Connect with us

AI

Cloudflare and Top Browsers Team Up on PACT to Ditch CAPTCHAs

Cloudflare, Mozilla, Google, Microsoft and Shopify are building PACT, an anonymous token protocol designed to replace CAPTCHAs and invasive tracking across the web.

Published

on

Cloudflare, Mozilla, Google, Microsoft and Shopify have agreed to build a new privacy-preserving protocol designed to replace the CAPTCHA, the image-and-puzzle gatekeeper that has filtered web traffic for a quarter-century. The protocol, called Private Access Control Tokens (PACT), lets a browser prove to a website that its traffic comes from a real human or an authorized AI agent without revealing who the user is or where they have been online.

The push lands at a moment Cloudflare’s own data now treats as historic. Automated requests made up 57.5% of HTML traffic on Cloudflare Radar, which watches roughly a fifth of all websites, against 42.5% from humans, the first time bots have crossed the halfway mark on the open web.

The Web Just Tipped Toward Bots

Cloudflare CEO Matthew Prince flagged the crossover on June 3, 2026, writing that bots had passed human traffic online for the first time in the Internet’s history. He had expected the flip by the end of 2027 when he spoke at SXSW in March. It landed 18 months early.

  • 57.5% of HTML requests on Cloudflare Radar now come from automated systems, against 42.5% from humans, the first crossover in the Internet’s history
  • Agentic AI traffic grew 7,851% year over year, per HUMAN Security’s 2026 State of AI Traffic report
  • Automated traffic expanded approximately eight times faster than human activity, per the same report
  • 51.8% of AI crawler requests served training in May 2026, with only 9.3% serving search, per Cloudflare data

One user action now translates into orders of magnitude more HTTP requests, since an AI agent hunting running shoes might visit hundreds of sites while a human shopper visits five. Most of that crawl traffic is extraction rather than discovery, a pattern documented in a breakdown of how agentic AI traffic reshaped the web.

What PACT Is and Why It’s Built on Blind Signatures

PACT is an open standard that hands a user’s browser anonymous, unlinkable tokens a website can redeem to lower friction without learning who the user is. The token’s core mechanism is a blind signature, a technique invented by mathematician David Chaum in 1983 for untraceable digital cash.

In a blind signature, the issuer signs a credential without ever seeing the underlying identity information it is signing. A site with strong knowledge of who a user is, say an email provider or social platform that has already authenticated the account, can hand the browser an anonymous token bound only to that relationship. When that user visits another site, the browser presents the token. The receiving site learns only that someone trustworthy already vetted this traffic; it learns nothing about who that person is, which sites they have visited or what device they are using.

PACT does not replace its own predecessor. It extends Privacy Pass, a token-based authentication architecture the Internet Engineering Task Force formalized in 2024 as RFC 9576, and adds native, coordinated support across Chrome, Firefox and Edge, plus an explicit focus on the agentic AI traffic that has reshaped the web since RFC 9576 was published. Apple already deploys a related system using a device’s secure enclave. Cloudflare uses Privacy Pass today as a signal in its own bot management products, a foothold the company has been extending through its broader agentic infrastructure push.

The Coalition and What Each Side Stands to Win

The June 22 announcement, detailed in the full Cloudflare press release on PACT, brings together two browser-engine vendors, one commerce platform and the connectivity cloud that already sits in front of much of the open web. Each has a specific reason to be at the table.

Partner Role What they say they bring
Mozilla Firefox Browser vendor Defending openness and user privacy
Google Chrome Browser vendor Largest installed base, native agent features shipping
Microsoft Edge Browser vendor Web Platform standards experience
Shopify Commerce platform Million-strong merchant network
Cloudflare Connectivity cloud Existing Privacy Pass deployment at network scale

Dane Knecht, CTO of Cloudflare, framed the protocol’s design around a transformation in how people use the internet. Tasks that once required a person tapping through menus and a checkout flow are increasingly being handed off to autonomous agents, he said in the announcement. Existing defenses are too generic and coarse, designed for a web where every request came from a human keyboard.

The way we interact with the Internet is facing a fundamental shift. Normal everyday tasks like ordering food previously required a user to personally navigate menus and payment gateways. Now, autonomous agents are starting to orchestrate these workflows on behalf of people.

Ilya Grigorik, Distinguished Engineer at Shopify, tied the urgency to commerce. Every unnecessary challenge or false positive can convert a completed purchase into an abandoned cart, he said in the announcement, and the protocol’s value for Shopify lies in distinguishing legitimate shoppers from abusive traffic without forcing buyers through friction they did not ask for.

In commerce, every extra challenge, delay, or false positive can turn a purchase into an abandoned cart. Merchants need effective protections against automated abuse, but buyers shouldn’t have to pay for them with unnecessary friction or invasive tracking.

Why the CAPTCHA Defense Lost

The CAPTCHA was built for a different economy. Bots now solve image and audio puzzles faster and more reliably than humans, which leaves websites with two bad choices: paywalls, identity checks and behavioral tracking on one hand, or a flood of volumetric abuse on the other.

The math changed with agentic AI. Google’s Chrome auto browse, built on Gemini 3.1, shipped to desktop in January 2026 and lands on Android in late June 2026 on devices running Android 12 or higher with at least 4GB of RAM. Chrome’s installed base sits over 3 billion users. When agents browse, click and check out on a user’s behalf, the question is no longer “is this a bot” but “is this bot acting for someone we trust.”

Google’s Web Environment Integrity, abandoned in 2023, was the blunt version of that approach. Apple’s Private Access Tokens, deployed in 2022, are the more subtle one. Both anchor trust to parts of the user’s device that sit within the manufacturer’s control, a trade-off the Mozilla team laid out in the technical design of anonymous credentials for the web. PACT’s pitch is to invert that dependency. Rather than the device vouching for the user, a third party the user already has an authenticated relationship with vouches for them, anonymously.

What PACT Does Not Fix

The PACT announcement stresses that the protocol is designed so that sites cannot use it to track or identify users or their browsing history. That guarantee covers the token itself. It does not extend to the wider fingerprinting problem.

Browser fingerprinting, the practice of collecting device characteristics such as GPU rendering behavior, screen resolution, installed fonts and canvas output to build a unique identifier, remains entirely outside PACT’s scope. Research from Johns Hopkins University and Texas A&M University confirmed in 2026 that fingerprinting is used for real-time cross-session tracking even when users have explicitly opted out under privacy regulations, a gap laid out in coverage of what PACT does not fix about fingerprinting.

PACT also does not address the accessibility harm CAPTCHAs have built up over a decade. Signal-based CAPTCHA systems disproportionately flag assistive technology users as bots, a pattern disability advocates have called discriminatory, because users of screen readers and alternative input devices produce behavioral signals that deviate from what those systems treat as normal. The token system, by removing the puzzle test, fixes this for users whose browsers issue PACT. It does nothing for users whose browsers or operating systems fall outside the trusted issuer set.

The narrow privacy guarantee and the broader fingerprinting problem are not the same fight, but in practice they compound: a website that cannot use PACT tokens to track users may still lean on fingerprinting signals to do the same job. The early critique of PACT’s privacy claim made the same point on launch day.

The Personhood Question Nobody Has Answered

The deepest structural question raised by PACT is also the one the announcement left most open: what counts as strong knowledge of personhood, the threshold a site must clear before it can issue PACT tokens.

The press release defines PACT as a system for sites with strong knowledge of personhood to issue anonymous tokens, but it does not specify which sites qualify, who audits them or how a browser learns to trust a new issuer. Cloudflare already underpins a substantial portion of global web infrastructure and is a natural participant, a position tied to Cloudflare’s agentic AI operating model. A genuinely open implementation would need to function well for sites that run no Cloudflare infrastructure at all, a question the standardization process has not yet addressed.

Apple, which co-developed the underlying Privacy Pass technology and shipped Private Access Tokens to its own devices in 2022, was absent from the June 22 announcement and has not explained the absence. No standards body has been named, no submission timeline announced and no deployment schedule published. Cloudflare’s framing of the work, “an initiative” backed by “major Web browsers,” leaves the standard’s destination unspecified.

The story moves faster than the bureaucracy around it. Cloudflare’s bot traffic crossover arrived 18 months ahead of the company’s own forecast. Whether the standard that tries to sort bots from humans ships any faster depends on questions the announcement did not answer.

Frequently Asked Questions

What is PACT and how is it different from CAPTCHA?

PACT (Private Access Control Tokens) is a proposed web protocol in which a trusted site, such as an email provider that has already authenticated a user, issues that user’s browser an anonymous cryptographic token. When the user visits another site, the browser presents the token as proof of legitimacy. The receiving site learns nothing about the user’s identity, browsing history or device. A CAPTCHA, by contrast, challenges the user to prove they are human by completing a visual or audio puzzle in real time, a test bots now routinely pass while legitimate users, especially those with disabilities, are frequently blocked.

What is Privacy Pass, and is PACT replacing it?

Privacy Pass is the anonymous token authentication architecture PACT extends, formalized by the IETF as RFC 9576 in 2024. It uses either RSA blind signatures or Verifiable Oblivious Pseudorandom Functions (VOPRFs) to issue tokens that are unlinkable to their original issuance context. Apple already deploys a related system, and Cloudflare uses Privacy Pass in its bot management products. PACT does not replace Privacy Pass. It adds native browser support across Chrome, Firefox and Edge, and explicitly extends the protocol to cover AI agents acting on behalf of users, not only humans at a keyboard.

Does PACT protect users from browser fingerprinting?

No. PACT’s privacy guarantee covers the token itself, which contains no personal data and cannot be linked to its issuance context. It does not address canvas fingerprinting, GPU rendering signatures, installed font enumeration or screen-resolution profiling, all of which remain outside its scope. Users who want protection from fingerprinting still need separate tools, such as Firefox’s built-in fingerprinting resistance or a dedicated privacy browser configuration.

Will PACT replace CAPTCHAs on websites I use anytime soon?

Not imminently. The June 22 announcement committed the partners to developing the specification and submitting it for standardization, but no standards body, timeline or deployment schedule has been named. Converting a protocol proposal into a live browser feature typically requires ratification, implementation across browser update cycles and adoption by website operators, a multi-year process in most cases. For now, sites that use Cloudflare’s existing Privacy Pass integration are the only places where the underlying technology is already live.

Why is Apple absent from the PACT coalition?

Apple has not publicly addressed the question. The company co-developed the underlying Privacy Pass protocol and has deployed its own Private Access Tokens across its devices since 2022. Apple was not among the five partners named in the June 22 announcement, and no reason has been given for its absence.

Logan Pierce is a writer and web publisher with over seven years of experience covering consumer technology. He has published work on independent tech blogs and freelance bylines covering Android devices, privacy focused software, and budget gadgets. Logan founded Oton Technology to publish clear, no nonsense tech news and reviews based on real hands on testing. He has personally tested and reviewed dozens of mid range and budget Android phones, written extensively about app privacy, and built and managed multiple WordPress publications over the past decade. Logan holds a bachelor's degree in English and studied digital marketing at a certificate level.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending