From 849038880d4b84cc87000b23eb514b9374f5af63 Mon Sep 17 00:00:00 2001
From: fria <138676274+friadev@users.noreply.github.com>
Date: Sun, 30 Mar 2025 19:12:17 -0500
Subject: [PATCH] add clarification on private access tokens vs privacy pass

---
 blog/posts/privacy-pass.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blog/posts/privacy-pass.md b/blog/posts/privacy-pass.md
index 1441f638..c81b7ee4 100644
--- a/blog/posts/privacy-pass.md
+++ b/blog/posts/privacy-pass.md
@@ -156,7 +156,7 @@ A browser-level API, I imagine, would significantly reduce the development burde
 
 [Private Access Tokens](https://blog.cloudflare.com/eliminating-captchas-on-iphones-and-macs-using-new-standard/) are based on Privacy Pass as well, but they don't seem to be specifically bound to the browser.
 
-It's unclear to me what really makes Private Access Tokens different than Privacy Pass itself, other than Private Access Tokens seem to require separation of the Attester and Issuer while Privacy Pass doesn't, which adds extra privacy.
+It's unclear to me what really makes Private Access Tokens different than Privacy Pass itself, other than Private Access Tokens seem to call for separation of the Attester and Issuer while Privacy Pass allows the origin, attester, and issuer to be the same. Delegating each role to a different party adds extra privacy.
 
 The origin website only knows your URL and IP from the initial connection.