Replies: 8 comments 6 replies
-
we could ping ALL devices which enroll for silent push notifications when a round is about to happen up to 2x per hour. Upon receipt, Chaincase can check from the background if it has queued for the round and if so start to tor process and complete signing in <3 minutes. But unfortunately the OS may choose to delay posting the notification as low-priority and not check. In that case, it's possible to simply wait for the next round. This has the trade off of exposing user ip addresses to Chaincase server, but not in a way that coordinates an ip with a queued output. Still, it is worth considering the danger that it may be possible, over a long enough time period to conduct a timing attack or a partition attack (similar to this WabiSabi issue) by selectively serving these push notification to devices the coordinator believes wants to CoinJoin, and then correlating outputs their ip depending which outputs continue the process and which don't. Because some users may CoinJoin from desktop Wasabi or move their Chaincase app to the foreground, there may be sufficient randomness to thwart such attacks practically. There is more research to be done here as to the actual trade off and dangers vs improved user experience and improving users' ability for successful CoinJoin cc: @nothingmuch |
Beta Was this translation helpful? Give feedback.
-
OK so there's an opaque (encrypted?) device token that only APN can decode, but it's a long lived per device identifier and it can't be refreshed from the API, only the OS decides. Apples says it's important not to use this device token for identification which I'll take to mean that it's possible to do that. Perhaps a model that can work is that clients can opt in for maybe a whole week's worth of silent notifications, and then assuming the provider tokens are not replayable and use asymmetric crypto (i think it's possible with both certificates and JWT, for sure with certificates if you just expose the ephemeral key of the TLS connection after but I don't know what other information is given) the server could use TLS notary to make the transcript less repudiable, and this could be opentimestamped and latest block hash could also be included in the payload somewhere to constrain time. Since device tokens are per device-app pair, it may be safe to then publish an audit log of all push notifications sent, and to not allow any opt out mechanism except through apple's error codes, i.e. so long as the transcript shows successful notification posts, the same device ID has to be notified during the next notification round and so on, until the subscription expires. By making subscriptions coarse grained and not providing an opt out operation but only expiry the set of notified users is larger, thereby providing better privacy, and by publishing the transcripts with the APN api anyone can verify that the coordinator claims to have notified them at some point in time, and with TLS notary, that a 3rd party witnessed them doing that. Without such a 3rd party the claim is useless, because apple or the device may unilaterally drop notifications, giving the coordinator plausible deniability. |
Beta Was this translation helpful? Give feedback.
-
Another way to improve Chaincase CoinJoin ahead of push notifications may be to show who queued / registered historically, since the connection isn't stable. Though it could be gamed, it could give people more confidence to queue and help promote network effects to accelerate |
Beta Was this translation helpful? Give feedback.
-
@armins88 let's see if we can extend the backend status to include the number of users who have queued in this coinjoin period (regardless of whether they DQd or not) One requirement of this is to remain compatible with Wasabi client. So, the back end should maintain a count of how many have queued and supply it to chaincase clients, but it should not break compatibility with the Wasabi front end. I think this is possible because it only adds a piece of data. |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
On Android we can do push notifications without Google Services by using https://github.com/microg/GmsCore/wiki from MicroG |
Beta Was this translation helpful? Give feedback.
-
One interesting thing about push notification registration is we get a rough count of active users. Every time the app is open users who have notifications enabled should push us a unique token. We could also display something extrapolated from this this back to users along with those registered to CoinJoin |
Beta Was this translation helpful? Give feedback.
-
Unlike other systems iOS limits background processes' resources and execution time opportunistically. The only way to get a task as heavy as Signing a CoinJoin to happen at a scheduled time is with an external push notification, which increases the attack surface on users' privacy via timing data revealed to the push server.
Right now the only way to CoinJoin is to foreground the chaincase app on schedule. That's helped out with a notification. What else can be done here?
Oh, and background task fire at a minimum of 15 minutes from when they're scheduled.
affects: 10
importance: 10
difficulty: 9
Beta Was this translation helpful? Give feedback.
All reactions