Skip to content
Proof of Spend

Proof of Spend

Verify humans by making them spend money on AI that labels harmful content - proving identity while doing useful work for the public good.

Problem

Section titled “Problem”

AI solves CAPTCHAs. Traditional verification requires personal data. Bots are cheap to run at scale.

Common “solutions” fail privacy:

  • Phone verification stores your number
  • Email verification stores your email
  • GitHub/Google login reveals your identity
  • “Free with credit card” still links to your billing info

Requirements:

  • No metadata storage
  • Works without revealing identity
  • Costs real money for bots
  • Negligible cost for humans

Solution

Section titled “Solution”

Users spend money on an AI API call. The receipt is cryptographic proof of payment. We verify the receipt and discard it.

Like proof-of-work, proof-of-stake, and proof-of-history in blockchain systems, Proof of Spend uses cryptographic verification for a specific purpose. Instead of consensus, it verifies identity through economic cost.

Privacy preservation

OAuth proves you control an API account without revealing who you are. We verify the receipt signature and timestamp, then discard it. No logs of your identity, what you asked, or when you did it.

Unlike “free with credit card” or social login, you’re not giving us your name, email, or billing address. The only thing we verify is that someone with access to your API account spent money. That’s it.

Bot disincentive

API calls cost $0.01-0.05. One verification is negligible for humans. Bots need thousands of verifications to be effective. $50 for 1000 verifications changes the economics from free to prohibitive.

Bot farms optimize for zero marginal cost. When each verification costs real money, spam becomes unprofitable. The system self-regulates through economic incentives rather than arms-race detection.

API receipts are cryptographically signed and timestamped by providers. Can’t fake them without actually paying. Can’t reuse them because timestamps are checked.

Productive verification

The API call used for verification can do useful work. Instead of wasting the spend on throwaway requests, the prompt can classify harmful content, annotate data for public datasets, or moderate images for social platforms.

Content moderation becomes verification. Humans don’t have to look at harmful images - the AI does it as part of proving you’re human. The verification cost serves dual purpose: economic barrier to bots and useful labor that would otherwise require human moderators.

Architecture

Section titled “Architecture”

Backend: OAuth 2.0 server in Hono. Authorization code flow with PKCE. JWT sessions, Drizzle ORM, SQLite storage. Supports OpenAI, Anthropic, Google.

Frontend: React widget. Handles OAuth flow, API verification, receipt validation. TypeScript, proper error handling.

Testing: 200+ tests, >85% coverage.

Use cases

Section titled “Use cases”

Bot prevention - Economic barrier to spam without storing user data.

Rate limiting - Verify once, access rate-limited resources. No API keys or user database.

Anonymous verification - Prove humanity without revealing identity.

Proof of humanity - For forums, comments, voting. No personally identifiable information stored.

Next steps

Section titled “Next steps”

Backend setup - OAuth server configuration.

Widget integration - React component integration.

API reference - OAuth 2.0 implementation.