1
0
mirror of https://github.com/DP-3T/documents.git synced 2024-12-04 07:05:43 +01:00

clarified anonymous communication question

This commit is contained in:
Carmela Troncoso 2020-04-07 23:46:44 +02:00 committed by GitHub
parent f22559112a
commit f9c5ba5072
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

8
FAQ.md
View File

@ -98,11 +98,9 @@ protocol.
### P5: Why not use mixnets or other anonymous communication systems to query the server?
Our design does not rely on anonymous communication systems to provide its
privacy properties, it only uses a small amount of dummy messages to hide
uploads to the backend and epidemiologists.
Our design uses a small amount of dummy messages to provide traffic analysis protection for uploads to the backend and epidemiologists with respect to network adversaries. The use of a mixnet, Tor or other anonymous system would in addition conceal the IP address of users submitting reports with respect to the backend.
We considered using an anonymous communication system to efficiently query the server. However, we decided against doing so for the following reasons:
We considered using an anonymous communication system. However, we decided against doing so for the following reasons:
1. Relying on any form of anonymous communication system increases the
complexity of the system. Both in terms of integrating anonymous
communication into the app, as well as the server infrastructure needed to
@ -116,6 +114,8 @@ We considered using an anonymous communication system to efficiently query the s
global passive adversary or not? How well does the system protect against
intersection attacks?
In future versions of the app, if an approppriate anonymous communication network appears, we may include the option of submitting data anonymously to the backend.
### P6: Why do infected people upload a seed (which enables recreating `EphIDs`) instead of their individual EphIDs ?
This is a choice that is made purely for performance reasons. It is much more