June 23, 2026

Bot drama, but make it private

Article URL →HN comments →

Pact: Anonymous Credentials for the Web

A plan to kill CAPTCHAs has commenters cheering, doubting, and dreaming bigger

TLDR: Pact proposes a new way for websites to spot bad automated traffic without forcing privacy-minded people through endless puzzles or logins. Commenters love the promise of fewer CAPTCHA nightmares, but some already fear the same old control games—or want to ditch the web completely.

The big pitch in Pact is simple: the web has turned into a paranoid nightclub, and anyone using a private browser, a virtual private network, or stronger privacy settings keeps getting treated like a suspicious robot. The article argues that today’s defenses are failing spectacularly. Real people get slapped with endless puzzles and sign-up walls, while actual bots are getting smarter and breezing through. So the proposed fix is a new way for sites to tell the difference without forcing people to give up their privacy or hand over personal details just to read a page or buy socks.

And the comments? Instant mood swing from hopeful to deeply skeptical. One camp is basically yelling, “If this means fewer CAPTCHAs while I’m on a VPN, sign me up yesterday.” That was the loudest applause line: people are exhausted by being punished for trying not to be tracked. But there’s also a delicious cloud of suspicion hanging over the whole thing. Commenters immediately started poking holes in the idea of browser “agents” acting for users, asking whether a human’s good reputation could be borrowed by software and whether people could run their own gatekeepers instead of trusting a big middleman.

Then came the full escape-the-planet take: one user said they’re excited for a future that abandons the web entirely and builds somewhere else, while warning that shiny new systems often copy the same old bad habits. It’s classic internet drama: half the crowd wants this fix now, half thinks the whole web is cooked, and everyone agrees the current CAPTCHA circus is unbearable.

Key Points

  • The article says websites increasingly block or challenge privacy-preserving users with registration walls, block pages, and CAPTCHAs because they may resemble bots.
  • Browser privacy protections have reduced passive identification signals, while generative AI has made CAPTCHAs less effective against bots.
  • Many sites now require more invasive checks such as email addresses, federated logins, or disabling VPNs, increasing friction and reducing privacy.
  • The article argues that browser-based AI agents worsen the problem because sites often cannot distinguish legitimate user-directed agents from volumetric abuse.
  • The article critiques device-attestation approaches, citing Google’s abandoned Web Environment Integrity proposal as a model that could shift control to platform attesters and website allow-lists.

Hottest takes

"anything that reduces captchas or client blocks while using a VPN is welcome in my books" — bstsb
"would this mean a human generates legitimate traffic, and that goodwill can then be utilised by a browser agent?" — bstsb
"very excited about a future that abandons the web" — pwndByDeath

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.