I understood this as a tool to fight bot-net scraping. I imagined that this would add accountability to clients for how many requests they make.

I know that phrasing it like "large company cloudflare wants to increase internet accountability" will make many people uncomfortable. I think caution is good here. However, I also think that the internet has a real accountability problem that deserves attention. I think that the accountability problem is so bad, that some solution is going to end up getting implemented. That might mean that the most pro-freedom approach is to help design the solution, rather than avoiding the conversation.

Bad ideas:

You're getting lots of bot requests, so you start demanding clients login to view your blog. It's anti-user, anti-privacy, very annoying, readership drops, everyone is sad.

Instead, what if your browser included your government id in every request automatically? Anti-user, anti-privacy, no browser would implement it.

This idea:

But ARC is a middle ground. Subsets of the internet band together (in this case, via cloudflare) and strike a compromise with users. Individual users need to register with cloudflare, and then cloudflare gives you a million tokens per month to request websites. Or some scheme like this. I assume that it would be sufficiently pro-social that the IETF and browsers all agree to it and it's transparent & completely privacy-respecting to normal users.

We already sort of have some accountability: it's "proof of bandwidth" and "proof of multiple unique ip addresses", but that's not well tuned. In fact, IP addresses destroy privacy for most people, while doing very little to stop bot-nets.

Many of us here are old enough to remember the promise of web 2.0 where "APIs will talk with APIs making everything super fast and automated". Then, businesses realized that they do no in fact just "sell a product" but have this entire flywheel and side hustle they depend on to extract maximum value from the user.

Oh and also turns out if the data you share is easily collected it can be analyzed and tracked to prove your crimes like price gauging, IP infringement and other unlawful acts - that's not good for business either!

One problem with HPOP is the chicken-egg adoption problem: There is little reason to implement HPOP because nobody will have a client for it, and little reason to build a client because nobody has implemented HPOP.

Part of this is the friction required to implement a client for a bespoke API that only one vendor offers, and the even bigger friction of building a standard.

AI and MCP servers might be able to fix this. In turn, companies will have a motivation to offer AI-compatible interfaces because if the only way to order a pizza is through an engagement farm, the AI agent is just going to order the pizza somewhere else.

You can see it another way: everyone wants to be the one that controls access to services; it is what search and news aggregators have in common.

Even if pizza hut wanted people to order pizza the most efficiently with no time wasted it would still want it to happen on their own platforms.

Because if people went to all-pizzas.com for their pizza need then each restaurant and chain would depend on them not to screw them up

Maybe the company doesn't want to spend the effort to develop an API. They can through some Cloudflare solution in front and call it done.

Also I wonder if credit card chargebacks are a concern. They might worry that allowing a single user to make a million orders would be a problem, so they might want to rate limit users.

What are you on about? I genuinely don't understand your point. Of course they make money by selling pizzas, not something else. And they've figured the way to maximize that is by having a brand and a presence and own the customer relationship, thus people buy from then.

If they end up as just a pizza-api they have no moat and are trivially replaced by another api and bakery, and will make less money.

> - That a person cannot own more than one of.

Exactly one seems hard to implement (some kind of global registry?). I think relaxing this requirement slightly, such that a user could for instance get a small number of different identities by going to different attestors, would be easier to implement while also making for a better balance. That is, I don't want users to be able to trivially make thousands of accounts, but I also don't want websites to be able to entirely prevent privacy throwaway accounts, for a false ban from Google's services to be bound to your soul for life, to be permanently locked out using anything digital because your identifier was compromised by malware and can't be "reset", or so on.

https://en.wikipedia.org/wiki/Sybil_attack

This is generally considered an unsolvable problem when trying to fulfill all of these requirements (cf. sibling post). Most subsets are easy, but not the full list.

An issue, also in crypto, is that people will get their "identifiers" stolen. How do you prevent stealing, or recover stolen identifiers, without compromising anonymity?

Another issue is that people will hire (or enslave) others to effectively lend their identifiers, and it's very hard to distinguish between someone "lending" their identifier vs using it for themselves.

I've been thinking about hierarchical management. Roughly, your identifier is managed by your town, which has its own identifier managed by your state, which has its own identifier managed by your government, which has its own identifier managed by a bloc of governments, which has its own identifier managed by an international organization. When you interact with a foreign website and it requests your identity, you forward the request to your town with your personal identifier, your town forwards the request to your state with the town's identifier, and so on. Town "management" means that towns generate, assign, and revoke stolen personal identifiers, and authenticate requests; state "management" means that states generate, assign, and revoke town identifiers, and authenticate requests (not knowing who in the town sent the request); etc.

The idea is to prevent a much more powerful organization, like a state, from persecuting a much less powerful one, like an individual. In the hierarchical system, your town can persecute you: they can refuse to give you an identifier, give yours to someone else, track what sites you visit, etc. But then, especially if you can convince other town members (which ideally happens if you're unjustly persecuted), it's easier for you to confront the town and convince them to change, than it is to confront and convince a large government. Likewise, states can persecute entire towns, but an entire town is better at resisting than an individual, especially if that town allies with other towns. And governments can persecute entire states, and blocs can persecute entire governments, and the international organization can persecute entire blocs, but not the layer below.

In practice, the hierarchy probably needs many more layers; today's "towns" are sometimes big cities, states are much larger than towns, governments and much more powerful than states, etc. so there must be layers in-between for the layer below to effectively challenge the layer above. Assigning layers may be particularly hard because it requires balance, to enable most justified persecutions, e.g. a bloc punishing a government for not taking care of its scam centers, while preventing most unjustified persecutions. And there will inevitably be towns, states, governments, etc. where the majority of citizens are "unjust", and the layer above can only punish them entirely. So yes, hierarchical management still has many flaws, but is there a better alternative?

> - Belongs to exactly one real person.

> - That a person cannot own more than one of.

These are mutually exclusive. Especially if you add 'cannot be tied to a real-world identity'.

A lot of folks give it flak for being incredibly dystopian, but this: https://world.org/orb

I first thought this was just a crypto play with 1 wallet per real person (wasn't a huge fan), but with the proliferation of AI, it makes sense we'll eventually need safeguards to ensure a user's humanity, ideally without any other identifiers needed.

Thanks. I'm glad someone made it to the end.

They appear to just want to rate limit by having you go through a hassle to set up an account with some service and then be given 100 tokens per hour which you can use to conduct 100 rate limited actions per hour.

Think SMS verification but with cryptographic sorcery to make it private.

Depending on the level of hassle the service may even use SMS verification at setup. SMS verification is typically easy to acquire for as little as a few cents, but if the goal is to prevent millions of rate limited requests a few cents can add up.

perhaps they need rate limiting

Cloudflare already does rate limiting. They explain in the article why their existing rate limiting solutions (IP, fingerprinting) don't work well with AI. That explains why they need a new solution.

Although this is clearly the equivalent of Cloudflare propaganda, they are trying to address the issue of connecting a user and an agent in a way that respects the users privacy.

They effectively use credentials and cryptography to link the two together in a zero-knowledge type of way. Real issue, although no one is clearly dying for this yet.

Real solution too, but blind credentials and Chaumian signing is equally naive to think it addresses the root issue. Something like Apple will step in to cast a liability shield over all parties and just continue to trap users into the Apple data ecosystem.

The right way to do this is to give the user sovereignty over their identity and usage such that platforms cater to users rather than the middle-men in-between. Harder than what Cloudflare probably wants to truly solve for.

Still, cool article even if a bit lengthy.

I think the idea would be that you ask your credit card to convert $10 into 10 untraceable tokens, and then spend them one at a time. You do a handshake dance with the credit card company so you walk away with tokens that only you know, and you have assurance that the tokens are in the same pool as everyone else who asked for untraceable tokens from that credit card company.

Then you can go and spend them freely. The credit card company (and maybe ever third parties?) can verify that the tokens are valid, but they can't associate them with a user. Assuming that the credit card company keeps a log, they can also verify that a token has never been used before.

In some sense, it's a light-weight and anonymous block chain.

The attempt appears to be to rate limit. The acquisition of access tokens is meant to be rate limited.

Similar logic to SMS verification, but actually private.

https://blog.cloudflare.com/how-cloudflare-is-using-automati...

Are you confusing their comments about (paraphrased) "horrible but legal" (up to a point) sites like dailystormer, 8chan, and kiwifarms, with actual blatant phishing sites?

I find it very difficult to believe they won't remove sites involved in clear phishing or malware delivery campaigns, if they can verify it themselves or in cooperation with a security team at a company they trust. That's different from sites that are morally repugnant and whose members spew vitriol, but aren't making any particular threats (and even in cases where there are clear and present threats, CF usually seems to prefer to notify law enforcement, and then follow court orders, rather than inject themselves as a 3rd party judge into the proceedings).

That makes them almost trustworthy. Ultimately you either have a free internet or an internet free of scams phishing and malware. I'd chose the free internet every time