HackerTrans
TopNewTrendsCommentsPastAskShowJobs

rudya

no profile record

comments

rudya
·3 anni fa·discuss
Hi, I am the author of this article, it's interesting to see it being discussed here. A few points:

It's definitely possible to reverse engineer the word list and other aspects of the w3w system. However I also want to make my anysis code public and I don't want to deal with w3w's lawyers.

w3w make the basic claim that 1. similar addresses are far away from each other and 2. this makes mistakes obvious.

1 isn't true because they use a very naive randomization method. This was described before in an excellent blog post https://cybergibbons.com/security-2/what3words-the-algorithm... I added some equations in my work. In the worst case you end up with a run of addresses like

twice.over.x word.again.y repeat.phrase.z ...

And maybe 10km away another run like

twice.over.a word.again.b repeat.phrase.c ...

Only one word is different, which obviously makes it much easier to confuse addresses.

The other point is that around 25% of addresses (probably more) could be confused with 4 or more others. In that case, the AutoSuggest feature may not suggest the address you meant, and if it doesn't, there's not much you can do, since this is the only form of error correction available in w3w.

w3w is quite popular here in the UK and I can see the appeal, it is more fun to shout out green.apple.regret than some alphanumeric string. But given the above problems (which i am sure w3w know about) that doesn't seem like a good enough reason to trust an app like this with matters of life and death.