zlacker

[parent] [thread] 2 comments
1. tamimi+(OP)[view] [source] 2023-07-25 15:11:30
As long as the mechanism will be open source standard and isn’t controlled by corporations AND the user browsers are in control to enable/disable it, sure.
replies(1): >>VoxPel+L4
2. VoxPel+L4[view] [source] 2023-07-25 15:31:12
>>tamimi+(OP)
It is an open standard: https://datatracker.ietf.org/doc/html/draft-ietf-privacypass...

"Privacy Pass tokens are unlinkable, one-time-use authenticators that can be used to anonymously authorize a client"

People from Apple, Google and Cloudflare are all editors of the spec and eg Fastly has also blogged about it: https://www.fastly.com/blog/private-access-tokens-stepping-i...

Excerpt from Fastly's article above:

> When you put this together, no one entity can link client identity to website activity. And yet, this authorizes access to a website – all while eliminating human interactions.

replies(1): >>helloj+AZ1
◧◩
3. helloj+AZ1[view] [source] [discussion] 2023-07-25 23:28:33
>>VoxPel+L4
What mechanism exists to prevent the attester from colluding with the issuer or origin to track users? Could a government subpoena these entities to track entire user history down to the tpm key?
[go to top]