Changes between Initial Version and Version 1 of Ticket #18361, comment 1


Ignore:
Timestamp:
Feb 22, 2016, 6:23:34 AM (4 years ago)
Author:
marek
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #18361, comment 1

    initial v1  
    77A thousand times yes. I raised this option a couple times (supercookie) and we agreed this is a bad idea. I believe there is a cryptographic solution to this. I'm not a crypto expert, so I'll allow others to explain this. Let's define a problem:
    88
    9 > There are CDN/DDoS companies in the internet that provide spam protection for their customers. To do this they use captchas to prove that the visitor is a human. Some companies provide protection to many websites, therefore visitor from abusive IP address will need to solve captcha on each and all domains protected. Let's assume the CDN/DDoS don't want to be able to correlate users visiting multiple domains. Is it possible to prove that a visitor is indeed human, once, but not allow the CDN/DDoS company to correlate the traffic?
     9> There are CDN/DDoS companies in the internet that provide spam protection for their customers. To do this they use captchas to prove that the visitor is a human. Some companies provide protection to many websites, therefore visitor from abusive IP address will need to solve captcha on each and all domains protected. Let's assume the CDN/DDoS don't want to be able to correlate users visiting multiple domains. Is it possible to prove that a visitor is indeed human, once, but not allow the CDN/DDoS company to deanonymize / correlate the traffic across many domains?
    1010
    1111In other words: is it possible to provide a bit of data tied to the browsing session while not violating anonymity.