Cloudflare is working with the makers of Chrome, Edge, and Firefox on a new way for websites to tell whether incoming traffic is legitimate – without resorting to the usual mix of CAPTCHAs, logins, and extra tracking.
The system is called Private Access Control Tokens, or PACT, and it arrives at a time when bots have surpassed human traffic online.
These issuers will 100% sell these identifiers to be matched up with other databases.
Why do you assume it’s one static unchanging token? That’s not how cryptography works, you can issue virtually unlimited signatures or challenges/responses without the other party knowing your private key
It really depends on the implementation tho. Since Firefox is foss i hope this wont be a proprietary blob so we can actually hold them accountable
There’s what companies admit to publicly, and then there’s what they’re working on behind closed doors.
Most EULA have vague lines like “We will use your data to improve our services” which translates to something like: Your data is used in the services we sell.
Perhaps there would be a legal argument against shit like this, but how do you prove it in court? Even if you get discovery the odds of them offering up database tables they’ve hidden away that key up users to the data is never gonna happen. You’d have to report it as an insider.
Maybe we should be offering up $10m+ whistleblower bounties for stuff like this, because short of giving someone a golden parachute they’re sure as shit not going to lose their careers over it.