Mozilla Proposes Pact System to Replace Captchas With Anonymous Credentials
PACT proposes a fundamental shift in web authentication by decoupling human verification from identity and device fingerprinting, potentially ending the arms race between CAPTCHAs and generative AI.
Reporting from 1 sources: GIGAZINE.
Mozilla has revealed the design of Private Access Control Tokens (PACT), an anonymous authentication system that lets websites verify human users without collecting personal data. PACT replaces CAPTCHAs and device attestation with rate-limiting credentials issued by trusted third parties like VPN providers or subscription services, aiming to reduce friction for legitimate visitors while blocking bots.
On June 23, Mozilla published the design for Private Access Control Tokens (PACT), a system that lets websites verify a visitor is human without tracking who they are or what device they use. The proposal targets two problems: CAPTCHAs have become unreliable against generative AI, and privacy measures like blocking third-party cookies make legitimate users look suspicious. PACT replaces both with rate-limiting credentials. A user gets an endorsement from a service they already use, such as a VPN subscription or a long-standing email account. When visiting another site, the browser presents an anonymous credential to a moderator, which checks validity and whether the user has exceeded an access limit. The moderator never learns which service issued the endorsement. Mozilla argues this avoids the risks of device attestation, where a few large companies control which environments are trusted.
Synthesized by Yomimono from the 1 cited source below, including Japanese-language reporting where cited, then editorially reviewed before publishing.
Sources
- GIGAZINE CAPTCHAだらけのウェブを変える人間証明システム「PACT」とは?