[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Privacy Pass from Cloudflare, and the CAPTCHA problem

bob1983 writes:

> 3. Even if this protocol is integrated in Tor Browser, after clicking "New
> Identity", all local data will be erased. Considering this feature is frequently
> used by Tor users, we still need to solve some CAPTCHAs.

If the protocol is sound here in its unlinkability property, the Tor
Browser should not need to erase the store of tokens.  I realize that
this may be a challenge architecturally and conceptually, but in the
design of this protocol, persistence of the tokens shouldn't compromise
Tor's anonymity goals.

(Although it does potentially reduce the anonymity set a bit by
partitioning users into those who have the extension and those who don't
have the extension, as well those who currently have tokens remaining
and those who are currently out of tokens.)

Seth Schoen  <schoen@xxxxxxx>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to