Nostr Web Client

https://httptoolkit.com/blog/apple-private-access-tokens-attestation/

Found via stacker news, credit to : https://stacker.news/items/243154

This is a fascinating and obvious-in-hindsight development.

Think: while Tor has taken the radical step of going down the PoW route, a whole "vertical stack" like Apple's, unsurprisingly, can take a much "cleaner" but at the same time much more disturbing approach: lock out unpermissioned usage (including spam of course!), while still being able to claim that they are preserving privacy by not identifying users. Chaumian tokens (as seen previously in privacypass) are the obvious way to do this.

The real bomb will drop when Google does this for any of their services (as discussed in the article, chromium/chrome).

Be interested to hear people's thoughts about it. Privacy from (cryptography + centralization) is super powerful, we're just starting to see how it can manifest.

Reply to this note

Please Login to reply.

Discussion

Maximilian 2y ago

Can you explain what is this like if I was 5?

waxwing 2y ago

Yes, it is a bit unobvious.

So like, you are using iOS or MacOS and you're browsing with Safari.

You access a website which is protected by Cloudflare; perhaps that site is experience some DDoS attack in the most extreme case.

What they can do is show you a captcha and force you to prove you are human to access the site.

Or the privacypass model: some centralized service asks you to solve a few captchas well in advance, then provides you with blinded tokens. Later, when you want to access a site, you can bypass captchas by showing these tokens: they don't reveal you're the same person as the centralized service saw earlier, but they prove you *did* earlier do that captcha.

Apple now changes it a bit: now they are the central server, and, under the hood, the Safari browser sends a request back home to Apple for some blinded tokens. They are given to you because Apple can check that your device is "legit".

Imagine, as the article says, that they stop issuing tokens if your OS is out of date, or, they don't like you etc.

It certainly is an interesting idea/model, because the UX for most users will be perfect: no captchas, ever. But it is also potentially disturbing.

dfa94a58... 2y ago

But this does not solve the problem of content censorship. This may solve the problem of access control to that content but will not stop the censor from gaining easy access to the centralised publisher and shutting it down ?

https://www.zerohedge.com/political/direct-government-censorship-internet-here