Abuse of the word "anonymous" #26
Comments
|
There are indeed a few places where the pseudonyms don't seem to be impossible to trace: 1/ It is mentioned they are generated by the server which "knows" they are linked to your application. Since the application comes from an IP address, there is already a trace between the pseudonyms and an IP address and then a trace between each pseudonyms available to the authority 2/ At every "exposure status request" there is again the connection metadata that is available. There is also all the other pseudonyms which could be used to create a social graph and help for identifiying users. So unless there is a mecanism to protect the connection metadata from the authority, there is already some important information linked to the pseudonyms. Knowing that fixed IP addresses (many of the boxes at home or at work) are already reversable to geo-location by anybody and most of the IPs are reversable to the customer by the operators, it's not clear how the anonymity is a given here |
|
As long as IDs are generated centrally, anonymous cannot be used. |
|
Honest but curious is not even enough, it should be changed to trusted. The authority is required to delete messages (that could be used to reconstruct social graphs), a curious authority will not delete anything. So the whole assumption in this part of the attacker model is wrong in my opinion.
|
I'm afraid you are talking about something different. I mentioned the fact that ROBERT is not anonymous. You speak about the fact that pseudonyms can be linked to external identities, which is an important problem but not the same. |
See ticket #13 |
It seems that the ROBERT document uses "anonymous" quite liberally. The worst is "anonymous
pseudonym" (an oxymoron) in the summary document. Anonymity requires the lack of traceability. If identifiers are permanent, they cannot be called "anonymous". This sloppy use of "anonymous" is common in the paper.
The text was updated successfully, but these errors were encountered: