SoylentNews is people
SoylentNews
Submission Preview
Anonymous Credentials: an Illustrated Primer
Web sites are increasingly trying to glean additional personally identifiable information from visitors in the name of authentication. Some nefarious interests actually do have a goal of tracking every minute interaction and communication tied to a real-world identity. However, if the goal is authentication and not just the collection of information, then all that is not necessary. Cryptographer and professor, Matthew Green, has a few thoughts on cryptographic engineering, specifically an illustrated primer on Anonymous credentials [cryptographyengineering.com]. He states the question as being, how do we live in a world with routine age-verification and human identification, without completely abandoning our privacy?
This post has been on my back burner for well over a year. This has bothered me, because every month that goes by I become more convinced that anonymous authentication the most important topic we could be talking about as cryptographers. This is because I’m very worried that we’re headed into a bit of a privacy dystopia, driven largely by bad legislation and the proliferation of AI.
But this is too much for a beginning. Let’s start from the basics.
One of the most important problems in computer security is user authentication. Often when you visit a website, log into a server, access a resource, you (and generally, your computer) needs to convince the provider that you’re authorized to access the resource. This authorization process can take many forms. Some sites require explicit user logins, which users complete using traditional username and passwords credentials, or (increasingly) advanced alternatives like MFA [wikipedia.org] and passkeys [passkeys.io]. Some sites that don’t require explicit user credentials, or allow you to register a pseudonymous account; however even these sites often ask user agents to prove something. Typically this is some kind of basic “anti-bot” check, which can be done with a combination of long-lived cookies, CAPTCHAs [wikipedia.org], or whatever the heck Cloudflare does: [...]
Again that naively assumes that elimination of privacy is not a specific goal, which adds an additional barrier to gaining acceptance for anonymous approaches.
Previously:
(2025) Passkeys Are Incompatible With Open-Source Software [soylentnews.org]
(2024) VISA and Biometric Authentication [soylentnews.org]
(2022) NIST Drafts Revised Guidelines for Digital Identification in Federal Systems [soylentnews.org]
[...] and more.
