- From: Stefan Thomas <stefan@ripple.com>
- Date: Tue, 20 Oct 2015 08:50:58 -0700
- To: Dave Longley <dlongley@digitalbazaar.com>
- Cc: public-interledger@w3.org
- Message-ID: <CAFpK0Q3_OXnxA02B6qYP+Eogv2G-wcbc9eMmhHm1ZQ4DOn_3Cg@mail.gmail.com>
That's a great question! The information that connector would gain at a minimum is how much money moved from which ledger to which. I don't see an easy way around that, since the connector needs to know its own balances for a variety of reasons. Other than that they learn certain metadata like the time the payment took place and which IP address the requests came from. In the reference implementation's ledger protocol they also learn the account IDs of the participants to their left and their right, but that's a factor of the specific ledger protocol. It would be possible to design a ledger protocol with stronger privacy guarantees. Interestingly, the sender's privacy depends primarily on their ledger and the recipient's privacy depends primarily on their ledger. That is assuming that do not share any information about each other with third parties. As a final thought, connectors may require certain information about the payment path or the sender/recipient beyond what is technically required. If this is a concern, it may factor into the sender's choice of connector. On Tue, Oct 20, 2015 at 8:17 AM, Dave Longley <dlongley@digitalbazaar.com> wrote: > All, > > I asked a question during the interledger presentation inquiring about > what information is leaked about senders/recipients to connectors. The > question was answered from the perspective of an "altruistic" connector, > essentially that connectors don't need to know all that much so they'll > only use whatever is necessary to help complete a payment. > > However, I was thinking more of rational or byzantine connectors. Is > there anything in the protocol to discourage entities from creating > connectors that provide cheap paths to complete payments -- so that they > can, for instance, track (and potentially sell) sender or recipient > behavior? Is there anything in the protocol to help protect privacy? > > While it appears that the protocol does a lot to guard against > adversaries that seek to attack the payments themselves, but what about > other attacks or "abuse" of meta-data? By introducing third parties > (connectors) into the payments process, there may be other undesirable > behaviors that aren't directly related to payments that need to be > mitigated. > > > -- > Dave Longley > CTO > Digital Bazaar, Inc. > http://digitalbazaar.com > >
Received on Friday, 23 October 2015 16:18:16 UTC