Tools: Stop Using CAPTCHA. Start Measuring Entropy.

Stop Using CAPTCHA. Start Measuring Entropy. ## The Hypothesis: Identity vs. Humanity ## Enter isHumanCadence ## How It Works (The Technical Deep Dive) ## The "Secret Sauce": Hysteresis ## Implementation ## The Reality Check: A Proof of Concept In late 2024, researchers at ETH Zurich quietly published an obituary for the web as we know it. They didn't call it that, of course. They called it "Breaking reCAPTCHAv2." Their findings were stark: modern AI models (specifically YOLO-based vision models) can now solve Google's image CAPTCHAs with 100% accuracy. Read that again. 100%. The Turing Test hasn't just been passed; it’s been automated, containerized, and scaled. The "I am not a robot" checkbox is now effectively a "Welcome" mat for bots. According to the 2025 Imperva Bad Bot Report, automated traffic has officially surpassed human traffic, accounting for 51% of all internet activity. We are effectively the minority on our own network. If we want to save the web from becoming a "Dead Internet" of bots talking to bots, we need to stop asking users to identify traffic lights and start listening to their heartbeat. The current knee-jerk reaction is "Proof of Personhood" (scanning your ID or face to use the web). I believe this is a dystopian overcorrection. We don't need to know who you are (Identity). We just need to know what you are (Biology). Humans are messy. We are beautifully, consistently imperfect. When you type, you don't hit keys at a perfect 150ms interval. You "rollover" keys. You pause to think. You speed up on common bigrams like "th" or "er." This is your Keystroke Dynamics signature. It is a behavioral biometric that is incredibly hard for bots to fake convincingly without slowing them down to useless human speeds. I built isHumanCadence as a Proof of Concept (PoC) to test this hypothesis. It is a lightweight, privacy-focused library that analyzes the timing of keystrokes—not the content. It runs entirely in the browser, sends no data to a server, and doesn't know what you typed, only how you typed it. Bots are deterministic. Even when programmed with Math.random() delays, they tend to follow a uniform or Gaussian distribution that is statistically "too clean." isHumanCadence measures four primary biological constraints: One major challenge with heuristic analysis is "flickering." A user might type one word rhythmically (High Human Score) and then pause abruptly to think (Score drops). You don't want the UI to flash "BOT DETECTED" instantly. I implemented a Schmitt Trigger (Hysteresis) to stabilize the classification. We use different thresholds for entering and exiting states: This creates a "dead zone" where the state remains stable, preventing false positives during natural cognitive pauses. The library attaches non-intrusive listeners to the target input field. It uses performance.now() for sub-millisecond precision. 1. Install the package: 2. Attach it to an input: Right now, this library detects standard scripts and even sophisticated bots using randomized delays. But "Generative Keystrokes" are the next frontier. Eventually, AI agents will be trained on massive datasets of human typing patterns to spoof these very metrics. They will learn to "stumble" on purpose. Furthermore, client-side security is inherently trustless. If the browser can measure it, a determined attacker can eventually spoof the environment to fake it. This package is not a silver bullet. It is a conversation starter. The web is drowning in AI noise. If we want to keep a space for human connection, we need to build filters that recognize us not by our passwords, but by our rhythm. 👉 GitHub: RoloBits/isHumanCadence Templates let you quickly answer FAQs or store snippets for re-use. Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse COMMAND_BLOCK: npm install @rolobits/is-human-cadence Enter fullscreen mode Exit fullscreen mode COMMAND_BLOCK: npm install @rolobits/is-human-cadence COMMAND_BLOCK: npm install @rolobits/is-human-cadence COMMAND_BLOCK: import { createCadence } from '@rolobits/is-human-cadence'; // Select any textarea or input on your page // We use a broad selector here to ensure we find *something* const input = document.querySelector('textarea, input'); if (input) { const cadence = createCadence(input, { // Wait for 20 keystrokes before making a confident judgment minSamples: 20, onScore: (result) => { console.log(`Score: ${result.score}`); // 0.0 (Bot) -> 1.0 (Human) console.log(`Status: ${result.classification}`); // 'bot' | 'human' | 'unknown' } }); // Start listening cadence.start(); console.log("isHumanCadence: Listening for keystrokes..."); } else { console.warn("isHumanCadence: No input element found on this page."); } Enter fullscreen mode Exit fullscreen mode COMMAND_BLOCK: import { createCadence } from '@rolobits/is-human-cadence'; // Select any textarea or input on your page // We use a broad selector here to ensure we find *something* const input = document.querySelector('textarea, input'); if (input) { const cadence = createCadence(input, { // Wait for 20 keystrokes before making a confident judgment minSamples: 20, onScore: (result) => { console.log(`Score: ${result.score}`); // 0.0 (Bot) -> 1.0 (Human) console.log(`Status: ${result.classification}`); // 'bot' | 'human' | 'unknown' } }); // Start listening cadence.start(); console.log("isHumanCadence: Listening for keystrokes..."); } else { console.warn("isHumanCadence: No input element found on this page."); } COMMAND_BLOCK: import { createCadence } from '@rolobits/is-human-cadence'; // Select any textarea or input on your page // We use a broad selector here to ensure we find *something* const input = document.querySelector('textarea, input'); if (input) { const cadence = createCadence(input, { // Wait for 20 keystrokes before making a confident judgment minSamples: 20, onScore: (result) => { console.log(`Score: ${result.score}`); // 0.0 (Bot) -> 1.0 (Human) console.log(`Status: ${result.classification}`); // 'bot' | 'human' | 'unknown' } }); // Start listening cadence.start(); console.log("isHumanCadence: Listening for keystrokes..."); } else { console.warn("isHumanCadence: No input element found on this page."); } - Identity is static data (Names, IDs). - Humanity is dynamic behavior (Reaction times, hesitation, errors). - Dwell Time: The duration a key is physically depressed. Humans rarely tap keys for exactly 50ms every time. - Flight Time: The time between releasing one key and pressing the next. - Rollover Rate: The overlap where Key B is pressed before Key A is released. This is a high-signal human trait; simple bots often type strictly sequentially (Key A down -> Key A up -> Key B down). - Entropy: The statistical variance of the timing deltas. - To become Human: Score must exceed 0.70. - To drop to Unknown: Score must fall below 0.60. - To become Bot: Score must fall below 0.35.