# **not.bot™ Problems: Index**

This index is the entry point to the not.bot Problems series, which presents public evidence for the problems the not.bot product family exists to solve. Five detail documents carry the record: named incidents, date-stamped figures, the regulatory drivers, who bears the cost, and what an adequate solution requires. Each closes by bridging to the solution document that meets its requirements. This index states each problem in one line and links to the full case. Figures repeated here carry their source and date; the detail documents carry the full record.

---

## **The five problems**

### **Deepfakes and Inauthentic Content** → [Doc #41](http://doc_41_problems_deepfakes.md)

**Fabricating anyone's face and voice costs almost nothing, detection loses the arms race, and every authentic recording now competes with the possibility that it is fake.**

Building a deepfake generator takes as few as 20 photographs of the target and about 15 minutes on a consumer computer (Oxford Internet Institute, FAccT 2025). A finance employee wired US$25.6 million after a video call on which every other participant was a deepfake of a real coworker (CNN, February 2024). The UK Home Office estimates 8 million deepfakes shared in 2025, up from 500,000 in 2023 (February 2026). Detection asks whether content looks fake, and that question gets harder with every model generation. [Content Provenance and Digital Signatures (Doc #2)](http://doc_02_content_provenance.md) describes the question that stays answerable: whether content carries proof of authenticity.

### **Proof of Personhood** → [Doc #42](http://doc_42_problems_proof_of_personhood.md)

**No system deployed at internet scale can tell whether an account belongs to a human without demanding to know which human.**

Beating SMS verification, the gate most platforms put in front of account creation, costs US$0.08 to US$0.12 per account at the largest platforms (Science, December 11, 2025). Human beings are now the minority of measured internet traffic (two network-scale measurements, December 2025 and April 2026). In July 2025 an AI agent clicked through a "Verify you are human" checkbox in the middle of a routine task, narrating the step as it worked; checks of that kind read behavioral signals, and an agent in a real browser emits them as well as a person does. The New York Attorney General found almost 18 million of the more than 22 million comments in one federal docket fake (May 2021). [Human Verification and not.bot Verify (Doc #3)](http://doc_03_human_verification.md) describes proof of personhood without identity: one person, one account, and the site learns nothing else.

### **Age Verification Without Surveillance** → [Doc #43](http://doc_43_problems_age_verification.md)

**The law now requires age checks across the major internet markets, and the systems used to comply collect identity data that gets retained, breached, and repurposed.**

The US Supreme Court upheld state age-verification mandates (*Free Speech Coalition v. Paxton*, June 27, 2025), and the UK, Australian, and Brazilian duties are in force (July 25, 2025; December 10, 2025; March 17, 2026). The first year of enforcement produced the record: about 70,000 government IDs leaked from a vendor that held them for age appeals (Discord disclosure, October 2025), a €950,000 fine against an age-verification provider for retaining identity documents and repurposing them as training data (AEPD, March 2026), and Roblox losing 12 million daily users in the quarter it made age checks mandatory (April 30, 2026). An age check asks a yes-or-no question, and every accepted way to answer it collects identity. [Human Verification and not.bot Verify (Doc #3)](http://doc_03_human_verification.md) describes the alternative: a signed yes-or-no answer, with no identity data reaching the site and no record of who verified where.

### **Non-Government Digital ID** → [Doc #44](http://doc_44_problems_digital_id.md)

**Digital identity today means a record in someone else's database, a government portal or a platform login, and the costs arrive as breaches, surveillance, and exclusion.**

Attackers breached France's national identity portal at 11.7 million confirmed accounts (France Titres, April 2026). The mobile driver's license standard includes a mode in which the issuing government learns where and when a license is used; a coalition including the ACLU, EFF, and Bruce Schneier campaigns against it, with Julia Social among the signatories (No Phone Home, June 2025). India's identity program acknowledged a 12% authentication-failure rate for government services, runtime exclusion at population scale (March 2018). An identity held in a provider's database is the person's at the provider's pleasure. [The not.bot App (Doc #5)](http://doc_05_notbot_app.md) describes identity anchored once in the signature a government placed inside the holder's passport chip, then held by the person alone. [Privacy Architecture (Doc #7)](http://doc_07_privacy_architecture.md) carries the proof that no party, Julia Social included, can watch it being used.

### **Unaccountable AI Agents** → [Doc #45](http://doc_45_problems_unaccountable_agents.md)

**AI agents browse, transact, post, and persuade with no verifiable identity and no chain of accountability to any person.**

Meta's CEO expects more AI agents than people in the world (July 2024). Four in five organizations that run agents report agents taking unintended actions, and fewer than half have any policy governing them (survey by Dimensional Research, May 2025). Researchers ran 34 covert AI accounts on a public forum for four months, posing as humans and persuading at multiples of the human baseline, and the accountability chain afterward led nowhere (Science, April 30, 2025). The regulatory responses are disclosure duties, and disclosure binds the honest. honest.bot™, planned for Q4 2026, exists to close this gap; [honest.bot: Verifiable Agent Identity (Doc #4)](http://doc_04_honest_bot.md) describes the delegation chain that ends at an accountable human.

---

## **Who is human, and who answers when it is not**

The series pairs around one question. Proof of personhood (Doc #42) asks whether the actor behind an account is a human being. Unaccountable AI agents (Doc #45) asks what follows when the answer is no: who does this agent act for, and who answers if it goes wrong. One incident appears in both documents. In July 2025 an AI agent passed the internet's humanness check in the middle of a routine task, because the check infers humanity from behavior and the agent behaves like a person. Read one way, the incident shows the human test failing. Read the other way, it shows an actor no counterparty can identify operating where only people were expected.

Neither blocking nor admitting resolves it. Blanket blocking forfeits the shopping assistants, booking agents, and research tools that customers send. Open admission fills the channel with machinery nobody can trace. The way out is one infrastructure with two proofs. not.bot Verify proves a human is present while learning nothing about which human. honest.bot gives an agent an identity that one running process holds, with a delegation chain that terminates at a not.bot-verified human. A site that checks both admits verified humans and verified agents accountable to verified humans, and turns away whatever proves neither.

## **What repeats across the five documents**

The problems compound. Deepfakes (Doc #41) and proof of personhood (Doc #42) are the content side and the actor side of one inauthenticity problem: when behavioral tests fail, platforms retreat to document-and-selfie checks, and the deepfake injection chain defeats those (World Economic Forum, January 2026). Age verification (Doc #43) and digital ID (Doc #44) price that retreat: identity data collected to answer a yes-or-no question, then kept past its purpose, breached, and repurposed.

Two findings hold in every document. Regulation arrives everywhere and supplies no instrument: removal deadlines, disclosure duties, age mandates, and wallet programs assign obligations that assume verification infrastructure nobody has built. And every deployed defense buys assurance with surveillance: behavioral scoring reads the user's device, document upload copies the passport, and federated logins and phone-home wallets report where an identity is used. Each document closes with the requirement set its evidence defines, and the sets converge on the same properties: a deterministic cryptographic answer instead of a probabilistic score, proof bound to an accountable person, no central database, no record of who verified where, and verification free for the person. The not.bot product family is built to those properties.

## **Related documents**

- [Content Provenance and Digital Signatures (Doc #2)](http://doc_02_content_provenance.md), [Human Verification and not.bot Verify (Doc #3)](http://doc_03_human_verification.md), [honest.bot: Verifiable Agent Identity (Doc #4)](http://doc_04_honest_bot.md), and [The not.bot App (Doc #5)](http://doc_05_notbot_app.md): the solution documents the five problems bridge to.
- [Privacy Architecture (Doc #7)](http://doc_07_privacy_architecture.md): the architectural guarantee behind the no-surveillance requirements.
- [Use Cases Index (Doc #30)](http://doc_30_use_cases_index.md): the companion catalog. The problems establish why verification matters; the use cases catalog where it pays off.