• reCAPTCHA v2 (which backfired - sorry!) • Customer sites can whitelist Tor network as a “country” • Altered the internal treatment of Tor traffic • … some clever crypto thing?
and Tor Browser • CAPTCHA solutions allow a finite number of subsequent redemptions • Unlinkable tokens • Don’t require persistent client state / disk storage • Resists farming • Resists double-spend with minimal server state • Relatively efficient server computations • Deployable in a browser extension, in Javascript, in an auditable manner
service User solves a CAPTCHA and submits many blinded tokens for signing Later, unblinds and submits a token instead of solving CAPTCHA Users solve only one challenge per N websites visited Tokens are unlinkable, work cross-domain over multiple circuits unlike cookies Maintains Tor Browser’s strong first-party isolation
must be practical to deploy in a browser Anonymous credentials: • BLAC/BLACR (pairings? in a browser?) • “Algebraic MACs and Keyed-Verification Anonymous Credentials” Standardization: • This is generalizable to VPNs and carrier-grade NAT