Cloudflare is working with the makers of Chrome, Edge, and Firefox on a new way for websites to tell whether incoming traffic is legitimate – without resorting to the usual mix of CAPTCHAs, logins, and extra tracking.
The system is called Private Access Control Tokens, or PACT, and it arrives at a time when bots have surpassed human traffic online.
I don’t see any details here that make me understand how sites couldn’t just save the PACT and collude to build profiles.
I assume it would be something like a key that gets used to generate disposable signatures, not transmitted directly. But I’ve also been unable to find actual technical details, the article mentions a “GitHub proposal” without linking to it but i couldn’t find anything in their repos. Their blog has nothing either
Yeah I’m assuming the goal is some kind of cryptographic process that meets the stated goals. Publishing this news before actually having anything is obviously going to lead to nothing but skepticism though.
Yes. I would be quite surprised if that detail were present, since these folks seem to just want another way to track people and sell a higher quality profile.