Presentation Material
Abstract
Anonymous data collection systems allows users to contribute the data necessary to build services and applications while preserving their privacy.
Anonymity, however, can be abused by malicious agents, injecting fabricated data, aiming to subvert or to sabotage the data collection.
At Cliqz we deal with the same challenge. Our data collection systems in Cliqz Browser and Extension which power our search engine[1], anti-tracking systems[2] are designed in a way that server cannot link that two messages are from the same user. But if the user is fully anonymous, how can the system prevent an attacker from polluting the data collection?
We will showcase an efficient mechanism to block an attacker without compromising the privacy and anonymity of the users.
This system builds on top of Direct Anonymous Attestation, a proven cryptographic primitive to implement service rate-limiting in a scenario where messages between users and the service are sent anonymously and message unlinkability is to be preserved.
Rate-limiting constraints for a service are defined as an arbitrary mapping from every possible valid message to a ‘rate-limiting tag’ string, in such a way that the constraints can be enforced if the service never accepts more than one message from the same user with same tag.
Under this definition, we employ DAA protocol to enforce these ‘message quotas’ without being able to link user messages. If authorized, users receive credentials issued by the service. These can be used to sign messages with respect to a ‘basename’ string, in such a way that two signatures performed with the same credentials are unlinkable if and only if their basenames are different. By forcing the mentioned rate-limiting tag to be in the signature basename the rate-limiting constraints can be enforced.
Service will verify the signature according to the DAA protocol and accept the message if and only if the tag that maps to the rate-limiting ‘basename’ has still not been seen.
We present all components needed to build and deploy such protection on existing data collection systems with little overhead.
This system which is running in production for Cliqz browser is however not limited to browsers or extensions, it has been implemented in a scenario where user code is running in a web browser, thanks to WebAssembly and asm.js.
AI Generated Summary
The talk presents an anonymous rate-limiting system designed for privacy-preserving data collection, addressing the challenge of preventing message spam without relying on user identifiers. The system, developed and deployed by the privacy-focused company Cliqz, uses Direct Anonymous Attestation (DAA), a cryptographic primitive typically implemented in Trusted Platform Modules (TPMs). DAA provides anonymous authentication and controllable linkability: signatures are linkable only if generated with the same “base name,” a string derived from message-specific rules.
The core technique involves defining base names that encode rate-limiting policies. A base name combines a message type, a truncated timestamp (e.g., per hour), a digest of the message content, and a counter (1 to n). This structure allows rules such as “one normalized query per user per hour.” The server verifies signatures and drops messages with repeated pseudonyms (derived from the base name and user key) or incorrectly computed base names. To mitigate Sybil attacks in environments without ubiquitous TPMs, the system implements a software-only DAA protocol and rate-limits the credential-issuance (“join”) operation using available signals like IP address or email, while periodically rotating issuer keys to invalidate old credentials.
Practical implications include the ability to enforce granular rate limits (e.g., per query, per day) in fully anonymous data streams, which is critical for services like search engines that cannot track users. The open-source client and cryptographic implementation demonstrate feasibility, with server-side verification performance measured at approximately 4 milliseconds per message per CPU core. Compared to alternatives like Privacy Pass or Brave’s anonymous surveys, this approach supports complex, time-bound rate-limiting rules directly tied to message content. The design also considers and dismisses certain issuer collusion attacks as impractical in their operational context, where the service’s incentive to receive data outweighs tracking motives.