• jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    15
    ·
    4 months ago

    https://datatracker.ietf.org/doc/html/draft-ietf-ppm-dap#name-security-considerations

    The explicitly say if the aggregator is controlled by hostile party, and in my scenario that would be Mozilla, they could have full access to the deanonymized data. It’s out of scope for their protocol.

    And while the DAP draft is nice, it doesn’t change my threat model, it just introduces extra steps. As the absolute hunger of AI inputs for models have shown us, if a company has the capability to get data, they will. Mozilla has demonstrated they are hungry for data and money. I don’t want to give them the capability