zlacker

[return to "Apple already shipped attestation on the web, and we barely noticed"]
1. tamimi+1g[view] [source] 2023-07-25 15:11:30
>>pimter+(OP)
As long as the mechanism will be open source standard and isn’t controlled by corporations AND the user browsers are in control to enable/disable it, sure.
◧◩
2. VoxPel+Mk[view] [source] 2023-07-25 15:31:12
>>tamimi+1g
It is an open standard: https://datatracker.ietf.org/doc/html/draft-ietf-privacypass...

"Privacy Pass tokens are unlinkable, one-time-use authenticators that can be used to anonymously authorize a client"

People from Apple, Google and Cloudflare are all editors of the spec and eg Fastly has also blogged about it: https://www.fastly.com/blog/private-access-tokens-stepping-i...

Excerpt from Fastly's article above:

> When you put this together, no one entity can link client identity to website activity. And yet, this authorizes access to a website – all while eliminating human interactions.

◧◩◪
3. helloj+Bf2[view] [source] 2023-07-25 23:28:33
>>VoxPel+Mk
What mechanism exists to prevent the attester from colluding with the issuer or origin to track users? Could a government subpoena these entities to track entire user history down to the tpm key?
[go to top]