Cryptographic Trust Over Tracking: Inside the PACT Protocol

Cloudflare, major browser vendors including Mozilla Firefox, Google Chrome, and Microsoft Edge, and Shopify are developing the Private Access Control Tokens (PACT) protocol to replace invasive bot detection with anonymous cryptographic proof. The protocol uses blind signatures to delegate trust verification to entities like identity providers, preserving user privacy while enabling websites to distinguish legitimate automated traffic from malicious bots. This addresses the challenge of agentic AI, where traditional behavioral heuristics fail to differentiate authorized human-delegated agents from attackers.

Cloud & Infra https://www.devclubhouse.com/c/cloud Article Cryptographic Trust Over Tracking: Inside the PACT Protocol Cloudflare and major browsers propose Private Access Control Tokens to replace invasive bot detection with anonymous cryptographic proof. Ji-ho Choi https://www.devclubhouse.com/u/jiho choi The web is undergoing a structural transition. For decades, security teams have separated legitimate users from malicious actors by analyzing behavior. If a request moved too fast, lacked mouse movements, or originated from a data center IP address, security tools flagged it as a bot. The rise of agentic AI breaks this model. When autonomous agents orchestrate workflows like ordering food, comparing prices, or purchasing inventory on behalf of humans, the traffic is automated by definition. Blocking all automated traffic blocks legitimate customers, while allowing it invites malicious scraping and credential stuffing. To address this, Cloudflare https://www.cloudflare.com has partnered with major browser engines, including Mozilla Firefox https://www.mozilla.org/firefox/ , Google Chrome, and Microsoft Edge, alongside Shopify https://www.shopify.com , to develop Private Access Control Tokens PACT . This proposed protocol shifts the security model from behavioral heuristics and invasive fingerprinting to decentralized, cryptographic trust delegation. Cryptographic Trust Delegation PACT relies on a separation of concerns. Instead of every website trying to determine if a client is human through invasive tracking or CAPTCHAs, PACT delegates this verification to entities that already have an established relationship with the user. These entities, such as identity providers, device manufacturers, or platforms like Shopify, issue anonymous tokens. The user's browser then presents these tokens to other websites. The core cryptographic mechanism relies on blind signatures. The issuer verifies the user's identity but does not know which third-party sites the user is visiting. The verifier the destination website receives a cryptographically signed token proving the client has been vetted, but the verifier cannot link this token back to a specific user identity or browsing history. This breaks the linkability that ad networks and trackers rely on, preserving privacy while establishing trust. sequenceDiagram autonumber actor User as User / Agent participant Issuer as Trusted Issuer e.g., Shopify participant Browser as Browser e.g., Firefox participant Verifier as Destination Website User- Issuer: Authenticate / Prove Personhood Issuer- Browser: Issue Blinded Token Browser- Verifier: Present Unblinded Token Verifier- Verifier: Cryptographically Verify Token Verifier- User: Grant Access This architecture builds on prior work like the IETF Privacy Pass standard. By formalizing this into a browser-supported protocol, the initiative aims to make cryptographic trust verification a native feature of the web platform. The Agentic AI Challenge Traditional bot mitigation is an arms race of fingerprinting and behavioral heuristics. As generative AI agents become common, distinguishing between a malicious bot and an authorized human-delegated agent is nearly impossible using traditional methods. If a user deploys an AI agent to find and buy a product, that agent will execute requests programmatically. Serverless Inference by DigitalOcean 55+ models, every modality. One API key, one bill. https://www.devclubhouse.com/go/ad/13 If a merchant blocks the agent, they lose a sale. If they allow all programmatic traffic, they get overwhelmed by scrapers. PACT aims to solve this by allowing platforms to issue tokens that prove a human is in the loop or that the agent is authorized. This allows merchants to filter out abusive traffic without imposing friction on legitimate automated buyers. How Developers Will Integrate PACT Currently, developers rely on third-party JavaScript snippets to calculate risk scores or render CAPTCHAs. These scripts slow down page loads, complicate content security policies, and raise privacy concerns. With PACT, token verification moves to the network edge or the web server configuration. When a client makes a request, it includes a PACT token in the HTTP headers. Here is how an edge middleware might handle this verification conceptually: // Conceptual edge middleware verifying a PACT token export async function handleRequest request: Request : Promise<Response { const pactToken = request.headers.get "Sec-PACT-Token" ; if pactToken { // Fallback to traditional verification or challenge return redirectToAlternativeVerification request ; } const isValid = await verifyPactToken pactToken ; if isValid { return new Response "Invalid security token", { status: 403 } ; } // Proceed to origin with verified trust status return fetch request ; } async function verifyPactToken token: string : Promise<boolean { // Cryptographic verification of the token signature against the public key of trusted issuers try { const parsedToken = parseToken token ; const publicKey = await getIssuerPublicKey parsedToken.issuerId ; return await crypto.subtle.verify "Ed25519", publicKey, parsedToken.signature, parsedToken.signedData ; } catch { return false; } } This approach shifts the security boundary. Instead of executing heavy client-side scripts, the verification is a fast, cryptographic check at the CDN edge or origin server. However, developers must plan for several trade-offs: Trust Centralization : The system relies on a small set of trusted issuers. If only giant platforms can issue tokens, smaller identity providers might be locked out, centralizing control over web access. Fallback Mechanisms : Not all clients will support PACT immediately. Developers will need to maintain legacy bot-detection pipelines for older browsers and non-browser clients, leading to dual-path maintenance. Token Exhaustion and Abuse : If malicious actors find a way to harvest or buy valid tokens from compromised devices, the system's integrity drops. Rate-limiting token redemption at the verifier level will still be necessary. The Path to Standardization PACT represents a shift away from behavioral surveillance toward cryptographic proof. While the collaboration between Cloudflare, Mozilla, Google, and Microsoft provides the necessary industry backing, the protocol must go through the rigorous IETF or W3C standardization process before widespread adoption. For now, developers should monitor the draft specifications. The transition will not happen overnight, but preparing application architectures to ingest and verify cryptographic tokens at the edge is a design pattern that will pay dividends as the web becomes increasingly populated by autonomous agents. Sources & further reading Ji-ho Choi https://www.devclubhouse.com/u/jiho choi · Security & Cloud Editor Ji-ho covers the increasingly tangled overlap between cloud architecture and security, drawing on a background as a penetration tester to keep his reporting grounded in real-world attack paths. He never lets a vendor claim go unquestioned and insists that every buzzword come with a proof of concept. Discussion 0 No comments yet Be the first to weigh in.