We implemented a blind signatures model to anonymize user API requests

Most services lack privacy-by-design, allowing them to easily identify individual users through specific data attributes like API calls from an email or user ID.

Sometimes this is necessary, but often it's not. This can lead to your data being collected unnecessarily - placing your full trust in the service provider.

I studied Cloudflare’s Privacy Pass framework and implemented a modified version of it in my application Ward. As a result, Ward users can no longer effectively be tracked or identified at the app level for most requests.

Would love to hear from others’ perspective, whether you’re an security expert or everyday user, on this approach.

The average consumer is more privacy conscious than we may think. It’s our hope that architectural decisions like this early can help build and gain user trust earlier, especially in B2C products.