alt Hacker NewsSure! But there is a stage where they generate those keys for you and give them to you. You need to be logged in to get that page. That is trust there.
Sure! But there is a stage where they generate those keys for you and give them to you. You need to be logged in to get that page. That is trust there.
No, issuer-client unlinkability is a feature of the design. The token is finalized by the client using private inputs so Kagi never actually sees the redeemable token (until it's redeemed).
https://blog.kagi.com/kagi-privacy-pass#token-generation:~:t....
https://www.rfc-editor.org/rfc/rfc9576.html