Hacker News new | ask | show | jobs
by potatolicious 377 days ago
> "why not just run the checks at the backend's discretion?"

Because the other side may not be listening when the compute is done, and you don't want to cache the result of the computation because of privacy.

The sequence of events is:

1. Phone fires off a request to the backend. 2. Phone waits for response from backend.

The gap between 1 and 2 cannot be long because the phone is burning battery the entire time while it's waiting, so there are limits to how long you can reasonably expect the device to wait before it hangs up.

In a less privacy-sensitive architecture you could:

1. Phone fires off request to the backend. Gets a token for response lookup later. 2. Phone checks for a response later with the token.

But that requires the backend to hold onto the response, which for privacy-sensitive applications you don't want!
3 comments
paxys 377 days ago
Especially since the request contains the user's (hashed) passwords. You definitely don't want to be holding that on the server for longer than necessary.
link
ivan_gammel 377 days ago
Is it really a problem? Client can pass an encryption key with the request and then collect encrypted result later. As long as computation is done and result is encrypted, server can forget the key, so cache is no longer a privacy concern.
link
potatolicious 377 days ago
You can, and in situations where the computation is unavoidably long that's what you'd do. But if you can do a bit of work to guarantee the computation is fast then it removes a potential failure mode from the system - a particularly nasty one at that.

If you forget to dump the key (or if the deletion is not clean) then you've got an absolute whopper of a privacy breach.

Also worth noting that you can't dump the key until the computation is complete, so you'd need to persist the key in some way which opens up another failure surface. Again, if it can't be avoided that's one thing, but if it can you'd rather not have the key persist at all.

link
ivan_gammel 377 days ago
„UPDATE checks SET result=?, key=null“

Is it that hard?

Also I don’t think persisting a key generated per task is a big privacy issue.

link
maximilianroos 377 days ago
thanks!
link