not.bot Use Cases: Verified Humanness
This document covers verified humanness applications: CAPTCHA replacement, sybil defense, surveys and polls, and catfishing prevention. It is part of the not.bot use cases catalog; the Use Cases Index holds the full catalog and the mechanism definitions the use cases draw on.
The unifying property
These use cases share a common need: distinguish real humans from bots, and distinguish one human from another, at the protocol layer rather than through behavioral inference.
The mechanism stack:
- Verified humanness: each authentication binds to a passport-verified human at the cryptographic layer.
- Site pass: one-human-one-account per site, derived through MPC, unforgeable.
- Selective disclosure: the user reveals the specific claims the verifier asks for and nothing else.
Adversarial AI has destroyed the older defenses. Image CAPTCHAs solve at human-or-better rates. Behavioral profiling raises privacy concerns and ships browsing data to third parties. The economics now favor not.bot's approach: cryptographic answers to humanness questions cost less to deploy and verify than continuous adversarial-AI arms races.
CAPTCHA replacement
What CAPTCHA tries to prevent:
- Automated account creation
- Credential stuffing and password-spray attacks
- Web scraping and data harvesting
- Comment, review, and forum spam
- Ticket and inventory scalping
- API abuse and rate-limit evasion
- Survey and poll fraud
- Click fraud in ad networks
- Form-submission abuse
- Layer-7 DDoS amplification
CAPTCHA fails on every dimension. Image CAPTCHAs solve faster than humans can. Behavioral CAPTCHAs profile users in ways that raise privacy concerns. Accessibility is poor: blind users, motor-impaired users, and users on low-end devices fail challenges legitimate users should pass. Friction is universal; nobody enjoys picking traffic lights.
not.bot replaces "are you a human?" with a cryptographic answer instead of a behavioral guess. One tap on the phone, biometric-gated, verifiable. Each presentation binds to a specific passport-verified human, so the cost of running an automation farm becomes the cost of acquiring real passports, several orders of magnitude above what behavioral CAPTCHA imposes.
The business value: CAPTCHA costs every website that deploys it. The direct costs include licensing fees for the paid behavioral tiers. The indirect costs are larger: conversion-rate drops of 10-40% when legitimate users abandon forms rather than solve puzzles, accessibility lawsuits from disabled users who cannot complete challenges, and privacy complaints from users whose browsing behavior gets shipped to third-party analytics. not.bot eliminates all three cost categories. Conversion rates improve because friction drops to a single biometric tap. Accessibility becomes a non-issue. Privacy improves because no behavioral data leaves the user's device.
Sybil defense
The shared mechanism is the site pass: a per-human, per-site identifier derived through MPC. The same human cannot create two site passes for the same site, even using different aliases.
Concrete attack categories this prevents:
- Loss-leader and promo-code abuse (one $20-off-first-order per human, not per email)
- Free-trial cycling
- Inventory sniping and scalping (sneaker drops, console launches, concert tickets, limited-edition collectibles, iPhone launches)
- Fake reviews
- Astroturfing and review brigading
- Online poll and survey manipulation
- Airdrop and incentive farming (crypto, rewards programs)
- Smurfing in online games (multi-account abuse of matchmaking)
- Wait-list and beta-program manipulation
- Referral program abuse (self-referral rings)
- Petition and online-vote manipulation
- Subscription trial-and-cancel cycling
- Customer-service abuse (multiple accounts to escalate the same complaint)
The business value: Multi-account abuse costs platforms and retailers billions per year. Promo-code abuse alone runs into hundreds of millions across e-commerce. Scalping operations capture value from both the retailer (brand damage, customer frustration) and the consumer (inflated secondary-market prices). Fake reviews undermine the entire recommendation economy; Amazon, Yelp, and Google spend enormous resources trying to detect and remove them. Site passes eliminate the economic model behind all of these attacks by making one-human-one-account a mathematical guarantee rather than a policy to enforce. Platforms that deploy sybil defense recover the revenue lost to abuse and restore the signal quality that legitimate users depend on.
Surveys and polls
The use cases: market research, academic research, political polling, customer satisfaction surveys, employee engagement, product feedback, A/B testing, beta testing, and focus groups. The shared problem: data corruption before analysis begins. Bot responses, fake panel members, click farms, single humans operating multiple panel accounts, AI-generated responses from real humans gaming incentives, demographic fraud.
Pew, Nielsen, Ipsos, Gallup, and academic survey researchers all publish about response quality decline. The decline accelerates as AI tools lower the cost of fabricating responses.
not.bot offers three properties at the same time:
- Sybil defense via site pass: one human, one response per survey.
- Verified humanness: bot responses are impossible at the authentication layer.
- Demographic credentials without identity disclosure: panels recruit by age bracket, nationality, gender, and verification level without storing PII.
The business value: Market research firms charge premiums for high-quality panel data. Response-quality decline threatens the value proposition of the entire survey research industry. A research firm offering not.bot-verified panels can charge premium rates because the data integrity is guaranteed by cryptography rather than estimated from statistics. Academic researchers gain IRB-friendly data collection (no PII stored) with higher response validity. Political pollsters gain protection against coordinated manipulation campaigns that distort public polling results. For any organization making decisions based on survey data, the difference between 90% valid responses and 99.9% valid responses can change the conclusion.
Catfishing prevention on dating apps
Selective disclosure is the operative property. The user proves humanness, age threshold, and gender to the platform without revealing name, address, or birthdate.
Aliases let users maintain a dating-app identity tied cryptographically to a real human without exposing identity to the platform or other users. The platform gains sybil resistance (one human, one account per platform) and verified-real-person assurance for matched users.
Threats addressed:
- Fake profiles using stolen photos
- AI-generated personas that don't correspond to a real person
- Multi-account abuse (banned users returning under new identities)
- Demographic misrepresentation (age, gender)
- Romance scams that depend on the scammer's anonymity
The user gains protection without surrendering identity to the platform. The platform gains the trust property without becoming a custodian of sensitive identity data.
The business value: Dating apps generate over $6 billion a year, and fake profiles are the top complaint across the industry. Tinder, Bumble, and Hinge spend significant engineering and moderation resources fighting fake accounts. Romance scams cost victims over $1.3 billion per year in the US alone (FTC, 2023). Verified-human profiles differentiate a platform as a premium experience, justify higher subscription pricing, and reduce the moderation burden. Users who trust the platform stay longer and pay more. Platforms that offer "verified only" matching tiers create a competitive moat that unverified competitors cannot replicate.