The unlikable token in step 3 must be generated using rsabssa_blind from @chris-wood's RSA Blind Signature protocol. This function requires source_secret_token, so it must be generate in step 3.
The click source returns unlinkable_token_signature (I believe this was just a typo.)
In step 7, the rsabssa_finalize function is used to generate a valid (but unlinkable) signature for source_secret_token (generated in step 3.)
The current wording suggests that source_secret_token is generated such that it's valid for the click source signature. This shouldn't be possible without the private key held by the click source (it would be equivalent to breaking the signature security.) Additionally, returning the click source signature as is would provide a tracking vector.
In order to help facilitate the conversation in #41, I've copied the content from @johnwilander's comment. This commit is that comment exactly.
The only other commit provides the diff which I believe clarifies the algorithm.
Specifically:
rsabssa_blindfrom @chris-wood's RSA Blind Signature protocol. This function requiressource_secret_token, so it must be generate in step 3.unlinkable_token_signature(I believe this was just a typo.)rsabssa_finalizefunction is used to generate a valid (but unlinkable) signature forsource_secret_token(generated in step 3.)source_secret_tokenis generated such that it's valid for the click source signature. This shouldn't be possible without the private key held by the click source (it would be equivalent to breaking the signature security.) Additionally, returning the click source signature as is would provide a tracking vector.