Internet Standards Almanac

Privacy Pass

Privacy Pass aims to standardise a mechanism that will improve the CAPTCHA model to increase user privacy. CAPTCHAs are used to distinguish between humans and computers to prevent bots from sending repeated requests in distributed denial-of-service (DDoS) attacks or engaging in other malicious activities. In the current common use case, after completing a CAPTCHA, a cookie is stored on the client application to show a server that the client has been verified for future purposes. However, this allows for the server to link together all the user’s connections that have required authorisation, giving the server the ability to monitor a user’s browsing history and behaviour and even identify the user. This new mechanism could offer a significant opportunity for any site that currently uses CAPTCHA to enhance the anonymity available to its user base. For this to be implemented, however, web browsers must be willing to accept Privacy Pass tokens from a small number of issuers.

Other groups in the same organisation

Adaptive DNS Discovery representation

Deterministic networking representation

DNS Privacy Exchange representation

Domain Name System Operations representation

Limited Additional Mechanisms for PKIX and SMIME representation

Messaging Layer Security representation

Multiplexed Application Substrate over QUIC Encryption representation

Network Virtualization Overlays representation

Oblivious HTTP Application Intermediation representation

Path Computation Element representation

Privacy Preserving Measurement representation

QUIC representation

Real-Time Communication in WEB-browsers representation

Transport Layer Security representation