To be clear: The internet was not broken by AI; it was vulnerable from day one. The availability and rapid adoption of AI has merely exploited that vulnerability. The economic barrier to faking humanity has collapsed; what used to be expensive is now effectively free.
Trust is effectively a function of cost. Historically, we trusted an interaction because we intuitively understood the biological energy required to produce it. Writing an email took time; coding a website required skill; building a reputation took years. This expenditure of effort acted as a natural rate-limiter, a “Proof of Work” that validated the interaction. If you saw content, you trusted a human was behind it because the cost of forgery was too high.
We often point the finger at LLMs as the culprit, but they are purely an accelerant to the problems emerging over the last decade. Each era of the web introduced a layer of abstraction that distanced us from the human on the other side. We moved from chronological feeds to algorithmic distortions that prioritised engagement over connection, and then to industrialised “click farms” that introduced scale to deception.
Generative AI simply delivered the final blow by removing the friction. Today, bad actors can bypass CAPTCHAs and generate infinite, context-aware content with a Python script and an API key. Consequently, our human signal is buried under infinite noise. Without the ability to verify the source, society has defaulted to a “Zero Trust” model - assuming every digital interaction is synthetic until proven otherwise yet confusingly also engaging more than ever.
We are building a public utility to restore this signal. To achieve this without constructing a surveillance state, Agora is architected around three specific design constraints: privacy, simple tech, and a non-profit legal structure.
Our primary innovation is decoupling Verification from Identification. In the current paradigm, proving you are “real” requires handing over your identity (name, email, DOB). We utilize Confidential Computing to invert this relationship.
By leveraging Trusted Execution Environments (TEEs)—such as AMD SEV-SNP or Intel SGX—we process user data inside a hardware-encrypted enclave. The user’s passport scan and liveness video are encrypted on their device and sent to this “black box.” The enclave validates the liveness, signs a generic credential (`is_human=true`), and immediately wipes the raw data. Even we, as the system administrators, cannot inspect the memory. This allows a user to prove to a subreddit or news site that they are a verified human without ever revealing _who_ they are.
We reject the need for over-engineered, proprietary biometric orbs (cough Worldcoin cough). The solution already sits in the pockets of billions of users. We utilise ICAO 9303, the global standard for biometric e-Passports. Using the NFC reader on standard iOS and Android devices, we can cryptographically verify the government-signed chip. This effectively leverages the state’s “Proof of Existence” without inheriting the state’s surveillance capabilities.
A core internet utility cannot depend on investors with conflicting interests. The standard for-profit model inevitably creates pressure to monetise data or exit. Therefore, we have incorporated Agora as a Swiss Non-Profit Association. This is not merely branding; it is a structural safeguard. Swiss law and our statutes legally forbid the monetisation of user data, ensuring we remain a data steward rather than a data owner.
To sustain this utility without selling data, we must align our revenue with the prevention of fraud rather than the generation of ad impressions.
We charge platforms, not users. Commercial partners such as dating apps, marketplaces, and social networks - pay a verification fee to query the Agora API because eliminating bots saves them millions in fraud and moderation costs. These commercial fees subsidise the infrastructure for the public, effectively taxing the “noise” to fund the “signal.”
We are treating this as a phased rollout of a new internet standard. We are currently in the first step of a three-stage recovery plan.
The “Garage” Alpha (Current Status)
Objective: Validate the confidential computing approach
Milestone: We are running self-hosted bare metal servers in a secure Swiss facility (old bunker with 100% Swiss jurisdiction), aiming for a >95% successful read rate of ICAO 9303 chips on standard mobile devices and the successful Remote Attestation of our TEE code.
Beta
Objective: Network-level Verification.
Milestone: We will launch a bug bounty and invite a “Red Team” to attempt to spoof the liveness detection or create duplicate accounts. Simultaneously, we will integrate with our first niche community partners to test the “Agora Bridge” in a live environment.
General Availability (The Open Standard)
Objective: Federation.
Milestone: “Log in with Agora” becomes available as a standard OpenID Connect provider. The source code for the TEE enclaves will be published with reproducible builds, allowing the security community to audit the process.
One recurring discussion point has been around the growing mandatory requirement of age verification we have seen from various governments around the world. While we believe our approach can be used to provide this service in a privacy respecting way, we also do not fight for such extreme measures. For example, a company that is legally required to verify all users are over 18 years old, can offer a “Verify with Agora” option alongside any existing methods. Those with Agora accounts can provide proof that they meet this requirement without sharing any other personal identifiable information with the service or by sharing which service they want to access with us.
It is our core belief that anonymity and freedom on the open web still has its place. However in situations where a strong Human Signal is required or preferred, Agora’s non-profit model should provide a trustworthy source.