Skip to main content

Human Presence

Human presence is the core concept that BotShield verifies. Understanding what it means and how it differs from other verification methods is key to evaluating BotShield for your platform.

What is Human Presence?

Human presence is the verification that a human is physically present at the moment an action is taken. It is not about:
  • Behavior patterns
  • Device fingerprints
  • Session history
  • User accounts or identity
It is about confirming that a real human is performing the action right now, using hardware-backed biometric authentication on their device.

Why Human Presence Matters

Bots Can Mimic Behavior

Automated systems can replicate user behavior patterns, solve CAPTCHAs, and pass behavioral analysis

Presence Requires a Human

Actual human presence verified through device biometrics (Face ID / Touch ID) cannot be faked by bots

How BotShield Verifies Presence

BotShield uses the device’s built-in biometric and authentication hardware:
  1. Hardware-backed authentication — Face ID, Touch ID, or device passcode via the Secure Enclave
  2. Real-time interaction — The authentication happens at the moment of the action
  3. Cryptographic attestation — The result is a signed Human Presence Signal (HPS) token
This is fundamentally different from:
  • CAPTCHA — Solves puzzles (can be automated by CAPTCHA-solving services)
  • 2FA — Requires user account and device ownership verification
  • Behavior Analysis — Tracks patterns over time (can be mimicked)
  • Device Fingerprinting — Identifies devices, not humans

Properties of Presence

Presence is Transient

Presence exists only at the moment of action. It is not stored, tracked, or reused.

Presence is Action-Scoped

Verification is limited to the specific action:
  • Checking out — verify presence for checkout
  • Buying tickets — verify presence for ticket purchase
  • Signing up — verify presence for signup

Presence is Consumed

Once verified, the HPS is consumed by the action:
  • No reuse across actions
  • No session persistence
  • No cross-platform tracking

Presence Requires Secure Device State

The user’s device must have a system passcode enabled. Without it, BotShield cannot issue a valid attestation. Learn more about device security requirements.

What BotShield Returns — Verdict + Reason

A single presence event is binary — the user either passed the biometric check or did not. But platforms need more than binary. A first-time user verifying right now and a long-time user whose MultiPass is still active from a prior session are not the same situation, and elevated-risk actions warrant different handling than standard ones. BotShield resolves this by returning a two-field decision pair on every call to /signal/check or /signal/evaluate: 
{
  "event_id": "req_a3f1b2c4d5e6",
  "request_id": "req_a3f1b2c4d5e6",
  "verdict": "pass",
  "reason": "multipass_active"
}
FieldValuesMeaning
verdictpassNo further verification needed — proceed with the action
verdictrequire_presenceRun the full Face ID flow
reasonmultipass_activePass on credential continuity (passkey + presence consent + valid TTL)
reasonpresence_freshPass on a fresh Face ID event in the current session window (5 minutes)
reasonmultipass_staleStandard scope, MultiPass freshness lapsed — verify again
reasonelevated_requires_presenceElevated scope demands live proof, even when MultiPass is active
reasonno_resolutionUnknown user — establish identity first
Two scope levels drive the verdict: standard scopes pass on either MultiPass continuity or fresh Face ID; elevated scopes always require live Face ID. Partners configure scope per action. Platforms use the verdict + reason pair to calibrate their own enforcement. BotShield attests. Platforms enforce.

What BotShield Does NOT Return to Partners

BotShield internally tracks a user-facing Human Presence tier (New / Stable / Strong / Durable) on the user’s Account tab — but this tier is never returned to partners. Per Engine Spec v3.4 §2.6 + §6.4 the visible tier is presence-only (“how human”) and intentionally separate from MultiPass durability (“how durable”). Partners see only the verdict + reason contract above; the tier informs the user about their own presence trajectory and is not part of any partner integration.

Benefits of Presence Verification

Privacy-First

No tracking, profiling, or surveillance

User-Friendly

5-second verification for returning users

Effective

Hardware-backed — stops bots reliably

Flexible

Works for any action type via REST API