Maybe what would work is some type of physical checkpoint where a person can be viewed and confirmed to be human - say at a mobile phone store or really whoever wants to do it. Then again, some people are even averse to being filmed at any store. Not sure if this would work in tandem with another biometric, such as with VeryAI, or this is all that is needed.
Otherwise maybe a type of vending machine could be used with some human-checking devices implemented in it - and that device could be tied into the blockchain.
The issue with all this of course is say you've proved to be human, what happens if you tell your bots the obtained info in order to become an "acting clone" - or rather someone steals the info? So maybe a bi-weekly checkup on that vending machine that acts as a sort dead-man's switch? It's starting to sound unreliable.
There could also be "human-attestation spaces" whereby anyone inside is validated to be human for the time they are present there. Like a cubicle at a library. Not sure what the point would be, though.
Yet, thinking far ahead. At some point, the problem may be human clones and validating an authentically original human. See 'Celebrity Doppelganger Fury' : youtube.com/@CDFury/videos
1. I wouldn't want to wear a glove while typing.
2. Maybe for something like nuclear missile control you would want extremely high security like this, but for something like low stakes like a google search it seems overkill.
I’m standing in a line on my iPhone, waiting to get into a basketball game. So apologies for being sloppy.
Ok, so you’re talking about technologies that already exist and practically everyone has them.
First, you don’t need a new HTTP protocol, you’d use regular HTTPS with certificate authentication.
The glove you speak of is a biometric device with a Secure Enclave (SE) (eg Apple Watch) or secure access to a device with an SE.
This SE stores the private key of a key pair in a manner inaccessible without biometrics. This is also how PassKeys work.
A key challenge here is that everyone has a variety of devices from a variety of OEMs that are all simultaneously talking to multiple services synchronously. More often than not, a web request actually isn’t initiated by a human.
So, you’ll need to get everyone to agree on a standard. You’ll need to address the privacy concerns of privacy-minded people, because if you can attest that a person is actually there, doing something that is going to set off warning bells for private people. It’s also going to set off dinner bells for advertisers and governments.
Again sorry, I’m on mobile and in a line. These exact scenarios (and their drawbacks) are routinely discussed in technical and privacy circles.
Read up on technologies like PKI, certificate-based Auth, PassKeys, Secure Enclave, and biometric devices. The Apple Platform Security Guide is a good first step on what a commercial product is already doing.
All interesting ideas but to get traction make it part of a low latency haptic suit that people can use to sex each other up or show off their PVPness, make some prototypes for executives and investors to play with and I could see it getting attention. Maybe get a demo integrated with VRChat. On the more taboo end and to not discriminate make all sizes of suits for all body types and ages. Provide an SDK so that all gaming companies can incorporate your suit. That should give "Collision Detection" a whole new meaning and experience.
If Tesla optimus robots were breaking into my house at night, logging into my computer, and using my web browser, this would be one solution.
You didn't mention anything about how the web server knows if the other end of the connection is this user-hostile browser or a python/javascript bot with a spoofed user agent.
Even aside from the hardware aspect of it, or the ick factor of biometrics to use the web, or possibly launching it and getting full adoption, or the fact that it absolutely could have the data spoofed, or that new attacks would be developed to MITM someone's pulse and mirror it on their bot's connection...
Where is this validation happening? Not on every transaction to every web server, surely. How could a HTTP protocol possibly actually achieve this kind of validation?
A new capital-raising occurred to get photographs of palms encoded and onto a blockchain using zero-knowledge proofs.
https://cointelegraph.com/news/polychain-backs-veryai-s-10m-...
Maybe what would work is some type of physical checkpoint where a person can be viewed and confirmed to be human - say at a mobile phone store or really whoever wants to do it. Then again, some people are even averse to being filmed at any store. Not sure if this would work in tandem with another biometric, such as with VeryAI, or this is all that is needed.
Otherwise maybe a type of vending machine could be used with some human-checking devices implemented in it - and that device could be tied into the blockchain.
The issue with all this of course is say you've proved to be human, what happens if you tell your bots the obtained info in order to become an "acting clone" - or rather someone steals the info? So maybe a bi-weekly checkup on that vending machine that acts as a sort dead-man's switch? It's starting to sound unreliable.
There could also be "human-attestation spaces" whereby anyone inside is validated to be human for the time they are present there. Like a cubicle at a library. Not sure what the point would be, though.
Yet, thinking far ahead. At some point, the problem may be human clones and validating an authentically original human. See 'Celebrity Doppelganger Fury' : youtube.com/@CDFury/videos
1. I wouldn't want to wear a glove while typing. 2. Maybe for something like nuclear missile control you would want extremely high security like this, but for something like low stakes like a google search it seems overkill.
I’m standing in a line on my iPhone, waiting to get into a basketball game. So apologies for being sloppy.
Ok, so you’re talking about technologies that already exist and practically everyone has them.
First, you don’t need a new HTTP protocol, you’d use regular HTTPS with certificate authentication.
The glove you speak of is a biometric device with a Secure Enclave (SE) (eg Apple Watch) or secure access to a device with an SE.
This SE stores the private key of a key pair in a manner inaccessible without biometrics. This is also how PassKeys work.
A key challenge here is that everyone has a variety of devices from a variety of OEMs that are all simultaneously talking to multiple services synchronously. More often than not, a web request actually isn’t initiated by a human.
So, you’ll need to get everyone to agree on a standard. You’ll need to address the privacy concerns of privacy-minded people, because if you can attest that a person is actually there, doing something that is going to set off warning bells for private people. It’s also going to set off dinner bells for advertisers and governments.
Again sorry, I’m on mobile and in a line. These exact scenarios (and their drawbacks) are routinely discussed in technical and privacy circles.
Read up on technologies like PKI, certificate-based Auth, PassKeys, Secure Enclave, and biometric devices. The Apple Platform Security Guide is a good first step on what a commercial product is already doing.
I’d rather go back to Web 1.0 than have to wear biometric gloves to use my computer or phone.
I also assume we’d just see an army of people wearing these gloves, working for $1/day acting as “bots”.
All interesting ideas but to get traction make it part of a low latency haptic suit that people can use to sex each other up or show off their PVPness, make some prototypes for executives and investors to play with and I could see it getting attention. Maybe get a demo integrated with VRChat. On the more taboo end and to not discriminate make all sizes of suits for all body types and ages. Provide an SDK so that all gaming companies can incorporate your suit. That should give "Collision Detection" a whole new meaning and experience.
If Tesla optimus robots were breaking into my house at night, logging into my computer, and using my web browser, this would be one solution.
You didn't mention anything about how the web server knows if the other end of the connection is this user-hostile browser or a python/javascript bot with a spoofed user agent.
One day the glove will have some connection problem and you won't be able to troubleshoot it because you can't use the internet.
This would always need some backup solution and now you're back on square one.
Edit: also you'd need accessibility, so a glove is out. And how do you handle game consoles? Voice assistants like Siri or Alexa?
All that might be good until government will take over that idea to kill anonymity. In case that glove can also get a human fingerprints.
Maybe an attacker could record a couple hours of glove usage, and then replay this with slight variations.
Sell it to Mark Zuckerberg.
I do not want to wear any smart tech for any reason.
This gets a hard NO from me.
Even aside from the hardware aspect of it, or the ick factor of biometrics to use the web, or possibly launching it and getting full adoption, or the fact that it absolutely could have the data spoofed, or that new attacks would be developed to MITM someone's pulse and mirror it on their bot's connection...
Where is this validation happening? Not on every transaction to every web server, surely. How could a HTTP protocol possibly actually achieve this kind of validation?