The announcement from Cloudflare on a Monday morning carried the flavor of a truce among giants that rarely paddle in the same direction. Together with Google Chrome, Microsoft Edge, and Mozilla Firefox, the edge computing provider intends to give life to Private Access Control Tokens, or PACTs: a cryptographic mechanism through which a website can issue an anonymous token asserting that a browsing session is conducted by a human or an authorized bot. The stated goal is to allow online service operators to separate desirable traffic from malicious requests without resorting to login walls or increasingly frustrating CAPTCHAs.

The token as a passport: how PACTs are supposed to work

The protocol envisions a site with «deep knowledge of 'personhood'» issuing a digital token to a browser or software agent. The visitor can then present that token to any other web property that adheres to the system, which can trust the attestation without repeating the verification each time. It is a kind of reusable, privacy-preserving CAPTCHA result, in theory. The technical details are still being ironed out and harmonized among the various proposals, but the objective is clear: reduce the friction caused by security checks for all visitors, human or agent, «without sacrificing privacy,» as Dane Knecht, Cloudflare’s CTO, emphasized.

Cloudflare’s statement insists on privacy because the tokens would not contain personal data. Yet the absence of personally identifiable information in a token does not fix the fingerprinting or tracking that browsers can still enable. Moreover, a flawed implementation could open up new abuse vectors, such as the potential to discriminate against certain categories of users or devices. The developers involved, including those from Google and Mozilla, have stated in past technical discussions that excluding specific platforms or user-agents is not the goal, but drawing a line between welcome and unwelcome traffic is inherently slippery.

Who decides who is a ‘person’? The ambiguities of personhood

A core unresolved point is what exactly «deep knowledge of 'personhood'» means. The announcement hints that the definition could extend to software legitimately authorized to act on behalf of a person, such as the autonomous agents increasingly common thanks to LLMs. This detail is not minor: in a scenario where AI-generated traffic becomes pervasive, the ability to distinguish a well-behaved crawler from a nuisance one becomes critical. Bobby Holley, CTO for Firefox at Mozilla, spoke of an «avalanche of automated traffic» pushing sites toward blunt defenses – paywalls, identity checks, CAPTCHAs, invasive tracking – just to tell whether a request comes from a human. PACTs could offer a more elegant path, but they raise the question: who gets to decide which behaviors merit a pass?

Traffic control and on-premise infrastructure: an open game

For those running self-hosted or on-premise services, this proposal touches a nerve. Companies that keep their servers inside their corporate perimeter already have to filter vast amounts of bot traffic, both to protect internal resources and to ensure service quality for real users. PACTs could become a useful tool to delegate part of that decision to trusted third parties, reducing the need for firewalls and manual rules. On the other hand, relying on an external attestation introduces a delegation vector that clashes with environments focused on data sovereignty and full stack control. If token issuance ends up concentrated among a few large players, on-premise operators might find themselves negotiating access to their own systems through an intermediary – a paradox for those who chose autonomy precisely to avoid external dependencies. At AI-RADAR, constant monitoring of protocols like this helps assess whether and how to integrate them without surrendering sovereignty.

Privacy bliss or a two-speed web?

Cloudflare’s dream of «eliminating the friction caused by security protocols» is understandable, but reality could be more complex. While PACTs promise to reduce the need for repeated checks, they risk erecting an access barrier that requires a kind of pre-accreditation to be considered legitimate traffic. Large publishers and resource-rich platforms could become gatekeepers of 'personhood', while smaller or experimental projects might struggle to obtain the tokens needed to be recognized as good actors. This dynamic partly recalls existing walled gardens, but with the twist of a seemingly neutral technical mechanism. For those building LLM-based applications that interact with the web, the prospect is twofold: PACTs could simplify access to public data if bots are welcomed, but they might also become yet another hurdle for those operating outside established circuits. The road to a truly shared protocol is still long, and the technical choices of the coming months will tell whether openness or a fortified castle logic prevails.