Dillo-browser.org rolls out human proof to verify FOSS contributors

Dillo-browser.org has launched a human proof system to verify contributors to its open-source browser project, confirming that each contributor is a real person and not an automated bot [dillo-browser.org]. The system went live on May 25, 2026, and is now required for all new contributions to the project.

The verification process asks contributors to complete a simple challenge—such as solving a visual puzzle or answering a context-aware question—that automated scripts cannot easily pass. This approach targets a known pain point in FOSS: spam pull requests, fake issue reports, and bot-driven repository pollution, particularly from actors seeking to inflate contributor metrics or inject malicious code.

Unlike traditional CAPTCHAs, which are often criticized for poor accessibility and reliance on third-party tracking, Dillo's human proof is self-hosted, privacy-focused, and designed to minimize friction for legitimate developers. The team emphasizes that the system does not collect personal data or require social media logins.

The move follows a spike in automated noise across smaller FOSS projects, with Dillo reporting a 40% increase in suspicious activity over the past year. While larger projects like GitHub have tools like verified commits and two-factor enforcement, smaller teams often lack the infrastructure to defend against coordinated bot campaigns.

This implementation could influence other lightweight, privacy-oriented projects facing similar threats. However, critics argue that such systems risk creating barriers for anonymous or pseudonymous contributors—a long-standing norm in open source. Dillo maintains that identity is not collected; only proof of human effort is validated.

No other major FOSS projects have adopted a similar system yet, but the model is being watched by maintainers in the decentralized software space.