Mapping Requests to Devices for Tracking and Validation in PIR Service

[yasodha-r]

I'm exploring ways to associate incoming requests to specific users or devices when interacting with the PIR server, particularly for the Live Caller ID Lookup feature. The goal is to:

1. Track the number of requests received from a particular device.
2. Validate requests using a device-specific identifier or token.

I understand that PIR is designed to preserve user privacy, so I'm curious whether there's a compliant method to achieve this kind of tracking and validation without compromising the privacy guarantees of the system.

Specifically:

1. Is it permissible to include a hashed or anonymized device identifier in the PIR request payload?
2. Are there best practices or recommended patterns for request auditing or rate limiting per device?

Any guidance or examples from the PIR service implementation would be greatly appreciated!

Thank you

[karulont]

The system does prevent you from tracking the PIR requests.
However, you can achieve something similar indirectly by counting the number of privacy pass tokens issued.

When a device requests privacy pass tokens, it authenticates itself by sending a HTTP Bearer token, so it is easy to track specific users / devices, while they are requesting privacy pass tokens. Privacy pass tokens are an indirect proxy to the number of actual PIR requests made, but by rate limiting token issuance, one can rate limit PIR requests.

[yasodha-r]

Hi @karulont , Thanks for the quick response!

From what I understand, the user-identifier is the only value we receive in the request headers that helps identify devices or users. Are you suggesting that we should map this user-identifier to Privacy Pass tokens? Or is there another approach you're referring to?

Just want to confirm if my understanding is correct.

Note: we have observed that the user-identifier can change in some cases. Would this still be considered a reliable value for mapping?

[karulont]

I was talking about userTierToken.
Developer is in charge of setting that value, and that value can be used to identify devices or users when they request privacy pass token.

When devices are making PIR queries, we do not want those queries to be identified to a specific device or user.

As for the user-identifier: this is used to let the devices upload a single evaluation key once, and reuse it across multiple PIR queries. The operating system will automatically rotate the user-identifier value to limit tracking.