Comments (10)
Room names are generated algorithmically by the client to have 256-bits of pseudo-entropy; however, as long as the name conforms to the syntax (43 characters, base64), it will be accepted by the system. we purposefully decided not to facilitate "vanity names", though a few of us old-timers use them.
so, it's possible to have collisions, but probably not worth worrying about.
from brave-talk.
The change seems solid to me from a security standpoint.
To be completely honest I think the room_name
should be considered a sensitive information as well, from a privacy standpoint. Is there any use for that particular name? Have you considered saving an identifier based on the room_name
?
Something like hash(room_name + nonce)
will provide us with a unique identifier without leaking sensitive information such as the organization using the service in our logs.
from brave-talk.
Something like
hash(room_name + nonce)
will provide us with a unique identifier without leaking sensitive information such as the organization using the service in our logs.
That sounds like an excellent idea @thypon, we have no need or desire to know the actual room_name. Have updated the column above.
from brave-talk.
What's the status for this issue?
from brave-talk.
Upon reflection, we realise that using a genuine nonce
- i.e. regenerated every time - as part of the room_identifier would mean that we couldn't track the usage of the room over time, a key aim of this dataset.
So we propose using a salt
that is rotated every 2-3 months instead (or possibly monthly, but no less), which would allow us to track room usage accurately over a monthly period, but still prevent longer tracking. i.e. room_identifier = hash(room_name + salt)
.
Does that sound acceptable @thypon @orspetol @kdenhartog?
from brave-talk.
I like this plan. Let's start at 3 months and we can always drop it to two. This should give us a good balance!
from brave-talk.
How is the room_name
provided? My theoretical concern with this design is that if the room_name
is user controlled two unique users could select a common room name such as test
and it would throw off the metrics here if they're generated with the same salt in use.
from brave-talk.
Sounds good, I don't see any issue with this approach.
from brave-talk.
+1 this is fine from my end.
from brave-talk.
Closed as the goals can not be easily realized given the privacy concerns.
from brave-talk.
Related Issues (20)
- do not require POAPs or NFTs for Web3 room creation HOT 2
- Error Message is not removed when there is a pending request and user reloads the page HOT 3
- `background-image` zooms when `background-size` changes due to expanding drop-downs HOT 3
- Use `setMaxListeners()` to avoid `MaxListenersExceededWarning`... HOT 1
- Filter NFTs to remove those with `spam_score >= 80` HOT 1
- Stronger warning on 24 hour video recording expiry HOT 3
- Pretty format sign cancel request message on iOS HOT 3
- Ethereum address exceeds horizontal view bounds on mobile HOT 2
- Switching accounts causes wallet address to show as 0 HOT 2
- Join without audio dropdown isn't properly aligned HOT 6
- Show generic NFT image icon when NFT image can't be fetched HOT 18
- Show actual message when a user is unable to join call because of NFT/POAP requirement HOT 3
- Web3 Talk should recognize the correct account that is used to connect to the site HOT 3
- Unable to create Web3 Talk calls on Staging HOT 2
- allow room creation with an exception list... HOT 4
- Add document presentation support HOT 1
- Add "BAT gating"
- add SOL NFT gating
- figure out how to fix text selection on the home page HOT 2
- After Web3 call, NFT avatar remains in non-Web3 calls HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from brave-talk.