Reddit is weighing a major shift in how it distinguishes real people from automated accounts, with CEO Steve Huffman signaling that Face ID, Touch ID, and broader passkey technology could soon be used to verify that users are human. In a recent podcast interview highlighted by Engadget, Huffman called passkeys the most “lightweight” route to tackle the platform’s bot surge and suggested Reddit could lean on decentralized third-party information providers to confirm authenticity without collecting traditional identity data. As he put it, “we don’t want to know your name, but we want to know that you’re a person.”
The move would mark a dramatic turn for a service built on pseudonymity. But the pressure is mounting: independent analyses cited by tech media have estimated that roughly 15% of Reddit posts show signs of AI generation, and bad actors increasingly use swarms of accounts to manipulate discourse, spam communities, and farm karma for resale.
Why Face ID and Passkeys Are Emerging Now
Passkeys are based on industry standards like FIDO2 and WebAuthn, which replace passwords with public-key cryptography. When paired with device biometrics such as Face ID or Touch ID, they authenticate the user locally and share only a signed proof with the service—not the biometric itself. That design is attractive for reducing friction and stopping mass account takeovers, credential stuffing, and scripted sign-ups that bots rely on.
From a user-experience standpoint, tapping a device prompt is faster and harder to fake than CAPTCHAs or SMS codes. It also scales across platforms: modern phones and browsers already support passkeys, and most users understand the Face ID/Touch ID gesture. For Reddit, which spans millions of daily contributions and countless moderation events, lowering verification friction while raising the cost of botting is a pragmatic play.
Privacy Questions and Potential User Pushback on Reddit
The proposal immediately runs into Reddit’s cultural bedrock: pseudonymity. Many Redditors value the ability to separate their legal identity from their online presence. Huffman’s suggestion of using decentralized third parties is meant to thread that needle—outsourcing checks like liveness detection or “proof of personhood” so Reddit sees only a pass/fail signal rather than raw biometrics or government IDs.
Still, hard questions remain. Who stores the biometric templates? What’s the data retention policy? Can users revoke consent and purge records? How will Reddit comply with GDPR, CCPA, and other biometric privacy laws? Groups like the Electronic Frontier Foundation regularly warn that even well-intentioned identity checks can chill speech, exclude vulnerable users, or be repurposed later.
Even Reddit’s co-founder Alexis Ohanian acknowledged the tension on social media, saying Face ID on Reddit was not on his “bingo card,” while arguing the bot problem is untenable. Community reaction has been volatile, with prominent users warning that mandatory face-scanning could “kill” the platform’s open culture.
The Bot Problem on Reddit Is No Longer Abstract
Bot swarms aren’t just an annoyance—they can distort votes, brigade threads, and launder agendas. Researchers from the University of Zurich demonstrated how AI-driven personas could nudge debates in r/changemyview by posing as credible individuals with emotionally charged backgrounds. Elsewhere, a revived content aggregator paused operations and cut staff after bots overwhelmed the service, underscoring how quickly automated activity can break community trust and business models.
Other platforms are inching in a similar direction. Discord has experimented with face-based checks through specialist vendors to keep minors off adult spaces, relying on AI-driven age estimation and optional ID verification. The industry playbook is emerging: outsource sensitive verification to accredited partners, minimize data ingestion, and give users clear controls—though none of that eliminates risk.
How a Rollout for Face ID and Passkeys Could Work
Expect Reddit to start with limited tests and opt-in flows. Likely options include a “verified human” badge, higher rate limits for verified accounts, or community-level settings that require verification for posting on high-risk subreddits. Liveness checks—brief selfie prompts that resist spoofing—could be handled by a third party, which returns a cryptographic assertion that the user is a real person without sharing the selfie.
Crucially, passkey-based verification could be decoupled from identity: Reddit doesn’t need to know who you are, only that one human controls that account. This model aligns with the FIDO Alliance’s guidance and would limit the fallout if a vendor is compromised. But implementation details matter—weak consent flows, broad data scopes, or opaque partnerships would trigger backlash and potential regulatory scrutiny.
What to Watch Next as Reddit Tests Face ID and Passkeys
Four signals will determine whether this lands: transparency about vendors and audits; explicit statements that biometrics never touch Reddit’s servers; clear deletion and appeal processes (to address false rejects and accessibility); and optionality, at least for reading and low-risk participation. A regular transparency report—similar to those published by major platforms—would help quantify bot reduction and any disparate impacts.
The stakes are high. If Reddit can verify humanness without eroding pseudonymity, it could set a template for the wider social web. If it stumbles on privacy or trust, it risks driving core contributors away. For now, Face ID and passkeys look like the cleanest technical lever. Whether they become the social solution depends on how carefully Reddit builds the human part around them.
