that asserts a given browsing session is being run by a human or bot with legitimate intent
How? If an agent browses the web through that session, then how can you reasonably “assert” that?
websites “with strong knowledge of ‘personhood’” issue anonymous tokens that browser users and designated bots can present at other websites
What does that mean? Some creepy website that forces one to verify their “personhood” (by scanning one’s face for instance), that issues “trust me bro, it’s anonymous” tokens to a specific browser. And then the user is expected to present these unique identifiers at other websites, like there’s no possibility these can be passed back onto the issuer, and therefore re-identify the session-user?
the way people interact with the web is changing and increasingly may involve autonomous agents.
Yeah, and who is pushing for this change? Right, Google among other AI companies. You just got to love companies creating “solutions” for problems they themselves are, at least in part, responsible for.
Mozilla is committed to defending openness and user privacy on the web
Ah, thankfully we can trust Mozilla to protect the privacy-community’s interests… I mean, they certainly haven’t made controversial decisions is recent times.
Apparently a legitimate server gets to issue tokens to you that verify you’re a real person and not just a spambot approximating one. How this works in practice is apparently cryptographic magic (which I won’t question here, but IIRC can be easier to pinpoint your identity on its own if a smaller group of people receive these tokens). But the magic isn’t as big of an issue as the people issuing those assurances, and how centralized they are. Which is a bit frightening in its own right.
One thing’s for sure: Google, in concert with two browser manufacturers dependent on Google for their existence, cannot convince me they have created something cryptographically secure on their own. (And the article makes it clear that this won’t replace identity tracing for any website or ad network that’s realized that “unethical” and “profitable” are nearly synonymous).
I asked Sonnet why should or shouldn’t trust a PACT, For what that is worth:
Reasons to Trust It
- The privacy is in the math, not in promises.
Unlike a privacy policy, which is a legal document you have to sue someone to enforce, cryptographic unlinkability is enforced by mathematics. If the blind signature scheme is correct, physically connecting your identity to your token redemption is computationally infeasible - not just forbidden by terms of service.
- Separation of knowledge is structural.
The design deliberately splits what each party knows so that no single organization - not even Cloudflare - can see the full picture. This is called the “need to know” principle enforced by protocol design rather than policy.
- It is open and being standardized.
This is going through the W3C and IETF - public standards bodies where cryptographers around the world can review, attack, and critique the design. Contrast this with Google’s Web Environment Integrity proposal, which was designed unilaterally and killed by public backlash.
- MPC prevents any single party from aggregating data.
When sites want to measure “how good are our Anchors?” they use Multiparty Computation (MPC) - a technique where multiple parties each hold a piece of encrypted data, compute a result together, and none of them ever sees anyone else’s raw data.
Reasons to Be Cautious
- Collusion is still theoretically possible.
The system’s privacy guarantees break down if the organizations involved secretly cooperate. The architecture tries to make this structurally unlikely (different companies with competing interests), but it cannot make it mathematically impossible.
- The Anchor becomes a new gatekeeper.
If most Anchors are big tech companies, and you don’t have accounts with them, you may find yourself unable to pass PACT checks - effectively locked out of parts of the web. This is exactly the criticism leveled at the old Apple PAT system.
- It is still in design phase.
The technical details of PACTs are still being finalized. 3 The devil is always in the implementation details.
It does seem worth looking into the setup of this, as I admit too a healthy amount of skepticism, but a bunch of people gave it some thought and some of the choices don’t look like money grubbing corporate ones.
It’s not, if we wanted AI’s opinion we could ask ourselves. Please delete
They’ve been working on this since last year and still haven’t figured out the question of “who will we trust tokens from”. You’d think that such a question would have been the focus from the very beginning! Lot of “I hope”, “I’d love to”, and “wondering if we might be able to” and other such non-committal language regarding the kind of power that is given to token issuers.
PACTs will let websites “with strong knowledge of ‘personhood’” issue anonymous tokens that browser users and designated bots can present at other websites, […]
This sounds like another attempt at what google already tried with “web environment integrity”.
If I got it straight, users can ask certain websites to vouch for their “personhood” and get a token that proves it. What exactly prevents a human from creating a token and hand it to a bot or crawler? How is it helping websites operators to differenciate legitimate traffic from the rest?
A human can, but as soon as that is discovered that human is rejected. They have to slowly develop a whole new persona, likely taking years - before they are trusted again.
At least for now when Kids regularly grow up enough to join the internet and so we have to have ways to let new people in. If tokens ever trade to a real verified human it may not be possible to get another. (though I doubt this - governments in some places will issue tokens to bots and real humans and so there is no way to tell without cutting off someone real.)
Here we go again. Obviously they will implement this in the most correct way possible…what could go wrong? /s
This reminds me of when Telegram announced they had reinvented the concept of end-to-end encryption. Something stinks, and I can’t put my finger on it because I’m not a cryptography expert.
But I’m not going to be thrilled until somebody I trust is able to validate it one way or the other first.
Limiting traffic already exists, and it’s called proof of work. Try it out.
Tor implemented it in August of 2023 and was an extremely successful integration.
