From f9c5ba50726652f914869dab8ebf07877aa4a81d Mon Sep 17 00:00:00 2001 From: Carmela Troncoso Date: Tue, 7 Apr 2020 23:46:44 +0200 Subject: [PATCH] clarified anonymous communication question --- FAQ.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/FAQ.md b/FAQ.md index b76fd75..9de6700 100644 --- a/FAQ.md +++ b/FAQ.md @@ -98,11 +98,9 @@ protocol. ### P5: Why not use mixnets or other anonymous communication systems to query the server? -Our design does not rely on anonymous communication systems to provide its -privacy properties, it only uses a small amount of dummy messages to hide -uploads to the backend and epidemiologists. +Our design uses a small amount of dummy messages to provide traffic analysis protection for uploads to the backend and epidemiologists with respect to network adversaries. The use of a mixnet, Tor or other anonymous system would in addition conceal the IP address of users submitting reports with respect to the backend. -We considered using an anonymous communication system to efficiently query the server. However, we decided against doing so for the following reasons: +We considered using an anonymous communication system. However, we decided against doing so for the following reasons: 1. Relying on any form of anonymous communication system increases the complexity of the system. Both in terms of integrating anonymous communication into the app, as well as the server infrastructure needed to @@ -116,6 +114,8 @@ We considered using an anonymous communication system to efficiently query the s global passive adversary or not? How well does the system protect against intersection attacks? +In future versions of the app, if an approppriate anonymous communication network appears, we may include the option of submitting data anonymously to the backend. + ### P6: Why do infected people upload a seed (which enables recreating `EphIDs`) instead of their individual EphIDs ? This is a choice that is made purely for performance reasons. It is much more