Hacker News new | past | comments | ask | show | jobs | submit login

Blockchain-based, so pure bitcoin-style blockchain implementation isn't necessary. It probably wouldn't be that big of an obstacle adding a trimming mechanism by, for example, maintaining a group of sub-chains.

To limit the granularity of data being stored, it would only be used at authentication endpoints, to create a private session. Once you've identified yourself as reputable with a OTP that doesn't reveal anything about your actual internal ID, you can transfer secrets and further authentication is not necessary.

The system would employ paranoid homomorphic encryption [0] and a fuzzy API. Hardly a worthwhile vector for analysis compared to the standard MitM attacks applied today by state agencies and ISPs.

[0] https://en.wikipedia.org/wiki/Homomorphic_encryption




I think the problem runs deeper than you're considering. The entire purpose of this service, as you're describing it, is to allow web sites to access information on what other sites their users have visited (and, presumably, to read "reputation" annotations made by those sites), and to use that to make access control decisions. The privacy violations involved are inherent to that purpose; you can't wipe them away by throwing "but with encryption" at the problem.


I don't mean to shut down your criticism, but how does it present a vulnerable security model?


Privacy is a component of security. Systemically violating your users' privacy is a security issue -- period.

If your "security models" don't recognize this as an issue, you need to change those models.


Privacy and security are two separate domains. But even then, how does this violate anyone's privacy in any way that existing authentication protocols do not?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: