When was the last time you were asked by a website to find staircases or crosswalks in a maze of images? When was the last time you were asked to click on a checkbox to prove you were a human? Perhaps, just yesterday, or today, or maybe an hour back.
We all have come across websites that ask us to self-certify ourselves as humans, sometimes through puzzles, while at times through self-declaration. And we hear your inner voice… it gets too frustrating at times, especially when you are in a hurry to consume information. Nevertheless, we all would agree that such checks are absolutely necessary given the surge in AI-powered bots that seem to have proliferated in social media platforms, and the entire web as a matter of fact, and are posting content that create disengagement because they lack human touch.

Imagine the consequences faced by social media platforms and community forums owing to the barrage of content posted by AI tools.

Or ponder over the ramifications of deploying AI systems for nefarious purposes, such as spreading misinformation and defrauding online audiences, leading to distrust among such audiences.

How do we resolve this matter then? How do we make sure that despite AI growing adept at mimicking human behaviour, we are able to distinguish between real human users and AI impersonators?

Enter “Personhood Credentials”

A team of researchers from eminent institutions – ranging from Harvard University, OpenAI, Massachusetts Institute of Technology, and Microsoft among others – have developed a verification concept called personhood credentials. These digital credentials prove that their holder is a genuine human while masking other private details about the individual. These credentials rely on the understanding that AI systems are still incompetent at duping the state-of-the-art cryptographic systems and at impersonating humans. Having such credentials can potentially reduce the volume of data breaches, which stood at over 3,200 in the United States alone in 2023, according to Theft Resource Center. The idea of personhood credential gains further gravity when we consider that genuine humans may not like to give away their anonymity while establishing trust during access of online platforms and digital services.

Such credentials can assume any form – including certificate in web browser, biometric data and non-fungible token stored in blockchain.

All we need is to keep the credentials secure while allowing the individuals quick access to their credentials.

How do they work?

The authors of the non-peer-reviewed paper propose that individuals will need to physically visit an issuer or one of the issuers to request the credentials. Biometric data or government-issued identity proofs will be used to establish the evidence of being a real human. On approval, a single credential will be transferred to the individual’s device for storing it just like debit and credit cards are stored in smartphone’s wallet.

When using the credentials, the individual will have to present them to a third-party digital service provider. The provider will then verify the credentials using a cryptographic protocol called a “zero-knowledge proof”. This process will confirm the authenticity of a genuine human without disclosing any further personally identifiable information.

Personhood credentials will have to surfaced by the individual on any supporting platform which can be verified by other individuals or the platform itself.

For example, when you use Bumble or Facebook, the credentials will be verified by the platform, and any profile that does not carry the credentials can be rejected by the other people during the connection process. Alternatively, the posts made by people lacking personhood credentials can be deprioritized in the feed or can be outrightly filtered out by the users. When used by the governments, public institutions and companies, the credentials can help to weed out users who appear to be AI rather than genuine humans.

Is it the first of its kind?

Nope, similar solutions exist. Idena is a blockchain-based system that offer proof of being human by making people solve complex puzzles that bots would take a long time to decipher. Worldcoin is another so-called privacy-preserving identity network that cryptographically stores biometric data based on iris scans and provides proof of human identity. A disclaimer though – because of allegations that Worldcoin did not obtain meaningful consent from its users, the company’s operations have ceased in Hong Kong, Spain, Brazil, Kenya and India.

And that opens up space for other players to jump in, personhood credentials being one of them. Despite certain challenges, personhood credentials can make a mark in the authentication industry.

Bye-bye misinformation?

There is no longer an iota of doubt that bots have damaged the internet landscape by disseminating misinformation, leading to financial and social crimes. With generative AI gaining titanic power to create and post content, it will grow more challenging to detect and avoid misinformation. The capacity to distinguish between humans and bots will help to prioritize human-generated content and keep the internet safe from misinformation.

Cool, can we get started right away?

No, wait! There are challenges too. Personhood credentials are not a guarantee of privacy, as our personal data stays under surveillance by other pervasive tracking devices. However, there is a larger problem lingering around the idea of personhood credentials. And that is the risk of dystopia. Yes, you got that right… dystopia.

What if the government or the internet platforms misuse personhood credentials to decide who exists online and who must be casted out?

Such centralization of power in a few hands can lead to a massive democratic crisis, where powerful entities may decide your grant or lack of access to the online world. This can convert personhood credentials into weapons against freedom of expression, thereby creating a dystopian word where public and private powerhouses control the kind of voices existent online.

What’s game for Tomorrow?

The verdict is simple. The idea of personhood credentials needs further refinement and funding, of course, so that a resilient and meaningful system can be deployed for keeping bots out of play. Obviously, we cannot let any one entity to gain control over the access to the internet. Yet, it is also necessary to devise a system that allows for verification of human identity and personhood credentials looks like a contender in the arena.