Keeping the Web Open and Private in the Bot Era

The technical post is linked at the end: https://hacks.mozilla.org/2026/06/pact-anonymous-credentials-for-the-web/

Wouldn't just having normal browsers aggressively cache the web page be more beneficial? I get that this could make fingerprinting users easier or bots could share the cache. Main problem with the internet is we're losing content we've visited, not Shopify losing money to fraud.

Glad to see progress here! I was following and tangentially involved in some previous efforts in my old job.

I do wonder about this, though:

If the user has no Endorsements from suitable Anchors at all, existing mechanisms (CAPTCHAs, account creation, federated login) could be used to bootstrap a Credential the same way, so the system degrades to today’s experience rather than locking the user out.

CAPTCHAs don't work except as a vehicle to get users to stick around long enough to fingerprint them, and account creation and federated login themselves require gating by some mechanism and so only punt the problem up a step (and anyway you can't require users to create a new account on some other website just to log in to their bank on a library computer). As such, in today's world, "existing mechanisms" rely very heavily on fingerprinting (or hardware attestation, if you're Apple). It is a stated goal of Mozilla (among others) to make fingerprinting infeasible. So how's that going to work?