Would this eliminate bots for good?

Question

I had an idea to eliminate the bot problem, or at the very least make it significantly harder to operate one. Here is my plan.A new web browser built on a new HTTP protocol that accepts a human identity glove using cryptography. Instead of using your fingers directly on a mouse or trackpad, you wear a hardware glove that continuously records your pulse and your fingerprint, your machine information, and the average movement map that is unique to you as you interact with your device. The glove encrypts all of this information in real time. The browser then constantly verifies the glove hardware is present and active. No physical glove with a valid identity? No page loads.What if someone tries to emulate the glove?This is where the new browser becomes the second line of defense. It continuously checks the hardware signature and serial number of the glove. You can attempt to emulate it all you want, but the probability of simultaneously spoofing the correct fingerprint, a continuous and believable human pulse, a personalized movement map, and the exact hardware serial number is as close to impossible as any security system can get.What do you all think of this as a preliminary idea?

lemagedurage · Accepted Answer

Maybe an attacker could record a couple hours of glove usage, and then replay this with slight variations.

Bender · Answer

All interesting ideas but to get traction make it part of a low latency haptic suit that people can use to sex each other up or show off their PVPness, make some prototypes for executives and investors to play with and I could see it getting attention. Maybe get a demo integrated with VRChat. On the more taboo end and to not discriminate make all sizes of suits for all body types and ages. Provide an SDK so that all gaming companies can incorporate your suit. That should give "Collision Detection" a whole new meaning and experience.

alpaca128 · Answer

One day the glove will have some connection problem and you won't be able to troubleshoot it because you can't use the internet.
This would always need some backup solution and now you're back on square one.
Edit: also you'd need accessibility, so a glove is out. And how do you handle game consoles? Voice assistants like Siri or Alexa?

rimbo789 · Answer

I do not want to wear any smart tech for any reason.

testforge · Answer

1. I wouldn't want to wear a glove while typing. 2. Maybe for something like nuclear missile control you would want extremely high security like this, but for something like low stakes like a google search it seems overkill.

PaulHoule · Answer

Sell it to Mark Zuckerberg.

ksherlock · Answer

If Tesla optimus robots were breaking into my house at night, logging into my computer, and using my web browser, this would be one solution.You didn't mention anything about how the web server knows if the other end of the connection is this user-hostile browser or a python/javascript bot with a spoofed user agent.

arty_prof · Answer

All that might be good until government will take over that idea to kill anonymity. In case that glove can also get a human fingerprints.

codingdave · Answer

This gets a hard NO from me.Even aside from the hardware aspect of it, or the ick factor of biometrics to use the web, or possibly launching it and getting full adoption, or the fact that it absolutely could have the data spoofed, or that new attacks would be developed to MITM someone's pulse and mirror it on their bot's connection...Where is this validation happening? Not on every transaction to every web server, surely. How could a HTTP protocol possibly actually achieve this kind of validation?

runjake · Answer

I&rsquo;m standing in a line on my iPhone, waiting to get into a basketball game. So apologies for being sloppy.Ok, so you&rsquo;re talking about technologies that already exist and practically everyone has them.First, you don&rsquo;t need a new HTTP protocol, you&rsquo;d use regular HTTPS with certificate authentication.The glove you speak of is a biometric device with a Secure Enclave (SE) (eg Apple Watch) or secure access to a device with an SE.This SE stores the private key of a key pair in a manner inaccessible without biometrics. This is also how PassKeys work.A key challenge here is that everyone has a variety of devices from a variety of OEMs that are all simultaneously talking to multiple services synchronously. More often than not, a web request actually isn&rsquo;t initiated by a human.So, you&rsquo;ll need to get everyone to agree on a standard. You&rsquo;ll need to address the privacy concerns of privacy-minded people, because if you can attest that a person is actually there, doing something that is going to set off warning bells for private people. It&rsquo;s also going to set off dinner bells for advertisers and governments.Again sorry, I&rsquo;m on mobile and in a line. These exact scenarios (and their drawbacks) are routinely discussed in technical and privacy circles.Read up on technologies like PKI, certificate-based Auth, PassKeys, Secure Enclave, and biometric devices. The Apple Platform Security Guide is a good first step on what a commercial product is already doing.