←back to thread

Anonymous credentials: rate-limit bots and agents without compromising privacy

(blog.cloudflare.com)
101 points eleye | 1 comments | 02 Nov 25 00:45 UTC | HN request time: 0.248s | source
Show context
hedora ◴[02 Nov 25 02:13 UTC] No.45787337[source]
I don’t understand the problem they are trying to solve, and this article is long, so apologies if they actually get around to explaining.

I have a credit card, and an agent. I want a pizza.

These credentials do what, exactly? Prevent the pizza place from taking my money? Allow me to order anonymously so they don’t know where to deliver it?

Also, they are security professionals, so when they say anonymous, they don’t mean pseudonymous, so my agent can produce an unlimited number of identities, right? How do they keep the website from correlating time and IP addresses to link my anonymous requests to a pseudonym?

My cynical take is that the pizzeria has to pay cloudflare a few pennies to process the transaction. What am I missing?

replies(3): >>45787369 #>>45787460 #>>45787548 #
1. tennysont ◴[02 Nov 25 02:40 UTC] No.45787460[source]
I think the idea would be that you ask your credit card to convert $10 into 10 untraceable tokens, and then spend them one at a time. You do a handshake dance with the credit card company so you walk away with tokens that only you know, and you have assurance that the tokens are in the same pool as everyone else who asked for untraceable tokens from that credit card company.

Then you can go and spend them freely. The credit card company (and maybe ever third parties?) can verify that the tokens are valid, but they can't associate them with a user. Assuming that the credit card company keeps a log, they can also verify that a token has never been used before.

In some sense, it's a light-weight and anonymous block chain.