What Is Proof of Personhood?
TLDR
Proof of personhood means verifying that an account is controlled by a unique, real human — not a bot, not a duplicate account, not an AI persona. Current approaches include biometric scans (Worldcoin), liveness checks (banking-style), social vouching, and government ID. Each trades something different: privacy, accessibility, or security.
- Proof of Personhood
- A technical mechanism for verifying that an entity interacting with a system is a unique real human. Unlike identity verification (which confirms who you are), proof of personhood only needs to confirm that you are human and unique — not your name, address, or other identifying information. Sometimes abbreviated PoP.
DEFINITION
- Liveness Check
- A verification technique that confirms a real human is physically present during an interaction by asking them to perform a live action — typically blinking, turning their head, or reading a phrase — that a static photo or pre-recorded video cannot replicate. Used by banks and financial institutions for remote account opening. The check proves presence, not identity.
DEFINITION
- Sybil Attack
- An attack on a network or system where a single entity creates multiple fake identities to gain disproportionate influence. Named after a case study in psychology. In social media, a Sybil attack means one operator controlling thousands of accounts to dominate a conversation or vote. Proof of personhood is specifically designed to prevent Sybil attacks.
DEFINITION
Why This Problem Exists
The internet was designed for computers, not humans. When you create an account on any social platform, the platform has no technical way to know if you’re a person or a script. Email addresses are cheap. Phone numbers are cheap. Even two-factor authentication just proves you have access to a device, not that you’re human.
This wasn’t a serious problem when the internet was small and bots were expensive to operate. It’s a serious problem now. Bots can be created and operated at scale for almost nothing. One person with a modest budget can control thousands of accounts indistinguishable from real users by standard platform checks.
Proof of personhood is the attempt to close this gap — to create a check that a bot genuinely cannot pass.
Current Approaches and Their Tradeoffs
Biometric Iris Scanning (Worldcoin)
Worldcoin’s approach: scan your iris with a physical device (the Orb), generate a unique code from the iris pattern, register it as proof you’re human.
The appeal: iris patterns are biologically unique, stable over time, and hard to fake. A single registration proves uniqueness — the database can check you haven’t registered before without storing your actual iris.
The problems: you need access to an Orb, which are only in certain cities. You’re handing biometric data to a private company with a financial interest in growing its database. Several EU and Asian countries have opened regulatory investigations into Worldcoin’s data practices. And the crypto-native framing (you receive WLD tokens for registering) creates perverse incentives and scams in lower-income countries.
Liveness Checks (Banking Model)
Banks have used liveness verification for years as part of remote KYC. The check is simple: perform a live action (blink, turn your head) in front of the camera. The system confirms the video is live and not a static image or replay.
This proves presence — a real human is behind the camera right now — without capturing identity documents or biometric data. The liveness check result (pass/fail) can be stored without storing the video or any biometric.
Truliv uses this model: blink and turn your head, under 60 seconds, no biometric data kept after the check completes. The check is done once at account creation. The only thing stored is that your account passed — not the video, not the biometric data.
The limitation: liveness checks prove a human is present at registration, but not that the same human controls the account afterward. This is a real gap, though it’s much harder to exploit than creating bots from scratch.
Government ID Verification
Some platforms (or features) require uploading a government ID — passport, driver’s license. This works for unique identity but is maximally invasive: it definitively links your account to your real-world identity.
This is appropriate for financial services and some legal contexts. It’s not appropriate for general social media, where pseudonymity has legitimate value for journalists, activists, people in unsafe situations, and anyone who simply prefers to keep their online persona separate from their legal name.
Social Vouching
Some systems (early Clubhouse, some professional networks) relied on invitation chains — you can only join if someone already in the network vouches for you. This creates trust through social accountability.
It works poorly at scale. Vouching networks are hard to bootstrap, susceptible to invite trading and selling, and tend to create cliques rather than open communities.
The Privacy Question
The main tension in proof of personhood is between strength of verification and privacy.
The strongest systems (iris scans, government ID) give you high confidence someone is a unique real human. They also require collecting sensitive data that can be misused, leaked, or used to de-anonymize users.
The weakest systems (email verification) give you almost no signal. They’re trivially gameable.
Liveness checks occupy a useful middle ground: strong enough to stop automated bots, weak enough that you don’t need to hand over identity documents, and private enough that the verification can be done without storing biometric data.
This is not a perfect solution. A motivated human can pass a liveness check and then operate a bot-like account. A careless implementation could leak the liveness video. But for the problem of bot farms and AI personas on social media — accounts created by the thousands without any human involvement — liveness is a practical and privacy-respecting check.
Why It Matters for Social Media Specifically
Proof of personhood matters more for social media than for most other applications because:
- The scale of bot abuse is documented and large
- The harm from bot-dominated discourse is real (influence operations, engagement fraud, degraded conversation quality)
- The affected population includes people with legitimate reasons to be pseudonymous
- The platforms themselves have weak incentives to fix it (bots inflate engagement metrics)
A social platform that required proof of personhood at signup would have a fundamentally different character. Not necessarily better in every way — real humans can be awful online — but different in the specific way that currently makes social media feel like shouting into a crowd of robots.
Q&A
What is proof of personhood?
Proof of personhood (PoP) is any mechanism that verifies an account is controlled by a unique real human. It solves a different problem than identity verification: PoP doesn't need to know who you are, just that you're not a bot and that you haven't already registered a different account. The two main technical approaches are biometric (scanning something unique about your body, like an iris) and behavioral (watching you perform a live action that bots can't replicate).
Q&A
How does Worldcoin verify personhood?
Worldcoin uses an iris scan performed by a physical device called the Orb. The Orb generates a unique code (an IrisCode) from your iris pattern, stores that code in a database, and issues a cryptographic credential proving you're registered. The IrisCode itself is not supposed to be stored long-term — only the hash. However, Worldcoin has faced regulatory investigations in several countries over its data practices, and the requirement to use a physical hardware device limits accessibility significantly.
Want to be first on a human-only network?
Try Truliv free — no credit card required.