Policy, privacy and post-quantum: anonymous credentials for everyone

Cloudflare says the future web will be swarmed by AI “agents” ordering pizza and buying tickets on our behalf, so it’s proposing anonymous credentials—think privacy-friendly passes—to rate-limit bad behavior without tracking people. That’s the pitch behind ARC (Anonymous Rate-Limited Credentials), now winding through IETF, with a pizza-ordering demo to set the mood. But the crowd brought extra cheese and skepticism. One camp is baffled: “These credentials do what, exactly?” asked hedora, sarcastically wondering if they let you order pizza anonymously without an address. Another camp argues it’s a business problem, not a tech one: Nextgrid says robots can already buy pizza; it’s the vendors who add hoops on purpose. The standards nerds then stormed in: teddyh flagged Cloudflare for citing an outdated draft, pointing to the newer draft-yun-privacypass-crypto-arc-00 like a courtroom gotcha. A calmer voice tried to translate, noting CAPTCHAs can’t tell a “good bot” buying pizza from a “bad bot” scraping a site, so ARC could be a privacy-first throttle rather than a tracker. Meanwhile, tennysont posted a DIY tl;dr with the official ARC proposal. The vibe: half intrigued, half “why is this 21 minutes long,” with memes about bots getting loyalty cards and humans begging for a plain-English explainer. Drama: medium-spicy, extra pepperoni