A common abuse scenario is one in which a malicious user repeatedly performs actions that are intended by a developer, vendor, or service provider to be limited. For example, a user may repeatedly take undue advantage of one-time free trials, coupons, or account creation flows. This disclosure describes techniques to verifiably attach data to a particular device in a privacy-preserving manner such that the data can survive a factory reset or compromise of the device. Data is bound to the device in a privacy-preserving manner such that the data cannot be used as a mechanism for identifying a particular device. Developers can bind an abuse bit to a device such that even when the device is used with a fresh user account, it can be determined that abuse has been attempted from the device previously. Counters in device-bound data enable setting thresholds to detect abuse of services or products.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.