So far, Private Access Tokens are not widely adopted so you can get a feel for the potential Linux experience by browsing the web with iCloud Private Relay enabled. This flags almost every website's anti-spam classifiers, and you end up having to do 3-5 captchas to access anything protected by one. Wikipedia also blocks you from editing: https://meta.wikimedia.org/wiki/Talk:Apple_iCloud_Private_Re....
IME, browsing the web with iCloud Private Relay is much better than Tor, since your client is not outright blocked by websites. I have not browsed the web much behind a VPN, so I can't compare the experiences.
VPN works for almost any internet service and not just web browsing
VPN can be bought outside of a 5 eyes company
Tor is much better at making it easier to hide your browser footprint and thus anonymity browsing across sites as long as you reconnect often and don't change default settings.
Playing devils advocate: how else do you prevent spam without requiring a login on every single web page? Especially in the world of AI-powered spam that can be indistinguishable from humans and automated at scale and can solve captchas.
Spam destroys everything. The open web has been at war with it forever, and soon it will win just like it has won in every other domain that is not completely locked down.
I love the fediverse but I fully expect it be destroyed by spam as soon as it gets big and influential enough to be a juicy target.
The Internet is a dark forest. The future is private encrypted networks, private forums, etc.
Spam even exists where logins ARE required. Look at Reddit or Twitter/X and any web-accessible forum where logins are required. Lots of spam everywhere.
I don’t think attestation will prevent this, it does however, prevent scraping if attestation is required to even view content.
What would prevent bots from using “approved” attester devices to navigate and scrape? Is attestation done by checking what local processes are running?
Based on where the MAU counts are, by your criteria the Fediverse will be safe from spam forever. Which falls into your last point, it's essentially a set of private forums, that interconnect. It's kind of ironic that the idea of the Fediverse apparently being beyond the neuron activation threshold of most people ends up being an effective filter.
I think Private Access Token is a reasonable design, and it should be standardized with multiple attestation providers that any client can use. That seems like it would move the web forward, unlike simply not making headway on the problem of spam and fingerprinting/tracking as an anti-spam measure at all.
