⚠ Every system you use today tracks you. This one doesn't.
The Carpocratian Church presents


The Carpocratian Church of
Commonality & Equality


Presents

πŸ•ŠοΈ Freebird

Authorization without identity. Privacy without compromise.

Every digital interaction today demands you prove who you are before proving what you can do. We've accepted total surveillance as the price of functional systems. This is a false choice.

The Problem

The internet has a surveillance problem baked into its infrastructure. Not because of malicious actors, but because useful systems require identity by default.

Even privacy-respecting services must collect your data to function. The architecture demands it.

Traditional System:

User ──────────────────────────▢ Server
      "I am alice@example.com"
      "Give me access"
                                    β”‚
Server logs:                        β–Ό
βœ— Who you are                    Access
βœ— When you accessed              Granted
βœ— What you accessed              (maybe)
βœ— Your usage patterns
βœ— Your IP address
βœ— Everything, forever

Freebird's Answer

Freebird supports two token modes that achieve the same unlinkability guarantee via different cryptographic paths: VOPRF (Verifiable Oblivious Pseudorandom Function over P-256, with DLEQ proofs) for issuer-blinded tokens, and Blind RSA (RFC 9474) for public bearer passes. Both separate "can you?" from "who are you?" for the first time in a practical, deployable way.

Think of it as anonymous digital cash for authorization. Users receive unforgeable, unlinkable tokens that prove permission while revealing nothing about identity.

Freebird:

        β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
        β”‚                                                         β”‚
        β”‚   User              Issuer              Verifier        β”‚
        β”‚     β”‚                 β”‚                    β”‚            β”‚
        β”‚     │──[blind data]──▢│                    β”‚            β”‚
        β”‚     β”‚                 β”‚ signs without      β”‚            β”‚
        β”‚     β”‚                 β”‚ seeing content     β”‚            β”‚
        β”‚     │◀─[signed blob]──│                    β”‚            β”‚
        β”‚     β”‚                 β”‚                    β”‚            β”‚
        β”‚     β”‚ unblinds to     β”‚                    β”‚            β”‚
        β”‚     β”‚ get token       β”‚                    β”‚            β”‚
        β”‚     β”‚                 β”‚                    β”‚            β”‚
        β”‚     │──────────[anonymous token]──────────▢│            β”‚
        β”‚     β”‚                                      β”‚            β”‚
        β”‚     β”‚                              βœ“ Valid signature    β”‚
        β”‚     β”‚                              βœ— No identity        β”‚
        β”‚     β”‚                              βœ— No tracking        β”‚
        β”‚                                                         β”‚
        β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Issuer sees: Someone requested a token. (Nothing else.)
Verifier sees: Valid token from trusted issuer. (Nothing else.)
Correlation: Mathematically impossible.

Cryptographic Guarantees

Not privacy theater. Not "we promise not to look." Mathematical impossibility of surveillance.

❌ Traditional "Privacy"

"We won't share your data"

"Trust our policy"

"We anonymize logs"

Until subpoena, hack, acquisition, policy change...

βœ“ Freebird

No data to share

No policy to trust

No logs to anonymize

Can't surveil what doesn't exist

Property Guarantee Mechanism
Unlinkability Issuer can't link issuance to usage Random blinding factors
Anonymity Verifier can't identify token holder No identity in tokens
Unforgeability Can't create tokens without issuer key P-256 ECDLP hardness (V4) / RSA-FDH (V5)
Replay Protection Each token works exactly once Nullifier-based detection
Verifiability Clients verify correct computation DLEQ zero-knowledge proofs

Real-World Applications

Freebird solves concrete problems for municipalities, healthcare systems, educators, and communities.

πŸ›οΈ Municipal Feedback Residents report concerns without fear of retaliation from officials they're criticizing.
πŸ₯ STI Testing Clinics verify patient eligibility without creating records that could be subpoenaed.
πŸ—³οΈ Anonymous Voting One person, one voteβ€”mathematically enforcedβ€”without a voter database.
πŸ“š Library Access Manage computer time limits without logging which books patrons read.
🍽️ Food Banks Verify eligibility and prevent abuse without creating surveillance infrastructure.
πŸ“± Public WiFi Rate-limit bandwidth fairly without tracking browsing history.
🏫 School Lunch Free lunch recipients scan the same card as paying students. No stigma.
🚨 Crisis Hotlines Verify callers are local residents without creating records that could deter help-seeking.

Sybil Resistance

Freebird includes multiple mechanisms to prevent abuse without surveillance:

Invitation System (Trust Graphs)

Users invite others. Abuse traces back through the invitation chain. Bad actors get cut offβ€”along with everyone they invited. Social accountability without identity.

Proof of Work

Computational cost per token. Prevents bot farms without collecting data.

WebAuthn / Hardware Keys

"Proof of humanity" via hardware authenticators. No biometrics stored, no accounts created.

Rate Limiting

IP-based throttling for basic protection. Stackable with other mechanisms.

Social Graph Attestation

A separate Social Graph Attester service evaluates signed trust edges (Clout-style) and issues short-lived attestations proving a user stands within a trusted social graph, without revealing which node they are. The issuer verifies the attester's Ed25519 signature, policy, expiry, and eligibility level β€” never the underlying graph.

Progressive Trust

Trust accumulates with account age and usage history. New accounts get limited quotas; established accounts get more. No identity stored β€” just a counter.

Proof of Diversity

Experimental mechanism that scores requests on behavioral diversity signals to detect coordinated bot campaigns without fingerprinting individuals.

Multi-Party Vouching

N-of-M endorsement: a token is issued only when a quorum of existing trusted members vouch for the requester. No single party can approve or block.

Composable Combiners

Stack mechanisms with OR (any must pass), AND (all must pass), or Threshold (at least N of M). OR is only as strong as the easiest mechanism; AND is strictest. One proof satisfies exactly one mechanism β€” duplicate proofs can't be replayed across gates.

Technical Architecture

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚                         Freebird System                             β”‚
β”‚                                                                     β”‚
β”‚   β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”‚
β”‚   β”‚    Issuer    β”‚  β”‚   Verifier   β”‚  β”‚   Redis     β”‚  β”‚ Attesterβ”‚  β”‚
β”‚   β”‚   (Rust)     β”‚  β”‚   (Rust)     β”‚  β”‚  (State)    β”‚  β”‚ (Rust)  β”‚  β”‚
β”‚   β”‚              β”‚  β”‚              β”‚  β”‚            β”‚  β”‚ optionalβ”‚  β”‚
β”‚   β”‚ - VOPRF eval β”‚  β”‚ - Token auth β”‚  β”‚ - Nulls    β”‚  β”‚ - Trust β”‚  β”‚
β”‚   β”‚ - Blind RSA  β”‚  β”‚ - Multi-     β”‚  β”‚ - Invites  β”‚  β”‚   graph β”‚  β”‚
β”‚   β”‚ - Sybil gatesβ”‚  β”‚   issuer     β”‚  β”‚ - WebAuthn β”‚  β”‚ - Scoringβ”‚ β”‚
β”‚   β”‚ - Key mgmt   β”‚  β”‚   federation β”‚  β”‚            β”‚  β”‚ - JWKS  β”‚  β”‚
β”‚   β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β”‚
β”‚          β”‚                  β”‚                 β”‚              β”‚      β”‚
β”‚          β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜              β”‚      β”‚
β”‚                             β”‚                                 β”‚      β”‚
β”‚                    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”                        β”‚      β”‚
β”‚                    β”‚   TypeScript    β”‚β—€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜      β”‚
β”‚                    β”‚      SDK        β”‚                               β”‚
β”‚                    β”‚                 β”‚                               β”‚
β”‚                    β”‚ Browser/Node.js β”‚                               β”‚
β”‚                    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜                               β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
Component Language Purpose
Core Crypto Rust VOPRF, blind RSA, DLEQ proofs, P-256 operations
Issuer Service Rust Token issuance (VOPRF + blind RSA), key rotation, Sybil gates
Verifier Service Rust Token validation, multi-issuer federation
Social Graph Attester Rust Trust-graph scoring, JWKS publication, social Sybil attestations
Client SDK TypeScript Browser/Node.js integration
Admin CLI Rust Key management, invitation admin

Implementation Status

Feature Status
P-256 VOPRF with DLEQ proofs βœ“ Complete
Batch issuance (rayon parallelization) βœ“ Complete
Zero-downtime key rotation βœ“ Complete
Multi-issuer federation βœ“ Complete
Invitation system with ban trees βœ“ Complete
WebAuthn/FIDO2 integration βœ“ Complete
TypeScript SDK βœ“ Complete
Admin dashboard UI βœ“ Complete
Prometheus metrics βœ“ Complete
HSM/PKCS#11 support βœ“ Complete
Social Graph Attester service βœ“ Complete
Blind RSA / V5 public bearer passes βœ“ Complete
Audit logging βœ“ Complete
Documentation In Progress
Reference integrations In Progress
Browser playground Planned

Why Open Infrastructure Matters

Privacy technology that requires trusting a company is privacy theater. Freebird is infrastructure, not a service.

Funding Goals

Freebird's core technology works. Funding accelerates adoption and hardening.

Documentation & Tutorials

Lower the barrier for municipalities and community organizations. Step-by-step deployment guides. Integration cookbooks for common scenarios.

Reference Implementations

Working examples beyond the current demo: anonymous feedback system, token-gated forum, municipal service portal. Proof that this works in production.

Browser Playground

Try Freebird without installing anything. Interactive demo that shows the cryptography working in real-time.

Security Audit

Third-party cryptographic audit. We believe the implementation is correctβ€”let's prove it.

Community Building

Outreach to municipalities, libraries, healthcare organizations who could benefit. Help them understand that privacy-preserving systems are possible.

Try It

git clone https://git.carpocratian.org/sibyl/freebird
cd freebird
./launch.sh up

The launch.sh helper handles .env setup and ADMIN_API_KEY generation for you. Issuer on localhost:8081, verifier on localhost:8082.

# Get a token
curl -X POST http://localhost:8081/v1/oprf/issue \
  -H "Content-Type: application/json" \
  -d '{"blinded_element": "..."}'

# Verify it
curl -X POST http://localhost:8082/v1/verify \
  -H "Content-Type: application/json" \
  -d '{"token": "..."}'

Full documentation at git.carpocratian.org/sibyl/freebird/docs.

Standards & Prior Art

Freebird implements established cryptographic standards: