← Back to context

Comment by AnthonyMouse

4 hours ago

The cryptography provides nothing to establish that this separation is actually being maintained and there is plenty of evidence (e.g. Snowden) of governments doing exactly the opposite while publicly claiming the contrary.

On top of that, it's a timing attack, so all you need is the logs from both of them. Government gets breached and the logs published, all the sites learn who you are. Government becomes corrupt/authoritarian, seizes logs from sites openly or in secret (and can use the ones from e.g. Cloudflare without the site itself even knowing about it), retroactively identifies people.

2 comments

AnthonyMouse

Reply
hirsin  2 hours ago

I'd review the setup here. You're missing the critical distinction that the cryptography supports - separating entirely (in time and space) the issuance of the cred to the user and the use of that cred with a website.

Unless you're getting the device logs from the users device (in which case... All of this is moot) there is no timing attack. Six months ago you got your mobile drivers license. And then today you used it to validate your age to a website anonymously. What's the timing attack there.

  • AnthonyMouse  1 hour ago

    If the driver's license can generate new anonymous tokens itself then anyone can hook up a driver's license to a computer and set up a service to sign for everybody. If it can't, whenever you want to prove your age to a service you need to get a new token from a third party, and then there is a timing correlation because you're asking for the token right before you use the service.

    The article proposes a hypothetical solution where you get some finite number of tokens at once, but then the obvious problem is, what happens when you run out? First, it brings back the timing correlation when you ask for more just before you use one, and the number of times you have to correlate in order to be unique is so small it could still be a problem. Second, there are legitimate reasons to use an arbitrarily large number of tokens (e.g. building a search index of the web, content filters that want to scan the contents of links), but "finite number of tokens" was the thing preventing someone from setting up the service to provide tokens to anyone.