that asserts a given browsing session is being run by a human or bot with legitimate intent
How? If an agent browses the web through that session, then how can you reasonably “assert” that?
websites “with strong knowledge of ‘personhood’” issue anonymous tokens that browser users and designated bots can present at other websites
What does that mean? Some creepy website that forces one to verify their “personhood” (by scanning one’s face for instance), that issues “trust me bro, it’s anonymous” tokens to a specific browser. And then the user is expected to present these unique identifiers at other websites, like there’s no possibility these can be passed back onto the issuer, and therefore re-identify the session-user?
the way people interact with the web is changing and increasingly may involve autonomous agents.
Yeah, and who is pushing for this change? Right, Google among other AI companies. You just got to love companies creating “solutions” for problems they themselves are, at least in part, responsible for.
Mozilla is committed to defending openness and user privacy on the web
Ah, thankfully we can trust Mozilla to protect the privacy-community’s interests… I mean, they certainly haven’t made controversial decisions is recent times.
Just mandate an opt-in default. If the “3–10% of people [that] want this”, wish to get out of their way and explicitly enable spyware, I believe this is a much more reasonable overall baseline (with respect to the other 90–97%). And considering most web-users rarely clear cookies, the preferences are effectively persistent already: which really appears to be the lobby’s primary interest. If people were conditioned by dark patterns to accept, while holding onto cookies, excessive data collection happens without user-awareness and potential for reevaluation.
I’m no fan of browser signaling, because to me it seems like yet another unique identifier: to potentially, and ironically be (ab)used to improve browser-fingerprinting.