping track of something we discussed with @cjpatton: some notions of DP are not achievable with DAP, at least in the current form of the protocol. For instance: