A conceivable future:
- Everyone is expected to be able to create a signing keyset that's protected by a Yubikey, Touch ID, Face ID, or something that requires a physical activation by a human. Let's call this this "I'm human!" cert.
- There's some standards body (a root certificate authority) that allow lists the hardware allowed to make the "I'm human!" cert.
- Many webpages and tools like GitHub send you a nonce, and you have to sign it with your "I'm a human" signing tool.
- Different rules and permissions apply for humans vs AIs to stop silliness like this.
This future would lead to bad actors stealing or buying the identity of other people, and making agents use those identities.
There is a precedent today: there is a shady business of "free" VPNs where the user installs a software that, besides working as a VPN, also allows the company to sell your bandwidth to scrappers that want to buy "residential proxies" to bypass blocks on automated requests. Most such users of free VPNs are unaware their connection is exploited like this, and unaware that if a bad actor uses their IP as "proxy", it may show up in server logs while associated to a crime (distributing illegal material, etc)
That's certainly what Sam Altman had in mind with https://en.wikipedia.org/wiki/World_(blockchain)
But also many countries have ID cards with a secure element type of chip, certificates and NFC and when a website asks for your identity you hold the ID to your phone and enter a PIN.