top | item 24496233

(no title)

inputmice | 5 years ago

As someone who has thought a good deal about contact discovery the mitigation techniques section is actually pretty interesting. Quicksy.im, an XMPP client but based on phone numbers and with built in contact discovery, I developed ~2 years ago, already does very strict rate limiting, but the paper mentions some other techniques as well that I should probably look at.

discuss

bigiain|5 years ago

Like with websites and password managers, rate limiting works fine when going via the expected auth service. Doesn't help at all when NSA/MSS/Mossad have popped the contact hash database off Whispersystem's backend.

(Admittedly, if that's your threat model, I hope you have enough magic amulet's in the submarine you now live in...)