Show HN: Freebird – Authorization without identity using VOPRF cryptography
freebird.botI built Freebird as a resistance to the surveillance state that has been established in the United States. Every useful system requires identity by default. Want rate limiting? Track users. Want access control? Create accounts. Want to prevent spam? Surveil everyone.
Freebird uses VOPRF (Verifiable Oblivious Pseudorandom Function) to separate "can you do this?" from "who are you?" Users get unforgeable tokens that prove authorization while revealing nothing about identity. The issuer can't link issuance to usage. The verifier can't identify the token holder. Correlation is mathematically impossible.
Real-world use cases: - Marginalized community identity verification without keeping a list of said marginalized people. - Municipal feedback systems (residents report issues without fear of retaliation) - Anonymous voting (one person, one vote, enforced cryptographically) - Library computer time limits (without logging what people read) - STI clinic eligibility (without creating subpoenable records)
It's built in Rust, implements the IETF VOPRF draft, and is fully self-hostable. Try it:
git clone https://github.com/flammafex/freebird cd freebird docker compose up
Apache 2.0.
I'd love feedback on the implementation and where else this could be useful.
No comments yet.