[shaicoleman]

"The blind signing procedure ensures that passes that are redeemed in the future are not feasibly linkable to those that are signed. We use a privacy-preserving cryptographic protocol based on ‘Verifiable, Oblivious Pseudorandom Functions’ (VOPRFs) built from elliptic curves to enforce unlinkability. The protocol is exceptionally fast and guarantees privacy for the user. As such, Privacy Pass is safe to use for those with strict anonymity restrictions."

1. https://privacypass.github.io/

> Deanonymizing yourself just to appease cloudflare is not a valid solution

I'm not claiming it is a valid solution, I'm just sharing a possible workaround.

[robonerd]

Unless you're a mathematician or a cryptographer who's qualified to verify these claims, I think all of this amounts to "trust us."

[mynameisvlad]

You have to trust a whole lot of companies to get onto and use the Internet. Or just use everyday technology. I don't see why this is different.

[robonerd]

> You have to trust a whole lot of companies to get onto and use the Internet.

Obviously, I wouldn't dream of asserting otherwise. My point is that for the vast majority of the population, a paragraph of technogibberish about cryptography doesn't fundamentally change anything, you're still reliant on trust. To most people, that paragraph is worth about as much as a basic promise. The worth of that statement is derived from whatever trust is had in the corporation and the ability of academics and regulators to stay on the ball and keep corporations in check.

If somebody who isn't a cryptographer has decided not to trust Cloudflare and not to trust the rest of society to keep a company like Cloudflare in check, then that whole explanation isn't worth much. It's boils down to saying "Just trust me" in response to somebody who just said "I don't trust you."

[Semaphor]

I searched around a bit, and the only thing I found was the EFF not complaining about it when mentioning it while talking about something else [0]:

> This proposal is based on Privacy Pass, a privacy-preserving and frustration-reducing alternative to CAPTCHAs.

So I guess that’s good-ish?

[0]: https://www.eff.org/tr/deeplinks/2019/08/dont-play-googles-p...

[robonerd]

It's worth a bit, but it doesn't assuage all my concerns. Even with trust in the EFF to be both well informed and earnest, I think there is still reason for doubt. I've read it claimed many times that cryptography is easy to fuck up in subtle ways, and that these fuckups can go unnoticed for years. Furthermore, subtle flaws can be deliberately engineered into cryptographic schemes and probably concealed from notice for many years. The more novel a cryptographic scheme seems, the more reason there is to doubt that it's been inspected and verified from all angles. I've never heard of VOPRFs before today, they don't seem to have a wikipedia page and the articles I've found about them with a web search are all very recent.

Furthermore, there is the matter of Cloudflare itself, specifically it's size and scope. Concentrations of data are magnets for intelligence agencies. The more data a company has access to, the less I trust them to keep it safe.

[mynameisvlad]

That extends to pointing out that trust is required. When it's the default state of things, what use is pointing it out going to bring?

I made an obvious point because it's strange to bring up that something on the internet requires trust. Because of course it does.

[Dylan16807]

It's the difference between trusting some math that's used by a hundred million sites versus trusting math that one particular company claims is safe.

It's not strange at all to distinguish between those kinds of trust.

When I use TLS 1.3, I'm not relying on "trust us" from the inventor and a couple investigators, I'm relying on heavy worldwide scrutiny.

[robonerd]

> When it's the default state of things, what use is pointing it out going to bring?

I believe that appeals to math can obscure the role of trust. This is demonstrated by the formation of an industry of scammers exploiting the phenomena. Millions of people don't understand cryptocurrencies but buy in anyway, confidence bolstered by their lionization (but not comprehension) of math.

I think it's an illusion worth drawing attention to.

[Wowfunhappy]

Sorry, can I get a layman's translation? What prevents websites from using Privacy Pass to track user behavior? (Beyond determining who is and is not a bot.)

[shaicoleman]

Basically, you fill a captcha once, and that gives 30 anonymous one-time-use tokens which are stored on the browser. The cryptography used ensures that there's no way to associate the one-time tokens between each other or back to the original captcha. Redeeming the token proves that you've already filled a captcha, and will bypass the captcha for that session.

[ntoskrnl]

Cloudflare is the one putting up the captcha-wall and deciding whether to forward your request to the destination site. Your browser sends Cloudflare a token, then if Cloudflare accepts the token, it forwards your request. The destination site does not see the token and so cannot use it to track you.

Since Cloudflare does see the token, it's reasonable to consider whether Cloudflare could deanonymize you across different sites. Privacy Pass uses cryptography that claims to prevent that.