Human proofs for abuse-resistant accounts
Stop the same abuser
from coming back as a new account.
Human proofs let your site require one verified human behind high-risk accounts — without storing ID documents or building a KYC stack. lemma.id is the private proof layer underneath: passkey continuity for normal users, site-private PPIDs, and step-up to human proofs when bans need to survive email, SIM, device, and IP rotation.
Built for platforms where account rotation is the attack — marketplaces, ticketing, gaming, social apps, free trials, rewards programs, and any site where one bad actor can cheaply create the next account.
Example
A scalper creates 500 accounts. Your fraud system catches 200 and bans them. Tomorrow, the same operator returns with new emails, SIMs, and proxies. Passkey-only binding recognizes the same wallet on return — useful for continuity, but not Sybil-resistant. When you require human proofs, the abusive operator must pass fresh identity verification to come back; email, device, and IP rotation no longer mint a clean account.
Assurance levels
One integration. Three assurance tiers.
Start with passkey continuity for low-friction onboarding. Add signed backend verification when you need to trust the request. Require human proofs when your policy needs one verified human behind the account — that is where durable ban resistance lives.
Passkey continuity
Recognize the same returning wallet with a stable site-private PPID. Good for continuity and developer preview — not Sybil-resistant by itself; attackers can create another passkey wallet.
Signed presentation
Your backend verifies a signed proof from the user's wallet before creating an account or accepting a risky action. No KYC data lands on your servers.
isHuman
The enforcement tier: Sybil resistance, one account per human, abuse-resistant signup, bans that survive cheap credential rotation. Require when account rotation is the attack.
Why teams choose lemma.id
Why customers need human proofs + lemma.id
Login providers tell you which account signed in. Bot tools tell you which session looks suspicious. Human proofs give you the missing enforcement handle when one account must mean one human. lemma.id keeps that proof private, reusable, and locally verifiable — without turning your backend into an identity database.
How it works
Bind, detect, enforce
lemma.id does not replace your login, fraud model, or moderation queue. It gives those systems something durable to act on: a site-private proof binding that can step up to human proofs when uniqueness matters.
Bind
Bind your user record to a site-private PPID. For normal continuity, that PPID represents the same wallet. With human proofs, it represents the same verified human.
Detect
Your fraud, moderation, and abuse tooling flags bad behavior. lemma.id does not decide who is bad — with isHuman, it makes the consequence stick across new accounts.
Enforce
Block the site-private PPID, raise assurance to human proofs, or require fresh IDV. With human proofs required, swapping email, SIM, device, or IP no longer gives an abuser a clean slate.
Before
Bot detected → account banned → attacker rotates email, SIM, or proxy → new account, free
With human proofs required
Bot detected → account tied to verified human root → site-private PPID blocked → must pass fresh IDV to return
Developer integration
Integrate with a signed presentation
Most users start with passkey continuity — no IDV. Require isHuman on signup or high-risk actions when one account must map to one human. Signed presentations let your backend verify without storing KYC data.
Product boundaries
What lemma.id is not
Customers need to know exactly where lemma.id fits. It is the proof and enforcement layer between login, fraud detection, and identity verification — not a replacement for all three.
Not bot detection
Your tools find suspicious behavior. With human proofs, lemma.id makes the consequence stick across new accounts.
Not a global public identity
Each site gets its own stable PPID per user — not one shared identifier across the whole web.
Not an identity store you run
Your servers hold a verdict and a PPID — not ID documents, names, or dates of birth.
What it is: Human proofs for one verified human per account when that matters; lemma.id as the user-held proof wallet underneath — passkey continuity first, step up to human proofs when bans need to stick, without becoming an identity database. Read more about the approach →
Learn more
Each page goes deeper on one aspect — without repeating the full homepage story.
Add isHuman to your site
Stop repeat abusers from returning as fresh accounts. lemma.id handles the private proof layer; isHuman is the assurance tier that makes bans stick.
Bind • Detect • Enforce