[slester]

Couldn't CloudFlare track a Tor user by tracking the tokens it gave to a particular user, then track them when their client used one of those tokens to validate?

[Ar-Curunir]

I think that's what the "blind" portion of token authentication is for.

[mirimir]

How would users know that tokens had actually been signed blindly?

[yorwba]

If the tokens are never sent, only their blinded versions, it is pretty much guaranteed that the signature you get back was made without looking at the actual token.

[mirimir]

I get that. What I wonder is who would nontechnical users need to trust about that? CloudFlare? The Tor Project?

[Ar-Curunir]

I'm not sure, but it can be done with just CloudFlare changes; if the plugin is open source it should be fine. Maybe if Tor Browser integrates the plugin it should be fine too.

[mirimir]

Optimal would be only needing to trust the Tor Project.