[Popcon-developers] Accessing popcon data
Enrico Zini
enrico at debian.org
Wed Mar 23 21:47:24 UTC 2011
On Wed, Mar 23, 2011 at 01:50:44PM -0300, Tássia Camões wrote:
> In this project, what will be available is the recommender, not the
> database. The recommendation is a result of processing the whole bunch
> of data to give suggestions to a specific user based on commonalities
> of behavior. I can't see how individual records could be tracked if
> you only have access to the recommendation. Do you?
Here is an example: pick a package X which has '1' inst on popcon; note
who is the maintainer. Then query a recommender asking 'what do you
suggest me to install if I have package X installed?': chances are that,
with many recommenders, the result is a list of the packages installed
on the maintainer's machine.
This specific example attack can be prevented by ignoring packages
installed in less that a certain number of systems, but there can be
more examples.
It is of course not the point of your research, and as long as there are
no obvious ways to exploit the recommender, I don't think the lack of
literature on information leaks will be an obstacle for deployment once
it works.
Ciao,
Enrico
--
GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico at enricozini.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/popcon-developers/attachments/20110323/86ef37f1/attachment-0001.pgp>
More information about the Popcon-developers
mailing list