Humanpass – Proof of humanness using WebAuthn, no data collected

Name: Humanpass – Proof of humanness using WebAuthn, no data collected
Availability: InStock
Author: jzaragoza

by jzaragoza·Feb 27, 2026·2 points·0 comments

Visit Project View on HN

AI Analysis

●●●BangerZero to OneBig Brain

WebAuthn beats CAPTCHA, paid checks, Worldcoin—biometrics never leave device.

Strengths

•True zero-knowledge design: server never touches biometrics, only cryptographic assertion
•60-second ephemeral links eliminate phishing risk and permanent tracking
•Blocks virtual/emulator authenticators by AAGUID, showing threat-aware architecture

Weaknesses

•Requires WebAuthn support; older browsers and users without passkeys are locked out
•No business model or sustainability plan evident for production scale

Post Description

Hi HN, I built humanpass because every human verification system today asks you to give up something — your time (CAPTCHAs), your money (paid blue checks), or your biometric data (Worldcoin).

humanpass uses WebAuthn/passkeys to verify there's a real person behind the screen. You authenticate with your device's biometrics, get a temporary link (expires in 60 seconds), and share it anywhere. Whoever clicks it can see the verification is real.

Your biometrics never leave your device — the server only receives a cryptographic assertion. No signup, no email, no passwords. The only data stored is a random user ID and a public key.

Some technical details: - Built with Hono on Cloudflare Workers, D1 for storage, Workers KV for ephemeral links - Blocks known virtual/emulator authenticators by AAGUID - No analytics, no third-party scripts - Chrome extension for one-click verification - AGPL-3.0 licensed

Live at human-pass.org. Would appreciate feedback on the threat model and attack surface.