-
Notifications
You must be signed in to change notification settings - Fork 20
K Anonymity
Whitepaper: ACHIEVING k-ANONYMITY PRIVACY PROTECTION USING GENERALIZATION AND SUPPRESSION
K-Anonimity is a protocol that increases privacy for the end user. Our API uses SHA-256 wrapped NTLM hashes, and by querying only the first 5 characters of this hash, it garuntees several hundred results are always returned. This makes abusing the API much more difficult from our end, and increases trust. Instead of seeing the direct SHA-256 wrapped NTLM queried, we only see part of a hash. The hash comparison is made client-side, meaning we cannot see if that queried set of hashes is true or not. In either case (with or without k-anon), the username or any identifying information other than the hash or k-anon hash query is sent to our API.
We also do not log the incoming query. The route will appear redacted to us:
<user_ip> - [22/Aug/2019:12:09:59 +0000]: "GET /api/search/hash/NTLMSHA2/redacted" 200 "python-requests/2.22.0"
We log the IP address, the timestamp and what route was taken in the app, as well as status code. This lets us check performance metrics for the api, and generalize usage statistics while allowing the users to remain anonymous.