Privacy Pass
Privacy Pass helps to make solving CAPTCHAs online less painful using zero-knowledge cryptography. This project was done in collaboration with researchers from Royal Holloway and the University of Waterloo. The core of Privacy Pass is a 1-RTT cryptographic protocol (based on an implementation of an oblivious pseudorandom function) that allows users to receive an amount of unlinkable tokens in exchange for solving a CAPTCHA challenge. Users can redeem tokens in the future for accessing to services without having to interact with a challenge, and the service cannot link the redeemed token to previously-issued tokens.
Launched in 2017, Privacy Pass is available in the form of a browser extension, and since then, it is in use by over a hundred thousand monthly active users in Chrome and Firefox.
Publications
2024RFC 9578: Privacy Pass Issuance Protocols
2024RFC 9577: The Privacy Pass HTTP Authentication Scheme
2024RFC 9576: The Privacy Pass Architecture
2023RFC 9497: Oblivious Pseudorandom Functions (OPRFs) Using Prime-Order Groups
2022A Fast and Simple Partially Oblivious PRF, with Applications
2018Privacy Pass: Bypassing Internet Challenges Anonymously
Blog posts
- Privacy Pass: upgrading to the latest protocol version
- Privacy Pass v3: the new privacy bits
- Supporting the latest version of the Privacy Pass Protocol
- Privacy Pass - “The Math”
- Cloudflare supports Privacy Pass
Alex
Armando
Thibault
Cefan
Nick
Christopher