Comment by johnmaguire
17 days ago
I wasn't responding directly to Matrix's use of MAS. More generally I aimed to make the parent poster aware of a new technology that allows for private authentication, which they claimed was impossible.
Privacy Pass is currently being standardized by the IETF, so we may see more widespread adoption eventually: https://privacypass.github.io/
Just to make the claim clearer: it can't matter what the authentication mechanism is.
If a Privacy Pass token is needed for access to your email, then redeeming the token tells the service you (the client) can access your email. That's identified you.
This is why I said it depends [on whether the service needs to identify you.] In some cases, identification is not necessary for authorization.