PrivacyPass
Isn’t this for CAPTCHAs?
https://blog.cloudflare.com/privacy-pass-standard/#a-standard-for-anonymous-credentials
A standard for anonymous credentials IP remains as a key identifier in the anti abuse system. At the same time, IP fingerprinting techniques have become a bigger concern and platforms have started to remove some of these ways of tracking users. To enable anti abuse systems to not rely on IP, while ensuring user privacy, Privacy Pass offers a reasonable alternative to deal with potentially abusive or suspicious traffic. The attestation methods vary and can be chosen as needed for a particular deployment. For example, Apple decided to back their attestation with hardware when using Privacy Pass as the authorization technology for iCloud Private Relay. Another example is Cloudflare Research which decided to deploy a Turnstile attester to signal a successful solve for Cloudflare’s challenge platform. In all these deployments, Privacy Pass-like technology has allowed for specific bits of information to be shared. Instead of sharing your location, past traffic, and possibly your name and phone number simply by connecting to a website, your device is able to prove specific information to a third party in a privacy preserving manner. Which user information and attestation methods are sufficient to prevent abuse is an open question. We are looking to empower researchers with the release of this software to help in the quest for finding these answers. This could be via new experiments such as testing out new attestation methods, or fostering other privacy protocols by providing a framework for specific information sharing.
Standards
- RFC 9576: The Privacy Pass Architecture
- RFC 9577: The Privacy Pass HTTP Authentication Scheme
- RFC 9578: Privacy Pass Issuance Protocols
- draft: Privacy Pass Issuance Protocols with Public Metadata
- draft: Privacy Pass Batched Token Issuance Protocol