« All posts

Proof of Human: A New Way to Verify Real Humans Online

CAPTCHA and phone verification no longer stop bots. The team behind World ID explains how to verify unique humans online without ever revealing who they are.

As bots and automated purchasing agents routinely defeat classic defenses like IP rate limiting, CAPTCHA and phone verification, the real gap is infrastructure that can answer whether a person has already been verified anywhere else. Existing authentication systems—SSO, face unlock, passkeys—only perform one-to-one matching, but internet-scale trust requires one-to-many matching, a problem that grows exponentially harder as the comparison pool grows, since false-match rates scale with population size.

Drawing on conversations with the team at Tools for Humanity, the piece outlines five pillars behind World's approach: uniqueness, anonymity, recovery, verification, and delegation. Uniqueness relies on the iris, one of the few biometric signals with enough entropy for billion-scale comparisons, captured via a purpose-built device called the Orb that resists spoofing through multispectral imaging and on-device liveness checks. Anonymity is achieved through secure multi-party computation (AMPC): the iris reading is split into three pieces distributed across independent organizations in different jurisdictions, none of which ever sees the full raw data, yet the system can still determine whether the person has enrolled before.

For engineers, the key insight is the sharp distinction between authentication and uniqueness verification—an area where almost no infrastructure currently exists at scale. The article details the cryptographic and hardware requirements behind such a system, with recovery and AI-agent delegation scenarios to be covered in later sections.