|
|
|
|
|
|
by kgraney
1193 days ago
|
|
|
That's the general idea. We're trying to limit the amount of abuse a single Google Account, device, or other first-party identity can cause. We have some more ideas and details we hope to share over time, but the goal is to keep writes to the API anonymous while preventing, the best we can, sybil attacks. We're willing to ignore/sacrifice some writes to achieve this (since any writes above ~k recent ones don't contribute directly to the utility of the system). Beyond Private State Tokens we also have new cryptography we're researching that should let us improve unlinkability between issuance and redemption further. https://github.com/WICG/turtledove/blob/main/FLEDGE_k_anonym... https://eprint.iacr.org/2023/320 |
|
|