[blink-dev] Intent to Prototype: Private Proof API

130 views

Skip to first unread message

Ari Chivukula

unread,

Apr 16, 2025, 11:04:33 AMApr 16

to blink-dev, Samuel Schlesinger, Philipp Pfeiffenberger, Theodore Olsauskas-Warren, eric trouton

Contact emails

ari...@chromium.org, samschl...@chromium.org, phil...@chromium.org, sau...@chromium.org, erict...@chromium.org

Explainer

https://explainers-by-googlers.github.io/private-proof/

Cryptography Whitepaper

https://github.com/SamuelSchlesinger/authenticated-pseudonyms/blob/dev/combined/design/Range.pdf

Summary

This API uses Zero-Knowledge Proofs (ZKPs) to allow analysis of potentially identifiable signals while providing only a limited verdict output. For example, it empowers anti-fraud services to verify whether a user possesses an unmodified stored timestamp older than some provided timestamp without disclosing any additional user data. This approach strikes a balance between user privacy and anti-fraud capabilities by enabling websites to request a reputation signal (such as profile age) on which the user agent can enforce meaningful privacy constraints, while making the signal useful enough to remove the need for other burdensome or invasive checks, and allow the user to clear this signal at will.

Blink component

Blink>Storage

Motivation

Protecting users from online fraud and abuse is a shared responsibility between websites and user agents. Historically, unpartitioned storage and third-party cookies (3PCs) enabled services to recall when a client was first seen (as well as tracking subsequent events to examine “normal” behavior). This helped sites distinguish established users from novel clients during Sybil attacks (multiple fake identities) or other spammy behavior, granting established users frictionless access to online services. However, the reduced availability of 3PCs and limitations on unpartitioned local storage necessitate a paradigm shift in anti-fraud mechanisms.