PACT: Anonymous Credentials for the Web
Mozilla proposes PACT (Private Access Control Tokens), a new web standard to replace CAPTCHAs and invasive bot-detection with privacy-preserving rate limiting. The system uses three roles: Anchors (entities that vouch for users via scarce signals like subscriptions or phone numbers), Moderators (rate-limit enforcers), and Credentials (stateful cryptographic tokens). Built on Privacy Pass and Anonymous Credit Tokens, PACT uses issuer blinding and zero-knowledge proofs so sites only learn whether a user is within a rate limit — nothing more. Unlike Google's Web Environment Integrity or Apple's Private Access Tokens, PACT avoids tying web access to specific hardware vendors. Mozilla plans to bring draft specs to IETF and W3C, with Cloudflare and Chrome already involved.