[nonrandomstring]

What came up in this interview [0] was that

1) Because of "AI" we're moving more to API-like model in which the end user gets more say how they want to consume content.

2) That is in tension with (ahem) intention. We can't direct the user "experience" and have a "positive model" (not based on denylists). We can present data bit we can't enforce our intentions (informally defined ideas about how it may be used).

3) That means we must move to a behavioural security/access model in place of identity based ones (including categorical identity like ASN, user-agent, device type... )

[0] https://cybershow.uk/episodes.php?id=39