Blockchain-based, so pure bitcoin-style blockchain implementation isn't necessary. It probably wouldn't be that big of an obstacle adding a trimming mechanism by, for example, maintaining a group of sub-chains.
To limit the granularity of data being stored, it would only be used at authentication endpoints, to create a private session. Once you've identified yourself as reputable with a OTP that doesn't reveal anything about your actual internal ID, you can transfer secrets and further authentication is not necessary.
The system would employ paranoid homomorphic encryption [0] and a fuzzy API. Hardly a worthwhile vector for analysis compared to the standard MitM attacks applied today by state agencies and ISPs.
I think the problem runs deeper than you're considering. The entire purpose of this service, as you're describing it, is to allow web sites to access information on what other sites their users have visited (and, presumably, to read "reputation" annotations made by those sites), and to use that to make access control decisions. The privacy violations involved are inherent to that purpose; you can't wipe them away by throwing "but with encryption" at the problem.
Privacy and security are two separate domains. But even then, how does this violate anyone's privacy in any way that existing authentication protocols do not?
To limit the granularity of data being stored, it would only be used at authentication endpoints, to create a private session. Once you've identified yourself as reputable with a OTP that doesn't reveal anything about your actual internal ID, you can transfer secrets and further authentication is not necessary.
The system would employ paranoid homomorphic encryption [0] and a fuzzy API. Hardly a worthwhile vector for analysis compared to the standard MitM attacks applied today by state agencies and ISPs.
[0] https://en.wikipedia.org/wiki/Homomorphic_encryption