Mon Feb 22 15:22:01 UTC 2016

#18361: Issues with corporate censorship and mass surveillance
Comment (by jeffburdges):

 Just to clarify : Adding auto-pay support to Taler is basically the same
 solution being discussed internally at CloudFlare.  We just have working
 blind singing code that runs in the browser already done.  :)

 These CAPTCHAs won't be so annoying if you solve one CAPTCHA for x page
 loads access everything, even across TBB sessions.  As opposed to one
 CAPTCHA per domain per TBB session.  It's just amortizing the CAPTCHAs

 ioerror, I agree that tokens for merely viewing web pages is extreme.  We
 should absolutely continue lobbying CloudFlare to apply their filters more
 precisely.  We do still need a token based scheme for anything that
 triggers SQL though because asking Tor users to solve a CAPTCHA anytime
 they want to post anything is also extreme.

 Also, one could imagine issuing tokens in other ways besides CAPTCHAs once
 we have an auto-pay blind singing based infrastructure deployed.  I
 dislike most idea in this space, like a facebook app that gives you
 CloudFlare tokens.  ;)

 As an aside, there is an interesting anonymous white/black listing
 protocol implicit in Taler's refresh protocol : If you do not miss behave
 then you get your token refunded, meaning far fewer CAPTCHAs.  I think
 refreshing tokens offers stronger anonymity than all the anonymous
 white/black listing protocols that I've seen in the literature (see Isis'
 comment, although I haven't read BLACR).  It's even post-quantum.  Now
 Taler's refresh protocol costs 3ish RSA signatures, while a simpler coin
 refresh costs only one, but Taler's refresh helps obstruct a market token
 distribution though.  I can explain all this in person if you like, but
 probably any near term deployment would avoid refreshing entirely.

