Traceback for End-to-End Encrypted Messaging

Tyagi, Nirvan; Miers, Ian; Ristenpart, Thomas

doi:10.1145/3319535.3354243

“…Message franking [62,98,151,164,167,173,183,222,359,376] (total: 10) Reveal source, traceback, or popular messages [173,231,285,360] (total: 4) Other user reporting [26,86,128,192,207,214,237,245,248,377,384] (total: 11)…”

Section: Corporate Network Monitoringmentioning

confidence: 99%

“…Tyagi et al [360] implemented traceback for E2EE messaging: after a detection, the service provider gains the ability to "trace" the forwarding path the message took to get to the receiver in one of two ways. Suppose A sends a message to B and C. B forwards the message to D, and separately, C forwards the message to E. E later reports the message.…”

Section: Responses Unique To End-to-end Encryptionmentioning

confidence: 99%

SoK: Content Moderation for End-to-End Encryption

Scheffler

¹

,

Mayer

²

2023

PoPETs

View full text Add to dashboard Cite

Popular messaging applications now enable end-to-end-encryption (E2EE) by default, and E2EE data storage is becoming common. These important advances for security and privacy create new content moderation challenges for online services, because services can no longer directly access plaintext content. While ongoing public policy debates about E2EE and content moderation in the United States and European Union emphasize child sexual abuse material and misinformation in messaging and storage, we identify and synthesize a wealth of scholarship that goes far beyond those topics. We bridge literature that is diverse in both content moderation subject matter, such as malware, spam, hate speech, terrorist content, and enterprise policy compliance, as well as intended deployments, including not only privacy-preserving content moderation for messaging, email, and cloud storage, but also private introspection of encrypted web traffic by middleboxes. In this work, we systematize the study of content moderation in E2EE settings. We set out a process pipeline for content moderation, drawing on a broad interdisciplinary literature that is not specific to E2EE. We examine cryptography and policy design choices at all stages of this pipeline, and we suggest areas of future research to fill gaps in literature and better understand possible paths forward.

show abstract

“…Recall that the FACTS system we presented reveals two things to the server (or an auditor) after the threshold of complaints has been reached: the user id of the message's originator, and the contents of the message itself. Indeed, one of our motivations was to avoid revealing the entire path or tree of message forwarding as in prior work [43].…”

Section: Alternative Factsmentioning

confidence: 99%

“…Tyagi et al [43] introduced a first approach for overcoming this challenge and allow EEMS to effectively traceback an offending message to find the originator based on a user complaint. The traceback procedure also assures that all other messages remain private and that innocent parties cannot be blamed for originating the offending messages.…”

Section: Introductionmentioning

confidence: 99%

Fighting Fake News in Encrypted Messaging with the Fuzzy Anonymous Complaint Tally System (FACTS)

Liu

¹

,

Roche

²

,

Theriault

³

et al. 2022

Proceedings 2022 Network and Distributed System Security Symposium

7

0

View full text Add to dashboard Cite

Recent years have seen a strong uptick in both the prevalence and real-world consequences of false information spread through online platforms. At the same time, encrypted messaging systems such as WhatsApp, Signal, and Telegram, are rapidly gaining popularity as users seek increased privacy in their digital lives. The challenge we address is how to combat the viral spread of misinformation without compromising privacy. Our FACTS system tracks user complaints on messages obliviously, only revealing the message's contents and originator once sufficiently many complaints have been lodged. Our system is private, meaning it does not reveal anything about the senders or contents of messages which have received few or no complaints; secure, meaning there is no way for a malicious user to evade the system or gain an outsized impact over the complaint system; and scalable, as we demonstrate excellent practical efficiency for up to millions of complaints per day. Our main technical contribution is a new collaborative counting Bloom filter, a simple construction with difficult probabilistic analysis, which may have independent interest as a privacy-preserving randomized count sketch data structure. Compared to prior work on message flagging and tracing in end-to-end encrypted messaging, our novel contribution is the addition of a high threshold of multiple complaints that are needed before a message is audited or flagged. We present and carefully analyze the probabilistic performance of our data structure, provide a precise security definition and proof, and then measure the accuracy and scalability of our scheme via experimentation.

show abstract

“…Tyagi et al [39] introduced a first approach for overcoming this challenge and allow EEMS to effectively traceback an offending message to find the originator based on a user complaint. The traceback procedure also assures that all other messages remain private and that innocent parties cannot be blamed for originating the offending messages.…”

Section: Introductionmentioning

confidence: 99%

Fighting Fake News in Encrypted Messaging with the Fuzzy Anonymous Complaint Tally System (FACTS)

Liu¹,

Roche²,

Theriault³

et al. 2021

Preprint

View full text Add to dashboard Cite

Recent years have seen a strong uptick in both the prevalence and real-world consequences of false information spread through online platforms. At the same time, encrypted messaging systems such as WhatsApp, Signal, and Telegram, are rapidly gaining popularity as users seek increased privacy in their digital lives. The challenge we address is how to combat the viral spread of misinformation without compromising privacy. Our FACTS system tracks user complaints on messages obliviously, only revealing the message's contents and originator once sufficiently many complaints have been lodged. Our system is private, meaning it does not reveal anything about the senders or contents of messages which have received few or no complaints; secure, meaning there is no way for a malicious user to evade the system or gain an outsized impact over the complaint system; and scalable, as we demonstrate excellent practical efficiency for up to millions of complaints per day. Our main technical contribution is a new collaborative counting Bloom filter, a simple construction with difficult probabilistic analysis, which may have independent interest as a privacy-preserving randomized count sketch data structure. Compared to prior work on message flagging and tracing in end-to-end encrypted messaging, our novel contribution is the addition of a high threshold of multiple complaints that are needed before a message is audited or flagged. We present and carefully analyze the probabilistic performance of our data structure, provide a precise security definition and proof, and then measure the accuracy and scalability of our scheme via experimentation.

show abstract

Traceback for End-to-End Encrypted Messaging

Cited by 23 publications

References 20 publications

SoK: Content Moderation for End-to-End Encryption

SoK: Content Moderation for End-to-End Encryption

Fighting Fake News in Encrypted Messaging with the Fuzzy Anonymous Complaint Tally System (FACTS)

Fighting Fake News in Encrypted Messaging with the Fuzzy Anonymous Complaint Tally System (FACTS)

Contact Info

Product

Resources

About