Security & Privacy Whitepaper (Overview)Chapter 7
Chapter 7 Abuse Prevention & Risk Controls
File transfers are a common target for automated abuse (spam, scraping, bandwidth exhaustion). This chapter explains the controls used to limit abuse while preserving usability and resumability.
7.1 Goals
- Limit automated abuse without requiring high-friction steps for legitimate users.
- Protect platform availability and cost boundaries (bandwidth, storage, CPU).
- Preserve resumability: controls SHOULD not force users to restart large transfers.
7.2 Design principles (minimal, explainable, reversible)
- Minimal: collect only necessary signals; avoid persistent identifiers where possible.
- Explainable: when blocking/throttling, the user SHOULD see an actionable reason.
- Reversible: mitigations SHOULD be adjustable quickly as traffic patterns change.
7.3 Rate limiting & quotas
7.3.1 Edge-level rate limits
- Apply IP/AS-based throttles for request floods while allowing normal parallel chunk transfers.
- Prefer leaky-bucket style limits to avoid bursting the origin.
7.3.2 Application quotas & caps
- Enforce plan-based limits (size, retention, downloads) with clear UI messaging.
- Over-limit behavior MUST fail closed for authorization while providing clear next steps.
7.4 Abuse signals & mitigations
- High-frequency create/upload attempts, suspicious user agents, and abnormal download fan-out MAY trigger extra checks.
- Mitigations MAY include increased throttling, temporary blocks, or requiring additional proof for high-risk traffic.
- Mitigations MUST NOT compromise confidentiality: never require sending CEK or fragments to the server.
7.5 Related Claim IDs
- See Appendix: Claim IDs for the authoritative mapping.