Hacker Read

l1n · 2021-07-05 17:15:18

They do hash IPs before sending them.

siavosh | karma 5526 | avg karma 8.7 · | 2018-01-11 22:10:24+00:00

Ip? Hashes?

growupkids | karma 482 | avg karma 2.94 · | 2014-05-13 21:48:35

Or emailing them before they hash them.

mhaymo | karma 491 | avg karma 2.34 · | 2016-09-01 09:46:18

How exactly do you expect them to send an email to an address they only have a hash of?

mthoms | karma 4270 | avg karma 2.02 · | 2023-04-25 18:30:29

Even better, it’s a partial hash that gets sent.

Rapzid | karma 5572 | avg karma 1.75 · | 2019-05-03 00:00:43+00:00

I would guess they encrypt whatever they send to DHS. Hashing would destroy all the information required to make a match.

whyever | karma 937 | avg karma 2.24 · | 2018-07-20 16:59:14+00:00

They are hashing the data.

bb88 | karma 7536 | avg karma 2.47 · | 2018-02-28 04:03:14

Yes. But it would more likely be the case where they are encrypting the data before hashing it to reduce the chance for a hash collision.

tuna-piano | karma 4937 | avg karma 7.73 · | 2020-12-17 18:18:51+00:00

Seems like a good method and actually more accurate than they do... seems like they just do a hash of IP.

TuringNYC | karma 8951 | avg karma 3.84 · | 2020-07-23 13:49:15+00:00

I'm pretty curious how this happens technically -- is there a hash collision? Do they hash email addresses as a key or something?

nitrix | karma 246 | avg karma 4.03 · | 2015-07-10 18:30:14+00:00

Highly hashed IPs. Highly. Hashed. That made my day.

maouida | karma 172 | avg karma 3.44 · | 2014-02-25 18:08:06+00:00

They have the email (confirmed email) in their DB. they can easily calculate the hash on the fly.

subway | karma 3614 | avg karma 4.42 · | 2019-04-27 17:47:31

Sure, but who tells the client what the correct hash is?

lovelyviking | karma 771 | avg karma 1.41 · | 2020-11-25 19:46:16+00:00

Who knows, may be they can start to send id too by a special request from the server or send those hashes by other channels in addition to this one, but much later. And server can make such request based on some heuristics or based on some 'black list' of hashes. How can you know for sure? We can only guess to the certain degree without looking into sources.

donw | karma 7032 | avg karma 3.82 · | 2021-04-01 08:23:46+00:00

Right, but they have to look at that data to create those hashes, no?

YZF | karma 3801 | avg karma 2.34 · | 2012-09-20 03:35:28+00:00

They got access to the server through some other undisclosed means, the hash was there.

mc32 | karma 33963 | avg karma 2.39 · | 2018-07-04 15:36:06

Can’t they just compare hashes and for those where they have to do a scan, serve as an anonymous intermediary/proxy?

charonn0 | karma 1954 | avg karma 2.78 · | 2015-03-04 01:25:10+00:00

Wouldn't they need to have the file already if they know its hash?

staticassertion | karma 12534 | avg karma 3.12 · | 2019-07-21 18:23:52+00:00

The hash isn't even necessarily transmitted, and it's often partial hashes at that.

WesolyKubeczek | karma 3085 | avg karma 2.17 · | 2022-01-26 15:46:52

There are different kinds of hashes. You can, for example, assign numbers to your incoming IPs. The first one to come in gets 1, the second gets 2, and so on. Numbers zero out at midnight, correlation between them and real IPs are at the load balancer. Good luck bruteforcing these.