A new research paper recommends that internet users be issued with credentials to prove that they are human as AI becomes increasingly indistinguishable from real people.
The paper, authored by researchers from OpenAI, Microsoft, MIT, and others, comes at a time when the “dead internet theory” is becoming increasingly more believable. That theory suggests that the majority of online interactions and content are generated by bots.
It’s described as a conspiracy theory, but the authors of this new paper seem convinced it could happen if it hasn’t already done so. The paper notes that “ highly capable AI systems may change the landscape: There is a substantial risk that, without further mitigations, deceptive AI-powered activity could overwhelm the Internet.”
Distinguishing AI-powered users on the Internet is becoming increasingly difficult. AI can generate human-like content that sounds perfectly conversational and human-like avatars in image or video form.
AI agents are getting better at browsing websites like an ordinary user, making sophisticated plans to achieve goals, and even solving CAPTCHAs when challenged.
The second problem the paper identifies is scalability. AI models are becoming more powerful, cheaper, and increasingly available. AI has made online deception by malicious actors easy to do at scale, especially if you have an open-weight model.
The paper notes the researchers’ concern, “We are concerned that the Internet is inadequately prepared for the challenges highly capable AI may pose.”
Personhood credentials
The researchers propose issuing internet users with what they call “personhood credentials”, or PHCs. These credentials can be stored digitally on a holder’s devices and would be used to prove personhood when signing up for an online service like an email address or account on X.
Various organizations, governmental or otherwise, could serve as issuers of the credentials. While the paper doesn’t go into detail on how this could work, it suggests one possible implementation where a PHC could be issued to any holder of a tax identification number.
Verifying the credentials could be done using zero-knowledge proofs so that no aspects of the person’s identity are tied to the PHC. The idea is that you could prove to an online service provider that you are human but still retain anonymity.
If PHCs were rolled out you’d see an end to “sockpuppeting” like the thousands of bots pretending to be people on X and other platforms. The proposed solution would also prevent a single user from creating multiple accounts on a platform that could then be used in large-scale bot attacks.
Risks and challenges
If we have come to a point where we need an organization to issue us with credentials that prove we are human, then we are well into Blade Runner territory. The PHC idea could cut down on the AI bot problem but comes with other challenges.
How would equitable access be ensured? If you’re not able to physically visit a PHC issuer you could find yourself unable to use the internet, or at least sign up for online accounts.
Even though the PHC wouldn’t reveal your identity online, your issuer would have that info. How comfortable would you feel about speaking your mind online if you weren’t sure your anonymity could be preserved?
Suppose an issuer of the PHC is not a democratically elected government with checks on its powers and accountability. Might it decide to withhold a PHC from someone who was critical of it?
The researchers acknowledge that a “PHC system, like any digital system, is vulnerable to attacks and exploits by multiple actors—most notably, subversion by the issuer itself, by service providers, and by users with malicious intent.”
Not too long ago we thought that CAPTCHAs, selfies, or a video call were sufficient to prove that a real live human was on the other end of an online interaction. AI has put an end to that.
We need a better solution, but applying to an organization for “proof of personhood” seems very Orwellian.
