It is an open standard: https://datatracker.ietf.org/doc/html/draft-ietf-privacy... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		VoxPelli on July 25, 2023 \| parent \| context \| favorite \| on: Apple already shipped attestation on the web, and ... It is an open standard: https://datatracker.ietf.org/doc/html/draft-ietf-privacypass... "Privacy Pass tokens are unlinkable, one-time-use authenticators that can be used to anonymously authorize a client" People from Apple, Google and Cloudflare are all editors of the spec and eg Fastly has also blogged about it: https://www.fastly.com/blog/private-access-tokens-stepping-i... Excerpt from Fastly's article above: > When you put this together, no one entity can link client identity to website activity. And yet, this authorizes access to a website – all while eliminating human interactions.

hellojesus on July 25, 2023 [–]

What mechanism exists to prevent the attester from colluding with the issuer or origin to track users? Could a government subpoena these entities to track entire user history down to the tpm key?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact