From 1b0dab92e6be475914302b17a1f40e4fa82866c6 Mon Sep 17 00:00:00 2001
From: fria <138676274+friadev@users.noreply.github.com>
Date: Fri, 28 Mar 2025 16:25:38 -0500
Subject: [PATCH] add more private state token info

---
 blog/posts/privacy-pass.md | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/blog/posts/privacy-pass.md b/blog/posts/privacy-pass.md
index 10313efb3..d1b41b8f7 100644
--- a/blog/posts/privacy-pass.md
+++ b/blog/posts/privacy-pass.md
@@ -110,12 +110,27 @@ The landscape is very confusing right now so I'll try to illucidate what I've fo
 
 It started out and is still an extension that can be installed on the [Chrome](https://chromewebstore.google.com/detail/silk-privacy-pass-client/ajhmfdgkijocedmfjonnpjfojldioehi) or [Firefox](https://addons.mozilla.org/en-US/firefox/addon/privacy-pass/) extension store, but it's since expanded to become an [IETF standard](https://datatracker.ietf.org/wg/privacypass/about/). Be warned that many reviews state the extension doesn't work anymore, if you were curious to try it out.
 
-Privacy Pass utilizes [Ellyptical Curve Cryptography](https://pkic.org/2014/06/10/benefits-of-elliptic-curve-cryptography/), allowing for much more security than the RSA cryptography Chaum proposes in his original paper.
-
 Unfortunately, the tokens issued using the Privacy Pass protocol need to be stored somewhere, so for the moment, a browser extension or some other storage mechanism is needed.
 
 ### Private State Tokens
 
 [Private State Tokens](https://developers.google.com/privacy-sandbox/protections/private-state-tokens) are a [proposed browser API](https://github.com/WICG/trust-token-api) by Google as part of their [Privacy Sandbox](https://developers.google.com/privacy-sandbox). They're based on the Privacy Pass protocol.
 
-The main benefit of PSTs is that they provide a secure place for websites to store their tokens so that you don't need a separate extension for every service, as well as providing all the needed APIs to securely store and access tokens without 
\ No newline at end of file
+The main benefit of PSTs is that they provide a secure place for websites to store their tokens so that you don't need a separate extension for every service.
+
+The main actors at play with Private State Tokens are Issuers and Redeemers.
+
+#### Issuers
+
+Redeeemer websites must choose an Issuer to trust. They can even be the same company.
+
+An issuer website will receive some signal about a user, be that a successful completion of a CAPTCHA challenge, account activity, or something else. They will then issue a token that's stored on the user's device.
+
+#### Redeemers
+
+A redeemer that needs to know something about a user, for example whether they're a bot or not, can request a token from an issuer they trust.
+
+A device can store up to 500 tokens per top-level website and issuer, with metadata about the key that the issuer used to issue it.
+
+### Private Access Tokens
+