Cloudflare and Major Browsers Develop Private Access Control Tokens to Separate Legitimate Traffic From Bots | Free Download

Cloudflare has announced a partnership with Google Chrome, Microsoft Edge, and Mozilla Firefox to develop Private Access Control Tokens (PACTs), a new protocol aimed at separating genuine web traffic from unwanted network requests.

The system is designed to allow websites to generate digital tokens that confirm that a browsing session is being conducted by a human or an authorized bot with legitimate intent.

Technical details are still being finalized and aligned into the respective proposals. Cloudflare sees PACT as a way to reduce friction for real users and authorized bots while maintaining privacy.

How do PACTs work and why are they being developed now

PACT enables websites to issue anonymity tokens with a deep understanding of personality. These tokens can then be presented to other sites by browser users and designated bots, reducing the need for repeated identity verification.

They serve as a shareable, privacy-preserving CAPTCHA result. Instead of checking on each site whether a visitor is a human or a bot, the system tests once and generates a token that other sites can accept.

The specific criteria for what qualifies as “strong knowledge of personality” have not been fully explained. Personas appear to involve software authorized to act on behalf of a legitimate person, such as an AI agent performing tasks such as booking tickets or making purchases.

Previous technical discussions by developers at Google and Mozilla suggest that the system is not intended to exclude particular hardware, platforms, or user agents.

The web is seeing an increase in automated traffic, much of it driven by AI agents. Some of these agents serve legitimate purposes for users, such as the recent integration of Visa and ChatGPT for autonomous retail shopping.

However, automated traffic also comes from abusive crawlers and malicious bots that scrape content or attempt fraud.

Dan Knecht, CTO of Cloudflare, explained: “As AI-powered traffic becomes more common, the tools we have to support its use are very basic and comprehensive.

“This collaboration allows us to minimize the hassles caused by security measures for all visitors, whether human or automated, without compromising privacy.”

Bobby Holley, CTO of Firefox at Mozilla, highlighted user experience: “Due to the increase in automated traffic, sites are adopting blunter defenses like paywalls, identity checks, CAPTCHAs, and invasive tracking methods to separate human visitors from bots.”

Privacy concerns, what users should know and what’s next

While Cloudflare emphasizes the privacy aspects of PACTs, the system does not cover all browser tracking and fingerprinting methods. The PACT token itself does not contain personal information.

However, the existing infrastructure for tracking users through fingerprinting, IP addresses, and other browser signals remains in place.

The system also raises questions on the open web. PACT effectively creates a tiered system of trusted and untrusted traffic. Websites that implement PACT may treat traffic lacking a valid token as suspicious, potentially blocking access.

Smaller bot operators, independent developers, and users on less common browsers or platforms may find this difficult if their software cannot easily obtain the token.

The Cloudflare announcement said the protocol is designed to help businesses identify genuine visitors, introducing it as an anti-fraud measure.

This framing makes it clear that PACT is intended to differentiate between legitimate and unwanted traffic, rather than allowing humans to differentiate from automated bots.

For most end users, the introduction of PACTs is likely to go unnoticed. Users browsing with Chrome, Edge or Firefox will automatically receive tokens when their browser session is deemed valid. This should result in fewer CAPTCHA prompts and fewer identification requests across the web.

For those who use less common browsers, privacy-focused alternatives like Tor, or employ specific bot frameworks for legitimate reasons, the system may create additional barriers if their setup is not eligible for token issuance.

Mozilla said its involvement reflects its commitment to maintaining online openness and protecting user privacy. The choices Mozilla and other browser developers make regarding implementation will impact how widely accessible the token system becomes.

The technical specifications for PACTs are currently being developed through a collaboration between Cloudflare and the three main browser manufacturers.

There is no announced timeline for when PACT will be available in production browsers. Those interested in tracking developments should keep an eye on the relevant standards processes at the IETF and W3C, where similar privacy-focused identity proposals have been discussed in the past.

The specific location for PACT standardization has not yet been confirmed.

Thanks for being a Ghax reader. The post Cloudflare and major browsers develop private access control tokens to separate legitimate traffic from bots appeared first on gHacks.

Source:Ghacks

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top