[messaging] the Whisper problem

Ian Goldberg ian at cypherpunks.ca
Fri Oct 17 06:05:14 PDT 2014


On Thu, Oct 16, 2014 at 05:09:47PM -0700, elijah wrote:
> What could Whisper do if it wanted to make its claims of "we can't know"
> into a reality?
> 
> How about this?:
> 
> The app could require a Facebook login (or whatever the kids are using
> these days with a horrible policy that disallows pseudo identities). The
> user would then get Whisper points for each day of activity on Facebook
> (that Whisper determined was not the product of a robot, no small task).
> The app then connects via Tor to Whisper servers to exchange these
> points for a "whisper token" using an unlinkable blind signature
> (Camenisch-Lysyanskaya?).
> 
> Every user gets a unique identifier composed by HMAC(facebook-login,
> device-id). Every message gets a random uuid (to check for replies).

Once you have the above, you actually have the hard part solved for
anonymous blacklisting systems, which can help address the abuse
problem.

   - Ian


More information about the Messaging mailing list