[tor-talk] Privacy Pass from Cloudflare, and the CAPTCHA problem

Seth David Schoen schoen at eff.org
Mon Nov 20 17:35:25 UTC 2017


bob1983 writes:

> 3. Even if this protocol is integrated in Tor Browser, after clicking "New
> Identity", all local data will be erased. Considering this feature is frequently
> used by Tor users, we still need to solve some CAPTCHAs.

If the protocol is sound here in its unlinkability property, the Tor
Browser should not need to erase the store of tokens.  I realize that
this may be a challenge architecturally and conceptually, but in the
design of this protocol, persistence of the tokens shouldn't compromise
Tor's anonymity goals.

(Although it does potentially reduce the anonymity set a bit by
partitioning users into those who have the extension and those who don't
have the extension, as well those who currently have tokens remaining
and those who are currently out of tokens.)

-- 
Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107


More information about the tor-talk mailing list