|
|
|
|
|
|
by hn_acker
874 days ago
|
|
|
> With some additional safeguards in the protocol and in what sites are allowed to be the ID checking sites it can even be made so that someone who gets records of both the social media site and the third site can't use timing information to match up social media accounts with verifications and so could work with sites that allow anonymous accounts. I'm assuming that there will be some kind of way to prevent matching of logged IP addresses between the social media site and the verification site. Is there really a method for preventing matches of timing without requiring the user to bear the burden of requesting tokens from the sites at different times? As I hinted at in a different comment [1] though, there remains a tradeoff of letting the verification party know how frequently I visit a single type of website vs. avoiding the first problem but needing my ID for multiple types of websites i.e. more of the internet. [1] https://news.ycombinator.com/item?id=39180203 |
|
|