this post was submitted on 23 Jun 2026
170 points (98.9% liked)

Technology

85683 readers
4669 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
170
Cloudflare teams up with Chrome, Edge, and Firefox to tackle bot traffic without CAPTCHAs (www.techspot.com)
submitted 1 day ago* (last edited 1 day ago) by FTonsilStones@lemmy.ca to c/technology@lemmy.world
33 comments fedilink hide all child comments
 

Cloudflare is working with the makers of Chrome, Edge, and Firefox on a new way for websites to tell whether incoming traffic is legitimate – without resorting to the usual mix of CAPTCHAs, logins, and extra tracking.

The system is called Private Access Control Tokens, or PACT, and it arrives at a time when bots have surpassed human traffic online.

you are viewing a single comment's thread
view the rest of the comments
[–] treadful@lemmy.zip 95 points 1 day ago (3 children)

The basic idea is that sites with strong knowledge of "personhood" can issue anonymous tokens. A user's browser can then present those tokens elsewhere as proof that a human is involved, or that an automated agent is acting on behalf of one, without revealing the person's identity or browsing history.

These issuers will 100% sell these identifiers to be matched up with other databases.

[–] floquant@lemmy.dbzer0.com 1 points 14 hours ago* (last edited 14 hours ago) (1 children)

Why do you assume it's one static unchanging token? That's not how cryptography works, you can issue virtually unlimited signatures or challenges/responses without the other party knowing your private key

[–] LodeMike@lemmy.today 0 points 10 hours ago (1 children)

It's cryptographically impossible to ensure that kind of security.

[–] floquant@lemmy.dbzer0.com 1 points 4 hours ago* (last edited 2 hours ago)

Are you saying asymmetric cryptography doesn't exist or is not secure? You may want to collect your research prize and/or bring down the global banking system

[–] timestatic@feddit.org 5 points 22 hours ago (1 children)

It really depends on the implementation tho. Since Firefox is foss i hope this wont be a proprietary blob so we can actually hold them accountable

[–] 01189998819991197253@infosec.pub 1 points 10 hours ago

It's cloudflare. Of course it'll be a proprietary blob.

[–] Prove_your_argument@piefed.social 16 points 1 day ago

There's what companies admit to publicly, and then there's what they're working on behind closed doors.

Most EULA have vague lines like "We will use your data to improve our services" which translates to something like: Your data is used in the services we sell.

Perhaps there would be a legal argument against shit like this, but how do you prove it in court? Even if you get discovery the odds of them offering up database tables they've hidden away that key up users to the data is never gonna happen. You'd have to report it as an insider.

Maybe we should be offering up $10m+ whistleblower bounties for stuff like this, because short of giving someone a golden parachute they're sure as shit not going to lose their careers over it.