This project is licensed under the Apache License 2.0.
You are free to use, modify, and distribute this protocol implementation for commercial and non-commercial purposes, provided that you include proper attribution and retain the original license.
Contributions are welcome and encouraged under the same terms.
For full details, see the LICENSE file in the root of the repository.
The internet has become a battleground of spam, fraud, impersonation, and bot-driven abuse.
Traditional protocols like HTTP, SMTP, and DNS were never designed with identity verification, reputation, or trust built in.
The Human-Interactive Protocol (HIP) reimagines online communication by introducing identity-bound, intent-verified, reputation-enforced interactions.
HIP aims to create a safer, smarter internet where users prove who they are, what their intent is, and whether they can be trusted — before sensitive actions are allowed.
To eliminate spam, fraud, and impersonation across internet communications by providing a protocol-level trust layer for messages, forms, API requests, and more.
HIP is:
- ✅ Human-first
- ✅ Identity-secure
- ✅ Privacy-preserving
- ✅ Decentralized-optional
- ✅ Developer-friendly
Each HIP message is signed with a cryptographic key tied to a verified identity (email, wallet, domain, etc.).
Identities may be optionally registered and validated on-chain using smart contracts or decentralized identifiers (DIDs).
Communications can be wrapped with unique tokens proving sender intent.
These tokens are signed and can be stored/validated to prevent replay attacks and spoofing.
For unknown parties or high-risk contexts, HIP can require a human verification challenge (CAPTCHA, biometric check, social verification, etc.).
A scoring system rates senders based on interaction history, feedback, and abuse detection signals.
Trusted users face less friction. Abusive behavior triggers stricter controls.
HIP can apply proof-of-work or micro-fees to deter mass abuse and spam.
These controls are risk-adjusted and configurable.
Spoofed senders, phishing attempts, replay abuse, and bot patterns are flagged and blocked using identity + policy checks.
- Decentralized by design, but compatible with centralized systems
- Free for trusted users; costly only for abusers
- Modular integration with SMTP, HTTP, messaging, and APIs
- Transparent, auditable, and privacy-respecting
- Open source and community-driven
- Email and contact forms
- API requests and webhook protection
- Financial service messaging
- Social media DMs and comments
- E-commerce purchase requests
HIP becomes a global trust protocol used by governments, businesses, apps, and users to ensure online interactions are safe, human-verified, and fraud-resistant.
Just like HTTPS became the default for privacy, HIP aims to become the default for trust.
README.humans.mdfor plain-English operator guidancescripts/preflight.shfor deployment preflight checks