back to article Privacy Pass protocol promises private perusing

Boffins have harnessed privacy-preserving crypto to create a browser extension that allows users to authenticate to services without being tracked. The extension, Privacy Pass, offers people another way to authenticate themselves without having to repeatedly solve internet challenge-response tests like CAPTCHAs. Alex Davidson …

  1. fidodogbreath

    Idealism, meet business model

    For example, we envisage that it could be used as an alternative method for signing into services without having to use authenticators that do not preserve privacy, such as cookies.

    This is a nifty technical solution to something that content providers -- who, obviously, would have to be the ones to implement it -- do not see as a problem. Quite the opposite, really. Content is funded largely by advertisers, who view things things like Privacy Pass as an existential threat since their entire business model is based on continuous end-to-end user surveillance.

    In the idealistic pre-commercial view of the web as a tool of empowerment and knowledge, Privacy Pass a great step forward. In the web that we have, though, I suspect that it will meet the same ignominious fate as Do Not Track.

    1. Anonymous Coward
      Anonymous Coward

      Re: Idealism, meet business model

      I can't actually see the problem this is solving.

      You can prove that you have previously logged into a service successfully, but not who you are. When would this actually be useful?

      And if you can pass the tokens around, I can't see them being useful for any sort of verification (e.g. the age verification services mentioned - if I can just get a bunch of tokens proving I'm over 18, and then sell them to underage users? They are anonymous and hence untraceable)

      1. Anonymous Coward
        Anonymous Coward

        Re: Idealism, meet business model

        > I can't actually see the problem this is solving.

        Apart from downvotes, can someone give an actual use case example?

      2. Harry Stottle

        Re: Idealism, meet business model

        as it happens, I'm working on something very similar, which, if I get it right, will also deal with the problem of things like anonymous proof of various attributes like Age, Nationality, gender, arbitrary memberships, etc

        Of course, I can't tell you too much, or I'd have to kill you, but I'll give you one use case for free.

        Our system will allow authors to register their "ownership" of a document anonymously, with a view to third parties to whom the document is distributed being able to prove its integrity. It also allows them to revoke that registration later as having been superceded by a later version of their document. Obviously, we don't want anyone but the legitimate author to be able to issue such updates/revocations. Hence the need for anonymous authentication where, in this case, all you're proving is that you are the same entity who created the original document...

        1. Rob V.

          Re: Idealism, meet business model

          "Our system will allow authors to register their "ownership" of a document anonymously, with a view to third parties to whom the document is distributed being able to prove its integrity. It also allows them to revoke that registration later as having been superceded by a later version of their document. Obviously, we don't want anyone but the legitimate author to be able to issue such updates/revocations."

          Can you give any examples of where this is useful? I was thinking "whistleblowers" but anonymity means lack of credibility. "Anonymous sources" cited by reporters, for example, are known to them and that's why they're taken seriously.

          Systems to sign documents exist; making it anonymous seems to defeat the ideas behind ownership, credibility, etc. Can you provide some use cases? Thanks!

          1. Harry Stottle

            Re: Idealism, meet business model

            @Rob V

            who probably won't get to read this because the crowd has moved on, but I'll put the reply here for the record, if for no other reason than being able to refer back to it myself at some later date

            **********************

            Another key feature of our solution is that we never hold or publish sensitive data. All we guarantee is proof of integrity of the data protected by the system. We have no idea what those data are and we don't need or want to know.

            It's broadly suitable for anyone wishing to be able to prove - if challenged at a later date - that the relevant data remains as it when registered.

            Here are some of the things I've personally considered it useful to protect, anonymously:

            Ensuring I can win any "their word against mine" arguments:

            eg recordings of sensitive skype conversations I've had - the most significant of which were with sundry commercial services who have failed to deliver on (whatever) or threatened me with sanctions over perceived failures on my part (eg a 3 year row I had with Npower)

            or more often, even when not in dispute, just wishing to ensure I had verifiable evidence of the exchange.

            dash cam footage I've captured of extremely dangerous driving by other motorists (some of which I've passed to the Police)

            dash cam footage of an accident where I was at fault but was a minor collision (I sent that to my Insurance company. I needed to ensure that the other party didn't overclaim the damage)

            drafts of intellectual property concepts I'm working on at various stages, but not yet ready to publish

            covert recordings of interviews conducted between a disabled relative and a DWP agent performing an assessment of her condition with the intent of reviewing her benefit entitlements

            Sundry predictions I've made where I anticipated needing to be able to prove that I'd made the prediction ahead of the actual event **

            and so on.

            In nearly all of the cases above, there was no need or desire on my part to publish either the material or my association with it. It was merely a sensible precaution.

            Other examples I haven't personally used include the protection of photographs, music, poetry and literature, and any other digitally captured creative work, particularly in draft form

            Contracts where neither party seeks or needs publicity

            Entire audit trails - for example the accounts for a commercial company - including all the detail they would never normally publsh. (But if challenged, can use the proof of integrity to show that an entire data set remains as it was at the relevant date)

            In fact the list is endless. It is telling that in today's world even some Reg readers find it difficult to understand why Anonymity is a perfectly valid and reasonable requirement and how that doesn't conflict with people still wanting to be able to prove their claims if challenged. It's an example of what I call Anonymous Accountability.

            **such as my 2015 prediction that the Republicans would nominate Trump. I didn't predict his actual election though! I was confident that the repubs were rabid enough to nominate him but I was also confident that the Americans as a whole were not stupid enough to elect him. Definitely got that one wrong!

        2. Anonymous Coward
          Anonymous Coward

          Re: Idealism, meet business model

          > Hence the need for anonymous authentication where, in this case, all you're proving is that you are the same entity who created the original document...

          Surely you could just generate a new private key for each document, sign the key with that private key, and then sign the supercede notice with the same key?

          No need for any magic like zero knowledge proofs. The private key itself cannot be associated with anything or anyone, apart from one document.

          1. Harry Stottle

            Re: Idealism, meet business model

            @AC

            didn't spot your comment till after I'd replied to Rob V

            if you look at the examples I provide in that response, you'll understand that we're talking about the routine anonymous protection of digital data. Ours is a very light-weight solution where it is much easier to keep track of the hashes you've used to protect individual data items,The PK solution too clumsy for what we anticipate will eventually be perhaps half a billion such transactions a day.

            You might be interested in the comment I made a few weeks back (and the links therein)

    2. sabroni Silver badge

      Re: since their entire business model is based on continuous end-to-end user surveillance

      We had adverts before the internet. You don't have to track people to advertise to them. For a start you can use the site to identify the type of ads that might work, for example tech ads on a tech news site.

      1. Anonymous Coward
        Anonymous Coward

        Re: since their entire business model is based on continuous end-to-end user surveillance

        Most small time advertisers probably don't need end-to-end surveillance and extremely narrowed segmentation for their ads. And most big advertisers seem likely to have huge targets anyway (is anyone actually NOT targetted by Star Wars ads?).

        I'd love for sites to support both 3rd party adverts (which I wouldn't see unless I've whitelisted the site), and natively crafted adverts - which I would presumably see as they're part of the website.

        Advertisers buying directly from a site would have a larger audience - though I'm not sure we can estimate the amount, seeing as how the people blocking ads are likely also blocking analytics and the like - in exchange for a slightly narrower audience. Crucially though, they could probably get a better deal since there's no middle-man to take a cut.

        You might create new jobs for companies developing the building blocks for websites to integrate the native ad placements and developing the functionality of them, which might help offset the potentially lost jobs from current adslingers, you might need a few more people on sites to help customers create their ads, and there'd be less incentive to do across-the-web-tracking.

        I think I've derailed this thing a bit from Privacy Pass to... well ad-reform? Sorry about that.

      2. fidodogbreath

        Re: since their entire business model is based on continuous end-to-end user surveillance

        You don't have to track people to advertise to them.

        Of course not, but it has become a fetish.

        Recall the old joke, "half of my advertising spend is wasted, but I don't know which half." In the early days of the web, banner ads were cheaper than dirt because no one knew if they drove actual purchase behavior. Now, Big Data holds out the promise of actually tracking an advert from impression to purchase, but only if the ad slingers can gather and correlate enough surveillance data. Anything that gets in their way will be crushed.

  2. fidodogbreath

    But...but...

    without having to repeatedly solve internet challenge-response tests like CAPTCHAs

    ...then how will Google train its self-driving cars to recognize cars, road signs, and storefronts?

  3. bombastic bob Silver badge
    Meh

    let's NOT make this ANOTHER tollbooth, K?

    there are already TOO MANY tollbooths on the intarwebs, some of them funded by TRACKING. This includes SSL CERTS.

    Let's make sure THIS one does not turn into "yet another tollbooth".

  4. John Smith 19 Gold badge
    Unhappy

    Obvious weaknesses.....

    How good is the PNRG?

    In fact is a real PNRG being used or is it just "Multiply" by 1?

    I think this is the first (or at least first that's got some traction) privacy preserving technology for this task.

    The root cause problem is that web sites cost money and the question is how do you fund them? People talk about advertising, but it's not just the ads, it's the data collection and endless tracking of who you are and where you are and what you have and are doing.

  5. Wolfclaw
    Big Brother

    Security Agencies around the world will be converging in black helicopters to burn down the building to ensure this tech never gets used, this has just blown up their whole argument for retaining data for age verification and other security purposes.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like