Proof of Personhood

What is Proof of Personhood?

Proof of personhood is a way to verify that a digital identity belongs to a unique, real human being rather than a bot, an AI agent, or a duplicate account. As online systems become increasingly automated, the ability to distinguish genuine human participation from synthetic activity is becoming a fundamental challenge.

Existing solutions often rely on biometric scans, centralised identity providers, or trust in a single company — approaches that can work, but come with trade-offs around privacy, accessibility, and vendor lock-in. IRLid starts from a different angle: instead of asking who you are, it proves that you were physically present with another person at a specific time and place.

How IRLid Works

When two people meet, they complete a short QR-code handshake using their phones. Each device holds a unique ECDSA P-256 key pair generated in the browser. The handshake binds both parties' cryptographic signatures to a shared timestamp and GPS location, producing a receipt that can be independently verified by anyone.

The whole process takes about ten seconds and requires no app download — IRLid runs entirely in the browser. The three steps are:

Step 1 — Show: Person A opens IRLid. Their phone generates a signed HELLO QR code containing their public key, GPS coordinates, a timestamp, and a random nonce. This is displayed on screen.

Step 2 — Scan & Accept: Person B scans A's QR using their phone camera. IRLid opens and automatically creates a signed response that is cryptographically bound to A's specific HELLO. Person B's Accept QR is displayed on their screen.

Step 3 — Verify: Person A opens the Scan page and scans B's Accept QR. The app validates both signatures, checks that timestamps are within 90 seconds of each other, confirms GPS locations are within 12 metres, and combines everything into a single signed receipt. The receipt is uploaded and immediately available to both parties.

Cryptographic Guarantees

Every receipt undergoes multiple verification checks. Here is what each check proves:

Privacy & Data

Right now, IRLid works without biometrics and without requiring any personal information. Your device generates a random key pair — there is no registration form and no email needed just to complete a handshake. This is a deliberate starting point: prove the cryptographic model works before adding layers on top.

Optional bio-metric and hardware-backed enhancements are now available as Settings-gated features. v4 (April 2026) added an optional bio-metric gate — Face ID, Touch ID, fingerprint, or Windows Hello at handshake time, proving the device owner (not just the device) was physically present. v5 (May 2026) added optional hardware-backed signing — keys live in the device's Secure Enclave / TEE / Hello TPM and are non-extractable even on rooted devices. Bio-metric data never leaves the device in either case. Both are off by default and never prompted during a scan; the core handshake works the same without them.

Even today, linking a Google account (and soon, a direct email login) improves the experience in practical ways: your name and profile picture appear on receipts, making it easy to see who you met at a glance. Account linking is entirely optional — the core handshake works the same either way.

Receipts are stored with the public keys of both parties. The receipt JSON is fully transparent — anyone can inspect exactly what data is stored. The core handshake works entirely between two browsers; the backend server is used only for optional features like account linking, receipt storage, and third-party verification. If the server were to disappear, every receipt already issued would remain independently verifiable using the cryptographic data embedded within it.

Use Cases

• Replacing CAPTCHAs You know those "click every traffic light" puzzles you have to solve to prove you're human? They're annoying, they're getting easier for bots to beat, and they don't actually prove you're a real person — just that something solved a visual puzzle. IRLid takes a completely different approach: instead of asking a computer to guess whether you're human, it uses cryptographic proof that you physically met another human being. That's a much harder thing to fake. See a live demo →
• Proving You're a Real Person Online As AI gets better, it's becoming almost impossible to tell real accounts from fake ones. One person can run hundreds of convincing bot accounts. IRLid creates a verifiable chain of in-person meetings — if your account has receipts showing you've met real people face to face, that's strong evidence you're not a bot. Useful for voting platforms, online communities, or anywhere that needs to know its users are genuinely different people.
• Event Attendance Need proof that someone actually showed up to a conference, workshop, or meetup? Instead of relying on a sign-in sheet or a centralised check-in app, attendees can exchange IRLid handshakes. Each receipt is a timestamped, location-stamped, cryptographically signed record that the person was physically there.
• Trust Networks Every IRLid receipt represents a verified, in-person meeting between two people. Over time, these connections build into a web of trust grounded in real-world relationships — not just followers, likes, or friend requests, but proof that two humans actually stood in the same room.
• Marketplace Handovers Selling something in person through a marketplace like Facebook Marketplace or Gumtree? An IRLid handshake at the point of exchange creates a tamper-proof record that both buyer and seller met at a specific time and place. Useful if there's ever a dispute about whether the handover happened.
• Compliance & Audit Some jobs require proof that someone was physically present — site inspections, home visits, witness verification, field audits. IRLid provides a digital record that's independently verifiable and can't be backdated or forged, without needing a centralised system or special hardware.

Open & Verifiable

IRLid is open source. The entire codebase — frontend, backend, and database schema — is publicly available on GitHub. Anyone can audit the cryptographic logic, verify that the signing process is sound, or run their own instance.

Receipts can be independently verified on the Check page by pasting a receipt hash. All cryptographic checks are re-run in the browser — no trust in the server is required.

Technical Writeup

For a deep-dive into the cryptographic protocol, threat model, attack surface, and comparison to alternatives like World ID and passkeys, read the full Proof-of-Personhood Without Biometrics: The IRLid Protocol.

Where IRLid Is Heading

IRLid v3 was the foundation — a cryptographic receipt proving two people physically met. v4 (April 2026) added optional trust history, bio-metric gating, and privacy mode. v5 (May 2026) moved signing keys into the device's Secure Enclave, Trusted Execution Environment, or Windows Hello TPM via WebAuthn, closing the strongest honest criticism of the earlier versions. The protocol continues to grow in layers — future work includes mutual face capture (v5.x), multi-witness time anchoring against atomic clocks (v6), trust-network analysis (v6), drone-delivery and IoT integration (v6+), and zero-knowledge presence proofs (v7). Every layer is optional and off by default; v3-era receipts remain fully valid forever.

The scoring system grows with each layer — from a base of 20 points today to a ceiling of 100 points, maintaining symmetry with the % Confirmed display. All optional enhancements are off by default and user-controlled from Settings. A standard receipt without any extras is fully valid for everyday use.

Full roadmap — layer by layer → Verification score breakdown →