Hi HN, I built humanpass because every human verification system today asks you to give up something — your time (CAPTCHAs), your money (paid blue checks), or your biometric data (Worldcoin).

humanpass uses WebAuthn/passkeys to verify there's a real person behind the screen. You authenticate with your device's biometrics, get a temporary link (expires in 60 seconds), and share it anywhere. Whoever clicks it can see the verification is real.

Your biometrics never leave your device — the server only receives a cryptographic assertion. No signup, no email, no passwords. The only data stored is a random user ID and a public key.

Some technical details: - Built with Hono on Cloudflare Workers, D1 for storage, Workers KV for ephemeral links - Blocks known virtual/emulator authenticators by AAGUID - No analytics, no third-party scripts - Chrome extension for one-click verification - AGPL-3.0 licensed

Live at human-pass.org. Would appreciate feedback on the threat model and attack surface.