Every step forward for browser privacy has made the web more annoying to use. Block third-party cookies, restrict fingerprinting, hide IP addresses - and suddenly you're staring at CAPTCHAs or login walls on sites you visit daily. That's the trade-off Mozilla is trying to break with a new initiative backed by Cloudflare and other browser makers.
The Privacy vs. Access Trap
As browsers lock down tracking vectors, they also erase the signals that anti-abuse systems rely on. Sites facing a surge in bot traffic respond by demanding email logins, federated auth, or device fingerprints - exactly the kind of persistent identifiers that privacy tools aim to eliminate. The result is a lose-lose: users lose privacy and get friction, sites lose legitimate visitors.
Mozilla frames the core problem simply: bots cause harm at scale, so sites don't need to know who you are. They just need to know you're staying within a rate limit. The catch is making rate limits hard to bypass without introducing a tracking identifier.
Why Hardware Attestation Is a Dead End
Apple's Private Access Tokens and Google's Web Environment Integrity (WEI) proposals try to solve this by having hardware or OS vendors attest that a device is trustworthy. Mozilla calls that a non-starter. Those systems hand control to a small set of gatekeepers (Apple, Google, Microsoft) and force users to run only approved software. That's the opposite of an open web.
Private Access Tokens, built on the Privacy Pass protocol, do offer limited privacy - but they rely on device attestation. There's also no way to let multiple parties vouch for users without collapsing privacy. Mozilla wants a system where any site can vouch for its users, and any other site can decide which vouchers to trust, all without leaking identity or enabling tracking.
Anonymous Credentials as the Escape Hatch
Mozilla's proposed approach leverages anonymous credentials, a cryptographic primitive that lets an issuer give a user a credential that can be presented a limited number of times - without the issuer or the verifier being able to link those presentations. Even the issuer's identity can be hidden, proving only that the credential came from a trusted set.
Concrete scenario: a VPN service could issue credentials to its subscribers. When those users visit a site that normally blocks VPN traffic, they present a credential proving they're within a rate limit. The site learns nothing about who they are or which VPN issued the credential. The VPN doesn't learn which sites the user visited.
Mozilla, Cloudflare, and other browser stakeholders have started designing this system. They've published a deeper technical dive on Mozilla Hacks. The goal: fewer CAPTCHAs, fewer blocks, fewer demands to identify yourself - without handing the keys to a hardware oligopoly.
Source: Keeping the Web Open and Private in the Bot Era
Domain: blog.mozilla.org
Comments load interactively on the live page.