Hacker News new | ask | show | jobs
by yorwba 3551 days ago
If the tokens are never sent, only their blinded versions, it is pretty much guaranteed that the signature you get back was made without looking at the actual token.
1 comments
mirimir 3551 days ago
I get that. What I wonder is who would nontechnical users need to trust about that? CloudFlare? The Tor Project?
link
Ar-Curunir 3551 days ago
I'm not sure, but it can be done with just CloudFlare changes; if the plugin is open source it should be fine. Maybe if Tor Browser integrates the plugin it should be fine too.
link
mirimir 3551 days ago
Optimal would be only needing to trust the Tor Project.
link