Privacy Pass aims to standardise a mechanism that will improve the CAPTCHA model to increase user privacy. CAPTCHAs are used to distinguish between humans and computers to prevent bots from sending repeated requests in distributed denial-of-service (DDoS) attacks or engaging in other malicious activities. In the current common use case, after completing a CAPTCHA, a cookie is stored on the client application to show a server that the client has been verified for future purposes. However, this allows for the server to link together all the user’s connections that have required authorisation, giving the server the ability to monitor a user’s browsing history and behaviour and even identify the user. This new mechanism could offer a significant opportunity for any site that currently uses CAPTCHA to enhance the anonymity available to its user base. For this to be implemented, however, web browsers must be willing to accept Privacy Pass tokens from a small number of issuers.