this post was submitted on 07 May 2025
505 points (97.9% liked)

Fediverse

37509 readers
138 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)

founded 2 years ago
MODERATORS
 

cross-posted from: https://lemmy.world/post/29244629

You can also search the Fediverse directly

you are viewing a single comment's thread
view the rest of the comments
[–] ikidd@lemmy.world 1 points 5 months ago (1 children)
  1. Log into browser extension with kagi account

  2. generate tokens

  3. use said tokens

How does this ensure privacy? The tokens are associated to your account from the start.

[–] kibiz0r@midwest.social 3 points 5 months ago* (last edited 5 months ago) (1 children)

There’s a link in the second paragraph to the technical details, including source code for the implementation and documentation for the required infrastructure.

But the tl;dr is that the tokens aren’t associated to your account. Unless you were able to snoop on the original request that generated the tokens (in which case, you’ve got bigger issues!), there’s no way to prove that a token is related to a specific account. A token only proves that an authorization server once granted access to some account.

Edit: Wikipedia has a good intro:

Non-interactive zero-knowledge proofs are cryptographic primitives, where information between a prover and a verifier can be authenticated by the prover, without revealing any of the specific information beyond the validity of the statement itself.

Edit 2: You should not be catching downvotes. You had a reasonable question.

[–] UnderpantsWeevil@lemmy.world -3 points 5 months ago (1 children)

There’s a link in the second paragraph to the technical details

I'm reminded of this mindset from the crypto scam surge.

Points at technical documents

"Well, it says it's secure so quit arguing that it's not secure"

Typically followed by

"If someone traced you/robbed you, then you were just doing it wrong"

Like, we've got high level white house officials feeding national security secrets to the Israelis because they just blindly implemented a "secure" Signal extension. So I guess I shouldn't be surprised people don't look past the cover.

But come on. "You can just buy some tokens and then you're secure" is painfully naive.

[–] kibiz0r@midwest.social 2 points 5 months ago

I’m out here trying to answer reasonable questions techie folks might have about the most promising possibility I’ve seen so far for getting our normie families off of Google.

What are you here for? Calling people naive pseudo-scammers? Get out of here.