About Lemma
Identity, the way it
should work on the web.
CAPTCHA is losing effectiveness against modern automation. Centralized digital ID concentrates too much visibility in one place. Lemma is the open-web alternative: reusable human verification with site-private identifiers and local verification on the access-decision path.
The problem
The web has been stuck between two bad options
CAPTCHA is losing the job it was hired to do. Modern bots solve many image and text puzzles reliably, and CAPTCHA-solving farms operate at fractions of a cent per solve. Sites that need anti-bot signal — waitlists, ticketing, comments, dating, AI agent gating — increasingly know that puzzle friction often stops humans more reliably than determined attackers.
The proposed replacements — government digital ID stores, federated SSO, on-chain identity — tend to create a new correlation point: who you are, when you presented your ID, and where you used it. That is why mandatory digital ID keeps meeting public resistance. The web needs a stronger human signal without turning every login, signup, or checkout into another identity-provider event.
Meanwhile, most websites won't pay $1–2 per user for full identity verification. So they accept abuse, build CAPTCHA arms-race tooling, or charge legitimate users to compensate. The web has been stuck between "no real verification" and "centralized identity surveillance" for over a decade.
The thesis
Make digital ID work the way
physical ID works
A driver's license works because it's verified locally. When you show your license at a bar, the bar checks the holograms, photo, and signature on the spot. The DMV doesn't get a notification. The license sits in your wallet — you carry it, you decide when and where to present it.
Lemma applies that model to the web. A user verifies once with an IDV provider. Lemma issues a signed isHuman credential. The credential lives in the user's browser wallet, and sites can validate site-bound proofs locally with Ed25519 signatures, site-private PPIDs, and cached revocation data.
Lemma is not pretending the control plane disappears. Issuance, revocation, recovery, and first-time site proof setup still need infrastructure. The privacy win is narrower and practical: routine access decisions do not need a live callback to the original IDV provider, and credentials do not carry one stable cross-site identifier.
Principles
What makes Lemma different
Local hot path
Credentials live in the user's browser wallet. After setup and revocation sync, sites can validate signatures locally instead of calling an identity provider for every access decision.
Multi-provider direction
Stripe Identity is the current IDV provider; Lemma currently issues the signed isHuman credential. The long-term model is a neutral distribution layer where IDV providers compete on verification quality, coverage, and price.
Reduced correlation surface
Site-private PPIDs keep credentials from exposing one global user identifier across the web. Lemma's goal is to minimize observable runtime use, not ask users to trust another identity provider's logging policy.
In-context integration
Like Stripe for payments, sites embed the SDK and can request proof in their own flow. Users keep a Lemma browser wallet, but relying sites do not need to become identity stores or send users through repeated KYC.
Founder
Why we're building this
Jed McKenna
Founder & CEO
Lemma started from a simple observation on the attacker side: modern scalping bots treat CAPTCHA as a cost of doing business. The puzzles slow down humans, while determined attackers route around them with automation, cheap solving labor, and account farms. Humanness cannot depend on puzzle-solving alone.
The other thing that became obvious in parallel: many proposed solutions create a new place to watch identity use across the web. Centralized digital ID, federated SSO with broad visibility, on-chain identity that broadcasts interactions — none of these are the right default for ordinary websites. The better direction is closer to a driver's license: issued by a trusted party, carried by the user, checked at the point of use.
Lemma is what I wished existed back then — a verification layer that works for sites without forcing them to become identity stores, and works for users without forcing them into a centralized identity database.
Where we're headed
Identity rails for the open web
The next decade of the web needs identity infrastructure that is harder for AI-driven abuse to farm, more private than centralized account-provider callbacks, and lighter-weight than asking every website to become a regulated KYC operator. None of the existing defaults check all three boxes.
Lemma is building those rails. The goal is for "verified human" to mean the same thing across the web, the way "EMV chip card" means the same thing across payment processors — a neutral, multi-issuer, locally-verified standard.
Stripe Identity is the current IDV provider. Lemma issues the reusable isHuman credential and provides the wallet, SDK, and revocation infrastructure around it. Sites that need human-grade signal can add the SDK without storing identity documents themselves. Users carry one verification across the web, while relying sites see site-private proofs instead of a reusable global identity.
Three ways to get involved
Lemma is early. If any of this resonates, pick the closest fit and reach out.
Verify yourself
Get an isHuman credential and present site-private proofs across Lemma-enabled sites.
Get verifiedAdd isHuman to your site
Hosted SDK integration. Add a stronger human signal without running your own KYC stack.
View docsBecome an issuer
IDV providers: distribute your product across consumer-web verticals your enterprise sales motion can't reach.
For IDV issuersGeneral inquiries: [email protected]