Cloudflare is working with the makers of Chrome, Edge, and Firefox on a new way for websites to tell whether incoming traffic is legitimate – without resorting to the usual mix of CAPTCHAs, logins, and extra tracking.
The system is called Private Access Control Tokens, or PACT, and it arrives at a time when bots have surpassed human traffic online.
Why do you assume it’s one static unchanging token? That’s not how cryptography works, you can issue virtually unlimited signatures or challenges/responses without the other party knowing your private key
It’s cryptographically impossible to ensure that kind of security.
Are you saying asymmetric cryptography doesn’t exist or is not secure? You may want to collect your research prize and/or bring down the global banking system