Transmitting the base id has significant privacy impact, too

Question

Transmitting the base id has significant privacy impact, too

Opened this issue 4 years ago · 0 comments

The base id in the messages appears to be the same as the root key from which all daily keys and 15-min ids are being generated.

If so, its transmission to the backend would allow the operator to unmask every contact id of this user (not just since exposure) and also impersonate the user.

I'm suggesting it might be worth noting this in your README, because its privacy impact appears to be at least as large as the impact of the contact history.