From 721b3e104f421fef9c97b75cb67e83df494f026e Mon Sep 17 00:00:00 2001 From: inga-lovinde Date: Sun, 12 Sep 2021 19:27:41 +0200 Subject: [PATCH] Updated threat models --- docs/threat-models.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/docs/threat-models.md b/docs/threat-models.md index 4979b3b..5b1e95b 100644 --- a/docs/threat-models.md +++ b/docs/threat-models.md @@ -26,14 +26,23 @@ All requests should be signed. ### Brute-forcing sympathies One of the attacks of that kind would be an user submitting their sympathies to literally everybody else, -in order to extract all the other user's data of the kind "do they like me", +in order to extract all the other users' data of the kind "do they like me?", which would defeat the purpose of this system. One way to combat this would be to introduce rate limiting, so that every user can only have no more than a fixed amount of non-mutual sympathies at any given moment, and so that they will only be able to remove a non-mutual sympathy after at least a fixed amount of time has passed. -For example, that could be at most ten non-mutual sympathies, and at least a month until a non-mutual sympathy can be removed, freeing one of the ten slots. +For example, that could be at most ten non-mutual sympathies, +and at least a month until a non-mutual sympathy can be removed, freeing one of the ten slots. + +### Colluding + +Another attack would be two users, X and Y, colluding with X submitting their meta sympathies to Y+everybody else, +and Y submitting their meta sympathies to X+everybody else, +in order to extract all the other users' data of the kind "do they like X and Y simultaneously and willing to find about meta sympathies?" + +This is probably not a very important issue. ## MITM attacks