Skip to main content

Human Presence

Human presence is the core concept that BotShield verifies. Understanding what it means and how it differs from other verification methods is key to evaluating BotShield for your platform.

What is Human Presence?

Human presence is the verification that a human is physically present at the moment an action is taken. It is not about:
  • Behavior patterns
  • Device fingerprints
  • Session history
  • User accounts or identity
It is about confirming that a real human is performing the action right now, using hardware-backed biometric authentication on their device.

Why Human Presence Matters

Bots Can Mimic Behavior

Automated systems can replicate user behavior patterns, solve CAPTCHAs, and pass behavioral analysis

Presence Requires a Human

Actual human presence verified through device biometrics (Face ID / Touch ID) cannot be faked by bots

How BotShield Verifies Presence

BotShield uses the device’s built-in biometric and authentication hardware:
  1. Hardware-backed authentication — Face ID, Touch ID, or device passcode via the Secure Enclave
  2. Real-time interaction — The authentication happens at the moment of the action
  3. Cryptographic attestation — The result is a signed Human Presence Signal (HPS) token
This is fundamentally different from:
  • CAPTCHA — Solves puzzles (can be automated by CAPTCHA-solving services)
  • 2FA — Requires user account and device ownership verification
  • Behavior Analysis — Tracks patterns over time (can be mimicked)
  • Device Fingerprinting — Identifies devices, not humans

Properties of Presence

Presence is Transient

Presence exists only at the moment of action. It is not stored, tracked, or reused.

Presence is Action-Scoped

Verification is limited to the specific action:
  • Checking out — verify presence for checkout
  • Buying tickets — verify presence for ticket purchase
  • Signing up — verify presence for signup

Presence is Consumed

Once verified, the HPS is consumed by the action:
  • No reuse across actions
  • No session persistence
  • No cross-platform tracking

Presence Requires Secure Device State

The user’s device must have a system passcode enabled. Without it, BotShield cannot issue a valid attestation. Learn more about device security requirements.

Benefits of Presence Verification

Privacy-First

No tracking, profiling, or surveillance

User-Friendly

5-second verification for returning users

Effective

Hardware-backed — stops bots reliably

Flexible

Works for any action type via REST API