Gestya proves online identity with gesture sign-in

08 Aug

Back when I was working on my chatbot story for New Scientist magazine, futurist and founder Erwin Van Lun shared with me his fascinating prediction for the future of the internet. With anonymity enabling such things as annoying comments on news stories at one extreme to chatbot scams and terrorism organization at the other, Van Lun said he believes we’re moving toward a world where everyone will have to prove their identity to get on the internet in the first place.

“Governments are responsible for citizens and issue them passports to travel the world, they should also say we are responsible for your behaviour on the internet, so we will issue you an internet passport,” he says. “That’s where it’s heading to.”

It’s an intriguing premise that is sure to rile free speech advocates – and to be sure, there are many good reasons to preserve online anonymity – but it does look like things are heading that way. YouTube, a cesspool of anonymous troll commentary, is just the latest to make the move toward using real names.

As my story outlined, current technology designed to verify identity – such as those squiggly CAPTCHA images sometimes seen during log-ins – is flawed because it can be easily circumvented. Something new and considerably more advanced will be needed if an internet passport were to become reality.

Jeremy Wyn-Harris, an entrepreneur in New Zealand, thinks he might have part of the answer with Gestya, a video tool that requires users to perform gestures in order to sign in. The gestures are captured via the computer’s webcam and if they match the pre-progammed set, the user is in. The movements can be anything from “flapping your wings,” to climbing a ladder to holding a hand over your eye, as I’m doing in the photo above.

Wyn-Harris calls it “challenge validation” that current or even near-term robot technology can’t match. And because it’s video, it’s also a great way for proving that the user is who they say they are: “Gestya video clips can’t be faked as Gestya requires each user to respond appropriately to the unpredictable performance challenges in real-time.”

The technology, which was born out of Wyn-Harris’s desire to keep his kids safe online, could be used for log-ins to sites, contracts and account security. Those are all good reasons to require identity validation online, but do they outweigh the negatives?


Posted by on August 8, 2012 in robots, security


3 responses to “Gestya proves online identity with gesture sign-in

  1. Daniel Friesen

    August 8, 2012 at 12:20 am

    I wonder how long it would take to break this using the same trick as porn sites showing CAPTCHAs that a bot wants an answer for.

  2. Kyle M. Cowan (@KowZ)

    August 8, 2012 at 12:09 pm

    There’s a problem with this: most spam these days isn’t actually automated anymore. Instead, people are paid pennies per site to leave a comment. CAPTCHA’s only work against Robots [ Completely Automated Public Turing test to tell Computers and Humans Apart] and Gestya wouldn’t really stop that. In most test cases, replacements for CAPTCHA’s fail just as much as CAPTCHA’s do. However, in creating more difficult “cost-to-entry”, you lose your legitimate comment base and you are left only with those who can make a potential profit from that time used, driving up rogue comments. Additionally, I don’t understand how you think CAPTCHA and Gestya prove identity… they only prove ability beyond a basic set – additionally, this then means that we then limit the web to only accessible persons. If you make a back door for those that need the accessibility, you create a back door for robots and others to use.

  3. Andi Henderson

    August 8, 2012 at 6:30 pm

    Yeah I think the word “prove” in the sense of “prove identity” might be a bit strong, but in contexts such as children’s social network sites, chat rooms, or dating websites, this sort of technology could go a long way to confirming the person you are interacting with is, say, a 15 year old female or a 40 year old male. Presumably, a Gestya would not necessarily be either a one-off or an every-time requirement, and that if you got suspicious you could ask for the other person to update it.

%d bloggers like this: