Rendered at 14:00:51 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
bstsb 4 days ago [-]
interesting - this looks quite promising. anything that reduces captchas or client blocks while using a VPN is welcome in my books.
i’m not sure what they mean about agents, however. would this mean a human generates legitimate traffic, and that goodwill can then be utilised by a browser agent? and will it be possible to host your own Moderator?
rbits 2 days ago [-]
> i’m not sure what they mean about agents, however. would this mean a human generates legitimate traffic, and that goodwill can then be utilised by a browser agent?
I feel like this is explained in the article:
> AI agents acting on behalf of a user slot into the same flow. An agent can carry its user’s Credentials, in which case the user remains accountable for how the agent behaves. Sites would not need to grant any more access than they would to the user themselves. Alternatively, the operator of an agent can run its own Anchor and vouch for its agents the way other Anchors vouch for human users. Sites retain control over which Anchors they accept, so they can choose how to treat agent traffic without needing a separate detection mechanism.
So there are 2 things that could happen, depending on how the agent works.
1: An Anchor gives the user Credentials, with personhood verified by e.g. the user's phone number. The agent can then use that to act like a normal user.
2: The operator of the Agent (OpenAI, Google, etc.) acts as the Anchor themselves. That Anchor gives the agent its own separate Credentials, maybe with personhood
verified by the user's paid subscription or something. This approach would allow Moderators to block agents, if they wanted.
> and will it be possible to host your own Moderator?
Yes. They say that the website itself can be the Moderator
> In the common case the site itself plays the Moderator role, so there’s no new entity or trust boundary.
galadran 4 days ago [-]
> If nothing changes, users will increasingly be forced to choose between their privacy and their access to the web
I'm likely naive, but I'm very excited about a future that abandons the web and builds on reticulum. But I worry that the same flaws will be replicated out of habit instead of using it as a chance to avoid the dark paths.
Reticulum uses a proof of work "stamp" as a user side defense against not like behavior.
iamnothere 4 days ago [-]
Gemini’s gemtext format (or plain Markdown, maybe Commonmark) over Reticulum would be ideal. No JS, no tracking, no complex HTML/CSS with associated parser vulnerabilities.
Make a simple form protocol for things like posting comments. Maybe based on OpenAPI?
Solderpunk (Gemini creator) was correct that HTML and JS were both problems, but he didn’t foresee that the legacy TCP/IP client/server model could become a liability. The Gemini format is great, but the TOFU-based security layer is awkward and unnecessary with a proper overlay network that provides encryption and cryptographic IDs instead of domains. It’s also better not to expose your server IP these days.
malmz 3 days ago [-]
It's always funny to see Gemini brought forward as an alternative to the web. It's a cute protocol for sharing simple documents but it excludes so many use cases. How would you order a shirt online? No sessions and no forms means no interactivity.
iamnothere 3 days ago [-]
Commercialization is what killed the part of the web that I care about. I would happily use a web that hardly functions for commercial use. It’s not like the old Internet will disappear if you need to buy something from Amazon.
mbirth 2 days ago [-]
URL parameters? They worked back in the old days, so I don’t see why they wouldn’t work here.
htgb 2 days ago [-]
It looks really interesting from a technical standpoint. I really hope they manage to make meaningful progress. At the same time, it looks really challenging; not just because of technical implementation but collaboration. It's a pretty involved plan to begin with, and they are competing with behemoths who don't mind getting many bits of information about a user (with simpler implementations). Who will help Mozilla succeed here?
i’m not sure what they mean about agents, however. would this mean a human generates legitimate traffic, and that goodwill can then be utilised by a browser agent? and will it be possible to host your own Moderator?
I feel like this is explained in the article:
> AI agents acting on behalf of a user slot into the same flow. An agent can carry its user’s Credentials, in which case the user remains accountable for how the agent behaves. Sites would not need to grant any more access than they would to the user themselves. Alternatively, the operator of an agent can run its own Anchor and vouch for its agents the way other Anchors vouch for human users. Sites retain control over which Anchors they accept, so they can choose how to treat agent traffic without needing a separate detection mechanism.
So there are 2 things that could happen, depending on how the agent works.
1: An Anchor gives the user Credentials, with personhood verified by e.g. the user's phone number. The agent can then use that to act like a normal user.
2: The operator of the Agent (OpenAI, Google, etc.) acts as the Anchor themselves. That Anchor gives the agent its own separate Credentials, maybe with personhood verified by the user's paid subscription or something. This approach would allow Moderators to block agents, if they wanted.
> and will it be possible to host your own Moderator?
Yes. They say that the website itself can be the Moderator > In the common case the site itself plays the Moderator role, so there’s no new entity or trust boundary.
Shorter post: https://blog.mozilla.org/en/privacy-security/keeping-the-web...
Reticulum uses a proof of work "stamp" as a user side defense against not like behavior.
Make a simple form protocol for things like posting comments. Maybe based on OpenAPI?
Solderpunk (Gemini creator) was correct that HTML and JS were both problems, but he didn’t foresee that the legacy TCP/IP client/server model could become a liability. The Gemini format is great, but the TOFU-based security layer is awkward and unnecessary with a proper overlay network that provides encryption and cryptographic IDs instead of domains. It’s also better not to expose your server IP these days.
Sincerely, I wish them the best of luck!