Apparently a legitimate server gets to issue tokens to you that verify you’re a real person and not just a spambot approximating one. How this works in practice is apparently cryptographic magic (which I won’t question here, but IIRC can be easier to pinpoint your identity on its own if a smaller group of people receive these tokens). But the magic isn’t as big of an issue as the people issuing those assurances, and how centralized they are. Which is a bit frightening in its own right.
One thing’s for sure: Google, in concert with two browser manufacturers dependent on Google for their existence, cannot convince me they have created something cryptographically secure on their own. (And the article makes it clear that this won’t replace identity tracing for any website or ad network that’s realized that “unethical” and “profitable” are nearly synonymous).
Apparently a legitimate server gets to issue tokens to you that verify you’re a real person and not just a spambot approximating one. How this works in practice is apparently cryptographic magic (which I won’t question here, but IIRC can be easier to pinpoint your identity on its own if a smaller group of people receive these tokens). But the magic isn’t as big of an issue as the people issuing those assurances, and how centralized they are. Which is a bit frightening in its own right.
One thing’s for sure: Google, in concert with two browser manufacturers dependent on Google for their existence, cannot convince me they have created something cryptographically secure on their own. (And the article makes it clear that this won’t replace identity tracing for any website or ad network that’s realized that “unethical” and “profitable” are nearly synonymous).