Contact emails aric...@chromium.org, samschlesin...@chromium.org, phili...@chromium.org, sau...@chromium.org, erictrou...@chromium.org
Explainer https://explainers-by-googlers.github.io/private-proof/ Cryptography Whitepaper https://github.com/SamuelSchlesinger/authenticated-pseudonyms/blob/dev/combined/design/Range.pdf Summary This API uses Zero-Knowledge Proofs (ZKPs) to allow analysis of potentially identifiable signals while providing only a limited verdict output. For example, it empowers anti-fraud services to verify whether a user possesses an unmodified stored timestamp older than some provided timestamp without disclosing any additional user data. This approach strikes a balance between user privacy and anti-fraud capabilities by enabling websites to request a reputation signal (such as profile age) on which the user agent can enforce meaningful privacy constraints, while making the signal useful enough to remove the need for other burdensome or invasive checks, and allow the user to clear this signal at will. Blink component Blink>Storage <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EStorage%22> Motivation Protecting users from online fraud and abuse is a shared responsibility between websites and user agents. Historically, unpartitioned storage and third-party cookies (3PCs) enabled services to recall when a client was first seen (as well as tracking subsequent events to examine “normal” behavior). This helped sites distinguish established users from novel clients during Sybil attacks (multiple fake identities) or other spammy behavior, granting established users frictionless access to online services. However, the reduced availability of 3PCs and limitations on unpartitioned local storage necessitate a paradigm shift in anti-fraud mechanisms. TAG review Requested - https://github.com/w3ctag/design-reviews/issues/1071 Interoperability and CompatibilityNo existing features will have their behavior changed as a result of introducing this API. Gecko: Requested - https://github.com/mozilla/standards-positions/issues/1196 WebKit: Requested - https://github.com/WebKit/standards-positions/issues/473 Web developers: There is prior interest <https://docs.google.com/presentation/d/1-VjSchD47FoLK1e_Iv4b6DGsUb70JE5No3VG_zLptbY/edit#slide=id.g3041befa8d0_6_325> in problem area Debuggability Support for viewing tokens and tracking proofs generated will be added to DevTools. Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ? It will be. Tracking bug https://issues.chromium.org/404546887 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/4848107667587072 -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DJ8J%3DVCvRB%3D-cFnm5sFjJ07o-ApvVzkkCk-QMBQXN%3Dsaw%40mail.gmail.com.
