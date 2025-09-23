For most of the internet's history, the absence of a reliable way to verify that a user is human has been an inconvenience, a source of spam, fake reviews, or bot-driven engagement wars. These days, it's become an existential flaw.

AI voice clones have tricked companies into wiring millions to fraudsters, synthetic media is creating events that never happened, starring people who never existed. Platforms are flooded by coordinated armies of fake accounts, making the line between real and artificial blurrier than ever, and with it, the foundations of digital trust.

The natural response is to insist on proof of personhood, systems that guarantee one human gets one account. But if everyone online is verified, we may solve one problem only to create another. A universal identity layer risks becoming the most perfect surveillance tool ever devised.

The challenge isn't just proving you're human, but proving it without sacrificing the privacy and autonomy that make us human in the first place.

The six privacy pitfalls

Any attempt at proof of personhood must grapple with six interrelated risks:

Verification privacy How do you verify someone without exposing their biometrics, government ID, or other sensitive data? Centralized databases become honeypots. KYC isn't a fix, anyone can spin up multiple accounts, and KYC creates dangerous central choke points. Master key vulnerability: Digital identity systems tend to rely on a single "master key." But this key is both brittle and coercible. Governments can demand it at borders, hackers can steal it. Users can also lose it. Vitalik Buterin has already warned that states could make key surrender a condition of entry. Cross-platform linking: If one verified identity trails you across all platforms, your contexts collapse. Who you are at work, with family, or among friends should remain separate. The current online workaround of juggling multiple accounts is flimsy and still linkable. Transaction linkability: Even clever zk-based IDs can betray you. If you move assets from a pseudonymous wallet to your "main" one, the trail becomes obvious. Worldcoin's app-specific IDs are a partial fix, but transaction linkage remains a glaring hole Platform-level tracking Even if identities are unlinkable across platforms, each platform can still build exhaustive dossiers internally. If Google knows every account on Gmail, YouTube, or Search, belongs to the same verified human, even without knowing who, profiling persists. The death of pseudonymity If unverified accounts are deprioritized, pseudonymity dies, yet pseudonymity is vital. It protects whistleblowers, nurtures creativity, and allows experimentation without permanent reputational cost. As Vitalik notes, "finstas" and "rinstas" aren't trivial. They're essential.

Why current solutions fail

Most proof-of-personhood projects address one or two of these issues, rarely all six. Worldcoin relies on proprietary hardware, fails to solve transaction unlinkability, and leaves users vulnerable to master key compromise. Other approaches assume platforms will embrace plural identities unlikely in a business model powered by profiling.

Without a holistic design, proof of personhood risks hard-coding surveillance into the internet's infrastructure.

The case for sessions

One promising direction is what I call sessions, which are cryptographically derived sub-identities linked to, but not exposing, a root identity.

Each session proves you are human, without revealing which human. They cannot be publicly linked to one another or the root and inherit credibility from the root but operate with their own keys, wallets, and reputations.

If a session is compromised, it can be revoked without collapsing your entire identity. Session logic can be one-time-use or context-specific, allowing fine-grained privacy.

In practice, this means if a government demands your "key," you can hand over a disposable session key. If a session is hacked, you burn it without losing your digital life. Platforms can request session-based credentials rather than a single universal identity, preventing context collapse.

Think of sessions as the equivalent of credit card tokenization. Your "real" card stays protected, while platforms transact only with disposable, unlinkable numbers.

The tradeoffs ahead

Sessions are not a silver bullet and users may find managing multiple sub-identities clunky. Malicious apps could accidentally reveal linkages and no cryptographic scheme can prevent platforms from choosing a one-human-one-account model if that serves their incentives.

But sessions shift the design space. They make it easier for platforms to support multiple personas per verified human. They embed privacy as the default, and they give individuals leverage against coercion and theft.

The bigger question

The deeper challenge is not technological but political. How do we make privacy the default, not a premium feature?

How do we incentivize platforms to support plural identities, rather than collapsing us into one data-exploitable profile? How do we design governance so that identity infrastructure serves citizens, not states or corporations?

AI is making impersonation cheap, scalable, and increasingly more convincing. Proving you're human is no longer optional. But unless proof of personhood evolves hand-in-hand with privacy, we risk building a system where being human online means being permanently watched.

The path forward isn't more surveillance, but investing in the design that assumes and protects our complexity.

