Anonymous credentials: rate-limit bots and agents without compromising privacy

(blog.cloudflare.com)

101 points eleye | 2 comments | 02 Nov 25 00:45 UTC | HN request time: 0.713s | source

Show context

JimDabell ◴[02 Nov 25 14:23 UTC] No.45790549[source]▶

>>45786914 (OP) #

This is something I’ve been saying for a while[0,1]:

Services need the ability to obtain an identifier that:

- Belongs to exactly one real person.

- That a person cannot own more than one of.

- That is unique per-service.

- That cannot be tied to a real-world identity.

- That can be used by the person to optionally disclose attributes like whether they are an adult or not.

Services generally don’t care about knowing your exact identity but being able to ban a person and not have them simply register a new account, and being able to stop people from registering thousands of accounts would go a long way towards wiping out inauthentic and abusive behaviour.

[0] https://news.ycombinator.com/item?id=41709792

[1] https://news.ycombinator.com/item?id=44378709

The ability to “reset” your identity is the underlying hole that enables a vast amount of abuse. It’s possible to have persistent, pseudonymous access to the Internet without disclosing real-world identity. Being able to permanently ban abusers from a service would have a hugely positive effect on the Internet.

replies(6): >>45790613 #>>45790646 #>>45790899 #>>45791291 #>>45791379 #>>45791692 #

Ukv ◴[02 Nov 25 16:19 UTC] No.45791379[source]▶

>>45790549 #

> - That a person cannot own more than one of.

Exactly one seems hard to implement (some kind of global registry?). I think relaxing this requirement slightly, such that a user could for instance get a small number of different identities by going to different attestors, would be easier to implement while also making for a better balance. That is, I don't want users to be able to trivially make thousands of accounts, but I also don't want websites to be able to entirely prevent privacy throwaway accounts, for a false ban from Google's services to be bound to your soul for life, to be permanently locked out using anything digital because your identifier was compromised by malware and can't be "reset", or so on.

replies(1): >>45797637 #

1. JimDabell ◴[03 Nov 25 10:30 UTC] No.45797637[source]▶

>>45791379 #

> Exactly one seems hard to implement (some kind of global registry?).

Governments. Make it a digital passport.

> I also don't want websites to be able to entirely prevent privacy throwaway accounts, for a false ban from Google's services to be bound to your soul for life

People should be free to refuse to interact with you.

> to be permanently locked out using anything digital because your identifier was compromised by malware and can't be "reset", or so on.

Make it as difficult to reset as a passport. Not impossible, but enough friction that you wouldn’t want to keep doing it every time you get banned for spamming.

replies(1): >>45801731 #

2. Ukv ◴[03 Nov 25 17:32 UTC] No.45801731[source]▶

>>45797637 (TP) #

> Governments. Make it a digital passport.

Some places don't have a sufficiently functional/digitally-competent government to manage it securely, and others would likely withhold/invalidate identifiers from groups they disfavor (like an ethnic/religious/political minority) - which would be fairly consequential if this is to dictate ability to communicate online. It's not the only way a government can do that, but it would be one that's alarmingly easy (requiring just inaction) and effective (to whatever extent the system works "as intended" in thwarting workarounds).

Presumably there also needs to be recourse against a corrupt government accepting bribes in exchange for giving out identifiers to spammers/etc., which to my understanding of the proposal would cut off all legitimate citizens of that country too if there's no redundancy.

Relaxing the requirement to allow for fallbacks (such that you can also apply to ICANN or some other international organization to get an identifier) should help, and if anything gives you more room to be picky about which organizations are accepted as attestors.

> People should be free to refuse to interact with you.

I think this conflates negative/passive rights (like the right to bear arms) with positive/active rights (like the right to counsel). Someone is free to refuse to interact with anyone who has worn fur if they can make that distinction, but that doesn't obligate me/society/governments to implement infrastructure to ensure that they can distinguish people who have worn fur - and people are (in general, not under oath/etc.) also free to lie about whether they have.

↑