“The way Privacy Pass works is that one website hands out special tokens to people the site thinks are OK. Other sites can ask people to give them a token. The second site then knows that a visitor with a token is considered OK by the first site, but they don’t learn anything else”
Just sounds like an overcomplicated cookie that could be used to track people across websites.
On top of that, I’m not really seeing a method of actually keeping the token out of a bot’s hands. It sounds like once the token is granted it’s carte blanche to scrape or commit fraud.
I don’t think there is really any easy solution for this problem either. It’s a never ending cat and mouse game trying to stop bots, similar to malware.
Add comment