that asserts a given browsing session is being run by a human or bot with legitimate intent
How? If an agent browses the web through that session, then how can you reasonably “assert” that?
websites “with strong knowledge of ‘personhood’” issue anonymous tokens that browser users and designated bots can present at other websites
What does that mean? Some creepy website that forces one to verify their “personhood” (by scanning one’s face for instance), that issues “trust me bro, it’s anonymous” tokens to a specific browser. And then the user is expected to present these unique identifiers at other websites, like there’s no possibility these can be passed back onto the issuer, and therefore re-identify the session-user?
the way people interact with the web is changing and increasingly may involve autonomous agents.
Yeah, and who is pushing for this change? Right, Google among other AI companies. You just got to love companies creating “solutions” for problems they themselves are, at least in part, responsible for.
Mozilla is committed to defending openness and user privacy on the web
Ah, thankfully we can trust Mozilla to protect the privacy-community’s interests… I mean, they certainly haven’t made controversial decisions is recent times.
Apparently a legitimate server gets to issue tokens to you that verify you’re a real person and not just a spambot approximating one. How this works in practice is apparently cryptographic magic (which I won’t question here, but IIRC can be easier to pinpoint your identity on its own if a smaller group of people receive these tokens). But the magic isn’t as big of an issue as the people issuing those assurances, and how centralized they are. Which is a bit frightening in its own right.
One thing’s for sure: Google, in concert with two browser manufacturers dependent on Google for their existence, cannot convince me they have created something cryptographically secure on their own. (And the article makes it clear that this won’t replace identity tracing for any website or ad network that’s realized that “unethical” and “profitable” are nearly synonymous).
How? If an agent browses the web through that session, then how can you reasonably “assert” that?
What does that mean? Some creepy website that forces one to verify their “personhood” (by scanning one’s face for instance), that issues “trust me bro, it’s anonymous” tokens to a specific browser. And then the user is expected to present these unique identifiers at other websites, like there’s no possibility these can be passed back onto the issuer, and therefore re-identify the session-user?
Yeah, and who is pushing for this change? Right, Google among other AI companies. You just got to love companies creating “solutions” for problems they themselves are, at least in part, responsible for.
Ah, thankfully we can trust Mozilla to protect the privacy-community’s interests… I mean, they certainly haven’t made controversial decisions is recent times.
Apparently a legitimate server gets to issue tokens to you that verify you’re a real person and not just a spambot approximating one. How this works in practice is apparently cryptographic magic (which I won’t question here, but IIRC can be easier to pinpoint your identity on its own if a smaller group of people receive these tokens). But the magic isn’t as big of an issue as the people issuing those assurances, and how centralized they are. Which is a bit frightening in its own right.
One thing’s for sure: Google, in concert with two browser manufacturers dependent on Google for their existence, cannot convince me they have created something cryptographically secure on their own. (And the article makes it clear that this won’t replace identity tracing for any website or ad network that’s realized that “unethical” and “profitable” are nearly synonymous).