[tor-access] IETF Standardization of Blinded Tokens
Peter Story
pstory at andrew.cmu.edu
Tue Jan 5 16:44:32 UTC 2021
Since there was earlier discussion about a “specification for bypassing CAPTCHAs using blinded tokens” in this mailing list, I thought I would provide an update.
It seems that CloudFlare now has a “PrivacyPass" tool which implements just such a technology:
https://privacypass.github.io/
The tool is linked from CloudFlare’s CAPTCHA page. To see it for yourself, just create a clean Tor Browser session, then navigate to webmd.com (they see to be quite aggressive about blocking Tor users).
Also, the protocol the tool uses is in the process of being standardized:
https://datatracker.ietf.org/wg/privacypass/about/
https://github.com/ietf-wg-privacypass/base-drafts
I’m not a cryptographer, but perhaps those who are could provide feedback. It would be great to see this succeed and thereby eliminate CAPTCHAs from many websites.
-Peter
More information about the tor-access
mailing list