What happens with lack of mixnets / if server logs IP ? #66
Comments
|
Hi, Is this github still alive, or not ? Cheers, |
|
Be careful, the report is for decentralised protocols. In particular for server logs recommendations, it is not at all what one would expect for an implementation of Robert. As the protocol itself is self-informative and servers processes anyway do not require logging at all in order to forge responses or implement countermeasures for DoS attacks. |
|
Yes, of course the DP3T doc is for decentralized protocols. In their case, servers are less critical (regarding privacy), yet they considered the overall infrastructure and that they should provide some guidelines for logging, in order to preserve coherency. I just pointed this for reference, since it addresses this type of concern. In the case of Robert, since server is much more critical, more logging surface would be critical and it would be interesting to tackle these aspects of the surrounding infrastructure of the server. |
Hello,
From the StopCovid gitlab, it appears there is no mixnet implementation (https://gitlab.inria.fr/stopcovid19/robert-server/-/issues/31) and that hosting security features seem to monitor personal data such as IP (https://gitlab.inria.fr/stopcovid19/robert-server/-/issues/30#note_349492)
The Robert proposal is demonstrated and analyzed with such anonymization features, features which lack in the implementation.
I know that the implementation is not on your side. But what parts of the expected privacy properties from your proposal may be hindered by not implementing mixnets/logging IPs ?
Cheers,
Francois
The text was updated successfully, but these errors were encountered: