Meta如何实现大规模的身份识别认证
Data minimization — collecting the minimum amount of data required to support our services — is one of our core principles at Meta as we continue developing new privacy-enhancing technologies (PETs). We are constantly seeking ways to improve privacy and protect user data on our family of products. Previously, we’ve approached data minimization by exploring methods of de-identifying or aggregating data by post-processing it. However, this is a reactive approach to data minimization that can become very resource-intensive at Meta’s scale.
数据最小化--收集支持我们服务所需的最小数量的数据--是我们Meta公司的核心原则之一,因为我们继续开发新的隐私增强技术(PETs)。我们一直在寻求改善隐私和保护我们产品系列的用户数据的方法。以前,我们通过探索后处理数据的方法来实现数据的最小化,即去掉身份识别或聚集数据。然而,这是一种被动的数据最小化方法,在Meta公司的规模下会变得非常耗费资源。
As we searched for a more scalable solution, we discovered we can leverage de-identified authentication to act proactively rather than reactively. In doing so, we can de-identify information at its source.
当我们寻找一个更可扩展的解决方案时,我们发现我们可以利用去识别的认证来主动采取行动,而不是被动的。这样做,我们可以从源头上去除信息的身份。
In any client-server interaction, authentication helps protect against scraping, spamming, or DDOS attacks of our endpoints. For the authentication mechanism, utilizing user ID is a broadly adopted practice across the industry to authenticate clients before serving or receiving traffic.
在任何客户端与服务器的互动中,认证有助于保护我们的端点免受刮擦、垃圾邮件或DDOS攻击。对于认证机制,利用用户ID是整个行业广泛采用的做法,在服务或接收流量之前对客户进行认证。
But we want to raise the privacy bar higher by de-identifying users while still maintaining a form of authentication to protect users and our services. So, we leveraged the anonymous credential, collaboratively designed over the years between industry and academia, to create a core service called Anonymous Credential Service (ACS). ACS is a highly available, multitenant service that allows clients to authenticate in a de-identified manner. It enhances privacy and security while also being compute-conscious. ACS is one the newest additions to our PETs portfolio and is currently in use across several high-volume use cases at Meta.
但是,我们希望通过取消用户身份识别来提高隐私标准,同时仍然保持一种认证形式来保护...