What could Whisper do if it wanted to make its claims of "we can't know" into a reality?
How about this?: The app could require a Facebook login (or whatever the kids are using these days with a horrible policy that disallows pseudo identities). The user would then get Whisper points for each day of activity on Facebook (that Whisper determined was not the product of a robot, no small task). The app then connects via Tor to Whisper servers to exchange these points for a "whisper token" using an unlinkable blind signature (Camenisch-Lysyanskaya?). Every user gets a unique identifier composed by HMAC(facebook-login, device-id). Every message gets a random uuid (to check for replies). Token and identifier in hand, the app now lets you post a message. The message compose box show exactly what information is sent to Whisper (date, place, message, identifier, uuid). The user has the option to switch among city, province, country, or planet for place granularity (maybe in NYC the smallest unit should borough, but in Wyoming it should be state). When geolocation is disabled on the device, the app uses a local copy of the geolite country database (1mb) plus maybe a bloom filter of the city database (normally 15mb). When the user hits send, the message is routed over Tor, bundled with the token. When the server receives the message, the signature on the token is checked, expiration is checked, and token is compared to previously consumed tokens. Whisper checks to make sure that identifier has not posted messages in the past that have been flagged as abusive. Before getting posted to the network, the message is delayed some random offset. This actually gives Whisper some information they do not currently have: an identifier that ties all the user's messages from a particular device together. Maybe there is some better way that a user can prove to Whisper that they do not have a history of flagged messages? I don't know how Whisper could ensure that app has not been modified to secretly report the facebook account when a message is posted or a token requested. I assume reproducible builds are not an option when you support Facebook login in your app? I am not sure something like Whisper should exist. Anonymous communication may be necessary for democracy, but anonymous communication does not mean you need to create an engine for harassment and abuse. I imagine Whisper is only able to keep the hate speech and harassment in check with a lot of labor and a lot of analytics (and they don't seem to be doing a very good job currently, nor do they seem to care). -elijah _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
