Cloudflare is working with the makers of Chrome, Edge, and Firefox on a new way for websites to tell whether incoming traffic is legitimate – without resorting to the usual mix of CAPTCHAs, logins, and extra tracking.
The system is called Private Access Control Tokens, or PACT, and it arrives at a time when bots have surpassed human traffic online.
The basic idea is that sites with strong knowledge of “personhood” can issue anonymous tokens. A user’s browser can then present those tokens elsewhere as proof that a human is involved, or that an automated agent is acting on behalf of one, without revealing the person’s identity or browsing history.
These issuers will 100% sell these identifiers to be matched up with other databases.
There’s what companies admit to publicly, and then there’s what they’re working on behind closed doors.
Most EULA have vague lines like “We will use your data to improve our services” which translates to something like: Your data is used in the services we sell.
Perhaps there would be a legal argument against shit like this, but how do you prove it in court? Even if you get discovery the odds of them offering up database tables they’ve hidden away that key up users to the data is never gonna happen. You’d have to report it as an insider.
Maybe we should be offering up $10m+ whistleblower bounties for stuff like this, because short of giving someone a golden parachute they’re sure as shit not going to lose their careers over it.
“DO WE LOOK LIKE BOTS?”
No, but you look like bicycles 😁
This sounds a bit like a passport-stamping scheme. But the passport doesn’t have your name and photo on it. Hopefully it only stores verifiable stamps, but not who stamped it.
I hope they use this to tackle age verification. I’d like to just have a token to prove my age without handing over an actual ID to questionable companies.
I don’t see any details here that make me understand how sites couldn’t just save the PACT and collude to build profiles.
Clearly, they haven’t heard of proof of work.
Ask tor, it helps tremendously.
Hidden services went from being absolutely horribly unreliable to being very reliable.
I had to solve two captchas last time I tried ordering groceries online.
I keep getting fraud alerts and having to sooth my bank account into permitting my groceries. You’d think after the 20th time on the same day with the same price they’d stop flagging my groceries.
