Privacy-Preserving Accountability Online

Technologies that enable confidential communication and anonymous authentication are important for improving privacy for users of internet services. Unfortunately, encryption and anonymity, while good for privacy, make it hard to hold bad actors accountable for misbehavior. Internet services rely on seeing message content to detect spam and other harmful content; services must also be able to identify users to attribute and respond to abuse complaints. This tension between privacy and accountability leads to one of two suboptimal outcomes: Services require excessive trust in centralized entities to hold users accountable for misbehavior, or services leave themselves and/or their users open to abuse. In this talk, I will highlight two deployed applications, end-to-end encrypted messaging and anonymous web browsing, where this tension arises and how gaps in accountability can and do lead to real-world attacks. I will discuss how I have addressed this tension through the design of new cryptographic protocols that preserve user privacy while also providing mechanisms for holding bad actors accountable. In particular, I will cover new protocols for anonymous blocklisting, one-time-use credentials, and transparent key infrastructure.