Closing the Gap between Sender Anonymity and Abuse Mitigation
You just can’t win with the Internet! At its best, it is the greatest machine ever constructed and can spread knowledge to every single person on the planet. At its worse, it is a cesspit of evil doing and abuse.
So now a new paper aims to tread this fine line, and try and support privacy, whilst supporting abuse mitigation [here]:
With sender-anonymous end-to-end encrypted messaging, an abusive person could send messages to a user, without revealing their identity. For this Signal has added a feature that integrates an abuse mitigation mechanism which will block users who send abuse to other users. The paper outlines that it is a weakly defined method in terms of its anonymity features, and also that an abusive person can drain the battery of a victim — defined in the paper as a griefing attack.
To overcome these problems, the research team propose Orca, and which allows users to create a privacy-preserving blocklist. The user then never learns the identity of the person, but the platform can check if someone is on this list. This involves a group signature scheme.
