Faisal Abidi discusses using partially blind signatures to combat app spam. Blind signatures allow signing of data without revealing information that could identify users. This prevents faking of parameters while keeping data private. By assigning signatures to destination URLs from ads, spammers can only generate valid signatures for user journeys they actually completed, like clicking an ad and visiting the linked website. This makes spamming campaigns through fake accounts much more difficult by limiting attackers' ability to exploit weak links in the process.
4. Faisal Abidi, the co-founder of RNF Technologies, shared his
viewpoints on using Blind Signatures to stop ad spam in app
development companies.
5. ● They lessen the possibility of faking parameters without raising the possibility that
data may be used to identify specific people.
● We ask each entity to sign something else instead of a nonce; a blind signature
comes to the rescue!
● The benefit of doing this is that the code may be completely open source and
examined by the security and privacy community, which is why the browser or
operating system should enable it.
● It implies that sensitive information never needs to leave the device and contact a
server.
● Finally, making this logic inaccessible to standard application code makes it harder
to manipulate for the spammers.
7. Faisal Abidi, who leads RNF Technologies, suggests that the
need for blind signature is relatively high as it is efficient and
effective.
Let’s find out how!
→
8. To generate a signature from a touchpoint, a spammer must have fake or hacked
accounts and click any Facebook advertisement. What if the Facebook signatures
they received revealed more than simply an ad click, allowing the team to pinpoint
the vulnerability more accurately? Can the team possibly make those signatures
display where the advertisement leads to?
● With partially blind signatures, we can accomplish this.
● A typical piece of knowledge is accessible both when the signature is made and in the
final report, and the order of the touchpoints is that piece of information.
● For instance, the user journey may involve someone clicking on an advertisement, which
directs them to a website's destination page, where they may make a purchase.
● Several advertisers might run advertisements that link consumers to various websites.
● Facebook would create one public-private keypair for each destination URL with a
partially blinded signature.
10. Faisal Abidi, when asked how his team found the blind
signatures effective in fighting the spam, highlighted the
upcoming points→
11. ● The slight revision to the idea of binding destination URLs to blind signatures makes app
spam much more difficult.
● In a hypothetical advertising scenario, if the attacker clicks on random ads delivered to
them using a false or compromised account, they will obtain signatures that are only
valid for user journeys that end at particular touchpoints.
● It is possible to apply the capacity to cryptographically link metadata to blind signatures
to a large variety of issues involving numerous touchpoints.
● Attackers wouldn't be able to leverage the touchpoint that is the weakest link as much.
● They would first need to get adverts for that website shown to their phony or
compromised accounts.
● This makes things considerably difficult for the attacker because they have no control
over the adverts they are delivered.
This presentation shares the viewpoints of Faisal Abidi, the co-founder of RNF Technologies, on ad spam and how blind signatures can help mitigate their effects.