Think about it from an information theory point of view. You need to attach a digital transaction to human body. Since a human body isn’t digital you need a gateway that you can trust to vouch for that human body being present.
Either you use biometrics, like liveness testing or face id or fingerprint testing, or social validation like decentralized web of trust or private moderation (account controls) or state methods like fines and criminal convictions.
Biometrics rely on social methods eventually like we trust Apple because we can sue them or the government will harangue them. Liveness testing is only as good as your sensor and image vs generation and replay in the arms race.
And iterated social games like punishment are only as good as people want to invest energy into it.
What I mean is that once you have a token that represents your identity, you can pass it to your agent. As you said, humans aren’t digital, so we need to delegate the trust to a digital marker (auth token, cryptographic signature, etc). But once digitalized there is no way that I know of to block an agent from using that marker. And I don’t mean the agent stealing it. I mean the human running an agent that impersonates them deliberately
Exactly. There is only an arms race, which is escalating costs. Eventually it breaks and we use social means to manage it, surrender the digital space, or accept the artificial nature of the digital realm.