The purpose of this thread is to discuss and collate security issues with no concrete plan for resolution. Kind of like a github in this great forum.
I feel we should discuss any percieved security risks, their severity and propsed mitigations. Please tile your percieved security risk. In addition provide a PSI# (perceived security issue number) in numerical sequence relative to the previous post.
Please follow the format below for easy readability and item discovery.
Relay Chunk Fingerprinting Attack
Uploaded files can be tied back to the content provider. Liability issues may arise.
A resourceful attacker collects offending files/data (music, movie, games etc) from various sources online then generates a growing database.
The attacker, acting as a relay node, monitors chunks uploaded by clients connected to it.
Using a clients Public Key, an attacker could use the very same convergent encryption method used by maidsafe.
The attacker uses the target clients Public key to self encrypt the files in the database of offending data. If any of the resulting chunks match the chunks that passed through the attackers machine while acting as a relay, the uploader can then be held liable.
After the initial self encryption is completed, a node other than the relay (lets call it node 3 ) provides the client with its Public key via an encrypted message. The client then further encrypts each chunk with node 3s’ PK. The upload commences and the malicious relay is left with nothing useful.
Please respond by first including the the PSI# in bold characters. Linked replies on discourse usually only have a picture/icon associated and require a click to expaned the post that is being responded to. It’s IMO tedious and not as easy for browsing.