Sync

src/content/docs/index.md

@@ -23,8 +23,8 @@ hero:
 A quick Google search will reveal services that allow anyone to launch such attacks anonymously.
 Small-scale attacks start from $5, and free trials are often available.
 Unsurprisingly,
-[DDoS attacks are on the rise](https://www.cybersecuritydive.com/news/ddos-attacks-surge-cloudflare/704011/).
-This may intensify as Internet connectivity improves worldwide,
+[DDoS attacks are on the rise](https://www.cybersecuritydive.com/news/ddos-attacks-surge-cloudflare/704011/),
+which may intensify as Internet connectivity improves worldwide,
 and more vulnerable IoT devices come online.
 
 These attacks not only infringe on our freedom but also have a significant financial impact.
@@ -36,11 +36,11 @@ as only well-resourced companies can afford to operate and protect
 the [public goods](./systems/public-goods.md) on which we all depend.
 
 Fortunately,
-**although app developers and operators can't _avoid_ DDoS attacks,
-they can _greatly minimise_ their impact**.
-[Proxies](./mitigations/reverse-proxies.md) from the likes of Akamai and Cloudflare are a good starting point,
-but they must be complemented with other [mitigation techniques](./mitigations)
-depending on the [type of system](./systems).
+**although developers and operators can't _avoid_ DDoS attacks,
+they can _greatly minimise_ the impact of such attacks**.
+[Reverse proxies](./mitigations/reverse-proxies.md) (aka _CDNs_) are a great starting point,
+but they must be complemented with other [mitigations](./mitigations/index.md)
+depending on the [system type](./systems/index.md).
 
 ## Help wanted
 

src/content/docs/mitigations/authentication.md

@@ -29,16 +29,18 @@ Upon successful authentication,
 the incoming message (e.g. HTTP request) is associated with the user's email address or username.
 Abusive users could be blocked by their identifiers.
 
-### Pseudonymous authentication
+### Cryptographic pseudonymous authentication
 
-**Pseudonymous authentication allows a user to maintain a consistent digital identity across sessions,
-using a pseudonym independent of their real-world identity**.
+Privacy-preserving,
+decentralised systems can assign cryptographically generated pseudonyms to users,
+allowing them to maintain a consistent digital identity across sessions.
+This strikes a balance between privacy and accountability.
 
-This is typically implemented with long-term signing key pairs.
+This is typically implemented with long-term key pairs.
 The user signs messages with their private key,
 and the server/peer verifies the signature with the corresponding public key.
 [Awala](https://awala.network/tech-overview#authentication-and-access-control) and [Ethereum](https://info.etherscan.com/what-is-an-ethereum-address/) are examples of systems
-that use pseudonymous authentication.
+that use this type of authentication.
 
 The user's identifier, or pseudonym, is derived from the public key (e.g. its SHA-256 digest).
 Abusive users could be blocked by their pseudonyms.
@@ -68,4 +70,6 @@ or a dedicated registry to alert other services.
 
 ## See also
 
-- [Rate limiting](./rate-limiting.md).
+- [Abuse reporting](./abuse-reporting.md).
+- [Client-based rate limiting](./rate-limiting.md).
+- [Client reputation scoring](./client-reputation.md), which could use authentication data amongst its signals.

src/content/docs/systems/public-goods.md

@@ -32,7 +32,7 @@ Unfortunately, these mitigations alone may not be enough to protect against well
 
 ## Protocol-level mitigations
 
-- [Pseudonymous authentication](../mitigations/authentication.md#pseudonymous-authentication).
+- [Cryptographic pseudonymous authentication](../mitigations/authentication.md#cryptographic-pseudonymous-authentication).
 - [Cryptographic challenges](../mitigations/crypto-challenges.md).
 - [Client-based rate limiting](../mitigations/rate-limiting.md).
 - [App attestation](../mitigations/app-attestation.md).