Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple accounts ? #67

Open
flesueur opened this issue Jun 11, 2020 · 2 comments
Open

Multiple accounts ? #67

flesueur opened this issue Jun 11, 2020 · 2 comments

Comments

@flesueur
Copy link

Hello,

From the StopCovid gitlab, it appears there is no mitigation to prevent the creation of multiple accounts (https://gitlab.inria.fr/stopcovid19/robert-server/-/issues/29 , https://gitlab.inria.fr/stopcovid19/stopcovid-android/-/issues/25 ) . Captcha is acknowledged to not address this issue.

The Robert proposal is demonstrated and analyzed with the hypothesis that there is a guarded entry (tokens, proof of work) to prevent multiple accounts.

Since multiple accounts allow to deduce at which time of the day we encountered an alert, it would severely hinder the expected privacy properties, right ?

Cheers,
Francois
@superboum
Copy link

superboum commented Jun 11, 2020
edited
Loading

Seems related to #46.
I hope that now they will consider the issue...

An excerpt:

Limiting the profile registration (ie: preventing Sybil attacks) would be needed to prevent an attacker from deanonymizing users. However, the mechanism presented is too weak to protect against even basic Sybil attacks:

A proof-of-work (PoW) system (like a CAPTCHA) is implemented in order to avoid automatic registrations by bots or denial of service attacks (the details of this PoW system are out of scope of this document).

Indeed, it is cheap and fast to hire micro-workers via platforms like Amazon Mecanical Turk to solve CAPTCHAS. But even more simply, it is not too long to solve ~10 CAPTCHA per days (just try to browse Google websites behind Tor to be convinced). Furthermore, many CAPTCHAs today work by collecting lot of data on the user behaviour and relaying on the fact the user is logged on the CAPTCHA provider services.

I claim that the only option would to require users to connect on the service via the FranceConnect portal. It would then de-anonymize users totally from the authorities. It would then break the defined threat model by ROBERT:

I am still waiting for a convincing answer...

@flesueur
Copy link
Author

Definitely related. Only novelty is that we now have the concrete code which, obviously, does not do anything against that. So I'd like to follow the opposite direction in this ticket : given the published code, what is the feeling of the Robert team on this aspect ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@superboum @flesueur