W3C home > Mailing lists > Public > public-interledger@w3.org > October 2015

Re: Interledger and Privacy

From: Stefan Thomas <stefan@ripple.com>
Date: Tue, 20 Oct 2015 08:50:58 -0700
Message-ID: <CAFpK0Q3_OXnxA02B6qYP+Eogv2G-wcbc9eMmhHm1ZQ4DOn_3Cg@mail.gmail.com>
To: Dave Longley <dlongley@digitalbazaar.com>
Cc: public-interledger@w3.org
That's a great question! The information that connector would gain at a
minimum is how much money moved from which ledger to which. I don't see an
easy way around that, since the connector needs to know its own balances
for a variety of reasons.

Other than that they learn certain metadata like the time the payment took
place and which IP address the requests came from.

In the reference implementation's ledger protocol they also learn the
account IDs of the participants to their left and their right, but that's a
factor of the specific ledger protocol. It would be possible to design a
ledger protocol with stronger privacy guarantees.

Interestingly, the sender's privacy depends primarily on their ledger and
the recipient's privacy depends primarily on their ledger. That is assuming
that do not share any information about each other with third parties.

As a final thought, connectors may require certain information about the
payment path or the sender/recipient beyond what is technically required.
If this is a concern, it may factor into the sender's choice of connector.

On Tue, Oct 20, 2015 at 8:17 AM, Dave Longley <dlongley@digitalbazaar.com>
wrote:

> All,
>
> I asked a question during the interledger presentation inquiring about
> what information is leaked about senders/recipients to connectors. The
> question was answered from the perspective of an "altruistic" connector,
> essentially that connectors don't need to know all that much so they'll
> only use whatever is necessary to help complete a payment.
>
> However, I was thinking more of rational or byzantine connectors. Is
> there anything in the protocol to discourage entities from creating
> connectors that provide cheap paths to complete payments -- so that they
> can, for instance, track (and potentially sell) sender or recipient
> behavior? Is there anything in the protocol to help protect privacy?
>
> While it appears that the protocol does a lot to guard against
> adversaries that seek to attack the payments themselves, but what about
> other attacks or "abuse" of meta-data? By introducing third parties
> (connectors) into the payments process, there may be other undesirable
> behaviors that aren't directly related to payments that need to be
> mitigated.
>
>
> --
> Dave Longley
> CTO
> Digital Bazaar, Inc.
> http://digitalbazaar.com
>
>
Received on Friday, 23 October 2015 16:18:16 UTC

This archive was generated by hypermail 2.3.1 : Friday, 23 October 2015 16:18:17 UTC