Public Working Draft View on GitHub
Problem Solution How it works API Blog Demo Status Contact
Public Working Draft View on GitHub
Blog

Why the Internet Needs Verified Personhood — Not More Identity

16. 12. 2025

Why the Internet Needs Verified Personhood — Not More Identity

The internet was never designed to distinguish between a real human being and an automated entity.

At the protocol level, a user is just a connection. At the application level, a user is just an account.

And today, that is no longer enough.

Bots, synthetic identities, troll farms, fake engagement, and coordinated manipulation have become structural features of the online world — not exceptions. Algorithms reward scale, not authenticity. A thousand fake accounts can easily overpower one real person.

Yet when we try to solve this, we almost always reach for the wrong tool.

We reach for identity.

Diagram showing OpenVPT as a privacy-preserving layer between anonymity and full digital identity

Identity is not the solution

Digital identity systems are powerful — but they are also heavy, invasive, and often inappropriate.

They answer questions like:

  • Who are you?
  • What is your name?
  • What is your date of birth?
  • Which state issued your document?

But most online platforms don’t actually need answers to those questions.

A social network does not need to know your legal identity.
A comment section does not need your passport.
A forum does not need your full date of birth.

What platforms actually need is something much simpler.

The missing layer: verified personhood

In most cases, platforms only need to know two things:

  1. Is there a real human behind this account?
  2. Does this person belong to a certain age group?

That’s it.

Not who you are.
Not where you live.
Not how old you are exactly.

Just:

  • Human or not?
  • Child, teenager, adult?

This gap — between anonymity and full identity — is where the internet is currently broken.

And this is exactly the space where OpenVPT is designed to operate.

What OpenVPT is (and what it is not)

OpenVPT (Verified Person & Age Token) is an open standard for issuing cryptographically verifiable tokens that prove:

  • the holder is a real human person, and
  • the holder belongs to a specific age category,

without revealing:

  • name,
  • date of birth,
  • ID number,
  • or any persistent personal identifier.

OpenVPT is not:

  • a digital ID,
  • a user account,
  • a centralized database,
  • or a replacement for national eID systems.

It is a privacy-preserving proof, not an identity.

Why anonymity alone is no longer enough

Anonymity is essential for freedom of expression.
But anonymity without accountability has become a weapon.

Today:

  • bots are anonymous,
  • humans are anonymous,
  • platforms cannot reliably tell the difference.

As a result:

  • moderation becomes guesswork,
  • trust signals are gamed,
  • real users lose visibility to automated noise.

OpenVPT does not remove anonymity.

It introduces verified anonymity.

You remain unknown — but you are no longer unproven.

Age verification without surveillance

Age verification is one of the most sensitive issues in digital policy today.

Bans, mandatory ID uploads, and blanket restrictions are blunt instruments. They create privacy risks, exclude users, and often fail in practice.

OpenVPT takes a different approach:

  • No date of birth.
  • No exact age.
  • No permanent identifier.

Instead, a token only asserts membership in an age group (e.g. 13+, 16+, 18+), with a limited validity period.

This allows platforms to:

  • enforce age-appropriate access,
  • comply with regulation,
  • without building databases of children’s identities.

Designed to coexist, not compete

OpenVPT is intentionally designed to complement existing systems, not replace them.

It can be issued by:

  • eIDAS-notified identity providers,
  • EU Digital Identity Wallets,
  • banks,
  • regulated KYC providers,
  • or other trusted issuers.

It fits naturally alongside:

  • eIDAS 2.0,
  • the EU Digital Identity Wallet,
  • and national or regional identity frameworks.

Where those systems answer “Who is this person?”,
OpenVPT answers “Is this a verified human in the required category?”

Why this is an open standard

Trust cannot be proprietary.

OpenVPT is explicitly not designed to be operated, governed, or controlled by a single central authority.

The OpenVPT standard does not define a global registry of “real people”, nor does it designate a privileged issuer or operator.

Instead, OpenVPT follows a decentralised trust model:

  • Multiple independent issuers may issue Verified Person & Age Tokens.
  • Platforms remain fully sovereign in deciding which issuers they trust.
  • Trust is explicit, configurable, and revocable.

A platform may choose to trust:

  • a national eID provider,
  • a bank,
  • a regulated KYC provider,
  • or a combination of multiple issuers.

Just as importantly, platforms may choose not to trust certain issuers — or to change their trust decisions over time.

This separation of roles is intentional.

The OpenVPT specification defines how verification works — not who is allowed to verify humans.

This prevents concentration of power, avoids single points of failure, and ensures that no individual, organisation, or company — including the author of this specification — can control who is considered “real” on the internet.

OpenVPT is developed as:

  • an open specification,
  • under an open license,
  • with public discussion and review.

This is not a startup pitch.
It is a standardisation effort.

The goal is not control — but interoperability, transparency, and restraint.

A personal note

I started working on OpenVPT not because I wanted to invent a new protocol — but because something was missing.

As a parent, as a user, and as a technologist, I could not accept that the only choices were:

  • total anonymity with abuse,
  • or total identification with surveillance.

There should be a third option.

OpenVPT is an attempt to define that middle layer — carefully, openly, and with respect for human dignity.

It is still evolving.
It is still open to critique.

But the problem it addresses is very real — and increasingly urgent.

What comes next

This blog will explore:

  • how verified personhood can improve online discourse,
  • how age verification can work without exposing children,
  • how platforms can reduce bots without building identity databases,
  • and how governance and trust models can remain decentralised.

If you’re interested in these questions, you’re welcome to follow, critique, and contribute.

The internet needs fewer identities — and more verified humans.

← Back to blog