🎫 PRIVACY PASS v1

Anonymous Token Farm

Accumulate anonymous tokens using blind RSA signatures (RFC 9576).
The server signs your tokens without knowing what it signed. Unlinkable, anonymous, verifiable.

Get Tokens How It Works

How Blind RSA Works

Get Public Key

Fetch the server's RSA-2048 public key (n, e)

Blind Token

Generate a random token, apply blinding factor r^e mod n

Server Signs

Server signs the blinded token. It cannot see the original.

Unblind

Remove blinding factor. You now have a valid signature on your token.

The server can verify the token later (sig^e mod n == token_id) but cannot link it to the issuance request. Perfect anonymity.

Features

Blind RSA (RFC 9474)

RSA-2048 blind signatures with SHA-384. Server signs without seeing the token. Mathematically proven unlinkability.

Batch Issuance

Request up to 100 tokens per API call. Accumulate tokens efficiently for high-volume usage.

Double-Spend Protection

Each token can only be redeemed once. Server tracks spent tokens to prevent replay.

CAPTCHA Bypass

Pre-solve CAPTCHAs, store proof as tokens. Redeem tokens later to bypass challenges without solving again.

Rate Limit Evasion

Present tokens instead of IP addresses. Each token is independent — no rate limiting possible.

Zero Tracking

No accounts, no cookies, no IP logging. Tokens are the only credential. Pure cryptographic anonymity.

Endpoints

/v1/privacypass/key

Get the server's public RSA key for blinding and verification.

curl -s "https://synthetic-context.net/v1/privacypass/key"
# {"algorithm":"RSA-BSSA-SHA384","key_bits":"2048","e":"65537","n":"xDny..."}

/v1/privacypass/issue

Submit blinded tokens for signing. Batch up to 100 per request.

# Single token
curl -s -X POST "https://synthetic-context.net/v1/privacypass/issue" \
  -H "Content-Type: application/json" \
  -d '{"blinded": ["base64-encoded-blinded-token"]}'

# Batch: 100 tokens at once
curl -s -X POST "https://synthetic-context.net/v1/privacypass/issue" \
  -H "Content-Type: application/json" \
  -d '{"blinded": ["token1", "token2", ..., "token100"]}'

# Response:
# {"signatures": ["base64-sig-1", "base64-sig-2", ...], "count": 100}

/v1/privacypass/token

Quick non-anonymous token for testing.

curl -s "https://synthetic-context.net/v1/privacypass/token"
# {"token_id":"abc123...","signature":"def456...","algorithm":"RSA-BSSA-SHA384"}

Try It

Get a quick token to verify the service works:

curl -s "https://synthetic-context.net/v1/privacypass/token" | python3 -m json.tool

For real anonymity, implement the full blind RSA flow client-side: blind → issue → unblind → redeem.

vs Alternatives

Feature	Privacy Pass (ours)	Cloudflare PP	hCaptcha tokens
Blind RSA	Yes (RFC 9474)	VOPRF	No
Batch issuance	100/request	30/solve	1/solve
No CAPTCHA required	Yes	Solve first	Solve first
Self-hostable	Open protocol	Cloudflare only	hCaptcha only
Double-spend protection	Yes	Yes	Yes
Price	Free	Free (limited)	From $99/mo