Freebird uses VOPRF (Verifiable Oblivious Pseudorandom Function) to separate "can you do this?" from "who are you?" Users get unforgeable tokens that prove authorization while revealing nothing about identity. The issuer can't link issuance to usage. The verifier can't identify the token holder. Correlation is mathematically impossible.
Real-world use cases: - Marginalized community identity verification without keeping a list of said marginalized people. - Municipal feedback systems (residents report issues without fear of retaliation) - Anonymous voting (one person, one vote, enforced cryptographically) - Library computer time limits (without logging what people read) - STI clinic eligibility (without creating subpoenable records)
It's built in Rust, implements the IETF VOPRF draft, and is fully self-hostable. Try it:
git clone https://github.com/flammafex/freebird cd freebird docker compose up
Apache 2.0.
I'd love feedback on the implementation and where else this could be useful.