Reflection validates human authorship through cryptographic analysis of typing dynamics — not post-hoc AI detection. Real-time, zero-knowledge, tamper-evident.
Large language models have made synthetic text indistinguishable from human writing at scale. Post-hoc AI detectors are reactive, easily fooled, and statistically unreliable — they analyze the output, not the process.
Reflection takes the opposite approach. Instead of inspecting finished text, we record the physical act of writing — the micro-rhythms, hesitations, and biological irregularities that exist only when a human hand is on the keyboard.
That telemetry is analyzed locally, converted into a cryptographic Certificate of Origin, and anchored to the content. If the cert passes, the content has a verifiable human lineage. If it fails — or was pasted — it doesn't.
Perplexity-based detectors misclassify human text as AI up to 30% of the time. They cannot prove origin — only suspect output.
Automated scripts produce timing variance near zero. No biological hesitation. No micro-rhythm. The timing data cannot lie.
Text can be pasted in milliseconds. Without telemetry, there is no way to distinguish authored content from injected content.
A lightweight TypeScript collector monitors keydown and keyup
events in real time. For every keystroke it records Dwell Time
(how long the key was physically held) and Flight Time
(the gap to the next keypress). Modifier keys, paste events, and sensor
noise are filtered out automatically.
The timing corpus is analyzed by the Entropy Engine (Rust/Wasm in production, pure JS in this PoC). It computes Shannon Entropy H(X) and population variance σ² over a discretized histogram. Humans score H > 2.5 bits. Scripted bots score H < 0.5 bits. Both metrics must exceed their threshold — defeating bots that add Gaussian jitter to inflate entropy alone.
If both checks pass, the Humanity Mint generates a SHA-256 Certificate of Origin binding the user ID, timestamp, and content hash. The raw timing data is discarded. Only the certificate (64 hex chars) and the pass/fail verdict leave the client. The server verifies the certificate structure without ever seeing the keystroke data.
Strongly-typed telemetry collector with full event filtering and privacy-safe vector export.
Entropy engine compiled to WebAssembly. Runs in-browser with near-native performance and no network calls.
Raw keystroke timing never leaves the client. The server receives only a certificate hash and a boolean verdict.
Content-locked, user-bound, time-stamped certificates. Any post-hoc content mutation invalidates the hash.
Minimal backend for certificate verification and storage. Stateless by design — no raw biometric data retained.
Threshold values, histogram bins, and certificate schema are fully configurable. Drop-in for any content platform.
Type a paragraph in the live demo. Watch entropy accumulate in real time. Mint your certificate.
Open Live Demo →Reflection is an open research project. We're looking for collaborators, integrators, and institutions who care about the provenance of human-authored content.