What makes someone human in the digital space? In a world full of bots, AI, and synthetic identities, proving you're a real person isn’t as simple as it once was. Yet, it becomes more and more important.
Online interactions used to rely on simple assumptions: if someone typed, posted, or signed up, they were probably human. But that’s no longer the case.
Threads, platforms, and forums are flooded with AI-generated replies and engagement bait. Deepfakes can mimic faces and voices with uncanny realism. Spam bots and Sybil accounts have grown more sophisticated, often scaling across networks in seconds.
According to Imperva’s 2025 Bad Bot Report, automated traffic made up 51% of all internet activity in 2024. For the first time, bots have outpaced humans online! But what’s truly concerning is that 37% of bot activity was classified as malicious.
For digital ecosystems built on trust, coordination, and incentives, this creates a fundamental challenge: how do you prove someone is real without forcing them to surrender their identity to an increasingly hostile environment?
Bot in the Human Skin
Participation doesn’t equal authenticity. Bots can farm airdrops at an uncanny scale. And they are notorious for it! Large-scale farms — like the recently exposed 30,000-phone airdrop operation in Vietnam — now simulate human-like behavior with alarming accuracy. They spoof biometrics, mimic social activity, and spread interactions across thousands of wallets. These aren’t sloppy scripts or obvious spam. They’re sophisticated systems built to look human.
This surge in Sybil and bot activity harms data quality, erodes trust, misallocates resources, and creates environments where real humans can't participate in programs built for them. It’s a wolf-in-sheep-clothing problem — and most systems aren’t watching closely enough. The broader question is still being debated. As Vitalik Buterin recently put it in his Does digital ID have risks even if it's ZK-wrapped? article: “One of the key questions is: do we go for a ‘one-person-one-ID’ approach, or do we embrace a more pluralistic notion of personhood?”
According to Cloudflare, 500 human years are wasted on CAPTCHA daily, and it still lets bots through. KYC is fragile too — government-issued IDs aren’t accessible or reliable for everyone, and centralized databases introduce surveillance risks and single points of failure. Meanwhile, fake KYC is cheap and easy to buy. Soon enough, it can be generated.
The old approaches aren’t working. What’s needed now are pluralistic, context-aware, interoperative, behavior-based models that are harder to game, and don’t exclude the very people most in need of access.
The question isn’t just how to block bots and Sybils. It’s how to protect digital ecosystems without forcing people to overshare, and without leaving out those who lack traditional forms of ID.
Identity Isn’t the Goal. Humanity Is.
In most systems today, proving you’re human means revealing something: a face, a document, a phone number, and storing the verification document for compliance. And when that data is stored in centralized databases or third-party platforms, it becomes a target. Identity verification becomes a liability when the personal information it collects is stored in a sensitive form, i.e., plaintext or unencrypted, vulnerable to leaks, misuse, or surveillance. But does it have to be this way?
Being a real, unique human isn’t the same as being publicly identifiable (doxxed). Or, it doesn’t have to be. What if instead of doxxing people, we could assess their humanity across communities and projects?
That’s the approach that Human Passport takes.
Human Passport enables users to verify that they are both human and unique across not just one, but many ecosystems. That means evaluating whether a user behaves like a genuine person, using low-friction, privacy-respecting inputs.
It’s a modular, pluralistic system:
Passport Stamps reflect user activity, verifications, and presence across ecosystems.
Passport Models estimate Sybil risk based on wallet patterns, trained on millions of verified wallet interactions.
Human ID by human.tech offers zero-knowledge KYC, biometrics, phone verification, and sanctions checks when tighter regulatory compliance is required, and privacy needs to be preserved.
Passport Data Services offers bulk analysis of lists of wallets to both classify and cluster Sybil networks.
This modular design lets projects build custom solutions around their ecosystem’s unique needs, from lightweight protection to frictionless verification to privacy-preserving compliance.
How Human Passport Measures Humanity Across Ecosystems
What does real participation look like, and how do we tell it apart from manufactured behavior?
Real users behave with purpose and variation. They interact over time, across contexts, and in ways that are hard to fake. By contrast, Sybils and bots tend to operate in bursts, lack behavioral diversity, and follow predictable patterns.
Human Passport helps systems detect the difference, not through rigid criteria, but with contextual humanity evaluation. There are examples:
In Story Protocol’s $IP airdrop, Human Passport helped filter out likely Sybils from over 200,000 wallets.
Kernel and Kelp used Human Passport during testnets to reward genuine, multi-chain engagement.
Gitcoin Grants continues to use model-based scoring for more equitable funding distribution.
For Optimism’s Citizens’ House, pluralistic proof of humanity was integrated to secure one-person-one-vote governance.
These examples show how trustworthiness (proof of humanity) can help protect communities, campaigns, and coordination systems. It’s already helping numerous protocols stay fair, secure, and human-first.
What About Privacy?
We strongly believe that users should not be forced to trade privacy for access. And we’re not asking them to.
Human Passport’s tools (Passport Models, Data Services, and Stamps) are completely privacy-preserving. Users opt-in by demonstrating activity through public credentials, social proof, or platform-approved integrations, but Passport never stores any personally identifying information.
When real-world government, biometric, phone, or sanctions verification is necessary, Human ID by human.tech adds a privacy-preserving option.
Here’s how it works: users scan their ID, verify a phone number, or complete a liveness check — similar to traditional KYC. But instead of storing identity data in a central database, Human ID generates a zero-knowledge proof on the user’s device, confirming traits like uniqueness or compliance without exposing personal information.
Once the proof is generated, users submit it along with their wallet address. Upon validation, Human ID issues a soulbound token (SBT) to that wallet, affirming identity verification in a privacy-preserving manner. Partner applications — like Human Passport — can then check for the presence of this token to verify that the user has been validated, without ever accessing the original identity data.
The encrypted identity document is stored securely by the underlying verification provider (not Human ID or the partner app). It remains inaccessible by default and can only be decrypted under strict legal conditions, such as a verified government request or compliance review.
You can see it in action: Ika used Human ID’s Proof of Clean Hands (the sanctions and political exposure check) to conduct a compliant airdrop.
Human ID is designed to meet user expectations and compliance standards, without forcing projects to choose between safety and user control. Learn more in the documentation.
Recognizing Humanity Without Doxxing
In the digital space, personhood isn’t self-evident. But it can be recognized through consistency, intent, and diversity of behavior.
Human Passport doesn’t define humanity. It provides a customizable framework that platforms can use to verify behavioral authenticity and trustworthiness, a meaningful proxy for personhood, without putting users’ privacy at risk.
No system is perfect. But every additional layer of Sybil resistance helps open digital systems to more genuine participation and keeps them protected from manipulation.
Identity isn’t the goal. Humanity is.
For Builders, Human Passport Offers:
Protecting rewards and other capital allocation strategies, governance and community programs, and other programs that are susceptible to Sybil attacks.
Onboarding real humans without forcing identity disclosure.
Meeting compliance requirements with optional zk KYC when needed.
Gaining confidence in your user base, without compromising user privacy.
Whether you’re designing token incentives, launching a community, or securing governance, let trust and meaningful engagement be your baseline.
Learn more: passport.human.techBuild with Human Passport: docs.passport.xyzGet in touch with the partnership team: Apply Here
FAQs
What is Human Passport?
A modular verification system that helps digital platforms assess whether a user is a real, unique human, without requiring traditional KYC or biometrics.
Do I need to KYC to use Human Passport?
No. Most of the system works without identity verification. If required, projects can enable zk-based KYC via Human ID.
How is humanity evaluated?
Through the combination of Passport Stamps (user activity across apps and chains), Passport Models (wallet pattern recognition trained on verified data), and other data analyses.
What kind of apps can use Human Passport?
Any app that wants to verify users, including airdrop platforms, governance tools, social protocols, DeFi projects, AI tools, and community applications.
Is this compliant with data privacy regulations?
Yes. Human Passport is designed with privacy by default, minimizing data collection and using zero-knowledge proofs where applicable.
You say you don’t ask for identity data, but there are KYC Stamps on Human Passport. Are they secure and preserve privacy? How?
Human ID Stamps (Gov ID, Biometrics, Phone Verification, Proof of Clean Hands) are zk-based credentials. All computation of identity documents happens on the user device. Human Passport and human.tech’s Human ID do not store any personally identifying data used in the verification process. This reduces the fraud risk significantly as no records can be stolen from the server (aka honeypot). And thanks to the use of zk proofs, no unnecessary data is revealed to the querying parties. For example, your name will not be displayed to the protocol that only needs to know you’re not on the sanctions list.
