zlacker

[parent] [thread] 1 comments
1. VoxPel+(OP)[view] [source] 2023-07-25 15:31:12
It is an open standard: https://datatracker.ietf.org/doc/html/draft-ietf-privacypass...

"Privacy Pass tokens are unlinkable, one-time-use authenticators that can be used to anonymously authorize a client"

People from Apple, Google and Cloudflare are all editors of the spec and eg Fastly has also blogged about it: https://www.fastly.com/blog/private-access-tokens-stepping-i...

Excerpt from Fastly's article above:

> When you put this together, no one entity can link client identity to website activity. And yet, this authorizes access to a website – all while eliminating human interactions.

replies(1): >>helloj+PU1
2. helloj+PU1[view] [source] 2023-07-25 23:28:33
>>VoxPel+(OP)
What mechanism exists to prevent the attester from colluding with the issuer or origin to track users? Could a government subpoena these entities to track entire user history down to the tpm key?
[go to top]