Participant Authenticity · Integrity Engine

Every response, verifiably human.

Bots, LLM-written answers, click-farms and multi-accounting quietly corrupt online data. Testable fuses dozens of real-time signals into one score per participant — the Participant Authenticity Score (PAS). And Testable is the platform where you can both build the study and recruit participants directly — so when you do both with us, we see the whole thing, not a redirect boundary.

8
defence layers, from identity check to answer
23+
environment & behaviour signals
0 setup
native in-session capture on studies built with Testable*
cross-study permanent bans

* We don’t quote a “100% detection” figure — nobody honestly can. What we promise instead is the vantage point: when you build your study on Testable, in-session capture is native — keystrokes, pastes, focus changes and DOM writes, with nothing to install and no third-party JavaScript to paste in. That’s the highest-protection setup, and it’s why we recommend it. Live recall and false-positive metrics are published in the methodology pack.

How PAS works

A layered pipeline. Each layer catches what the one before it can’t, and every probabilistic signal converges on a single server-side score. No individual check can decide alone — that’s what makes it hard to defeat.

Testable-hosted study — powered by running the experiment on us Testable Minds pool — powered by owning the participant pool

A layer only runs when its colour is available to you. Two dots means it needs both. All eight light up together only when the study is built on Testable and recruits participants from Testable Minds — the setup we walk through under “Three ways to run a study”, below.

LAYER 1

Identity & verification

Verified Minds participants submit a government photo ID — checked for declared sex, date of birth, nationality, and issuing country — and face-matched to a live selfie at sign-up.

LAYER 2

Face-authentication

Before every study, a live face-authentication confirms the person starting the experiment is the same human on file. The match score feeds the PAS — identity bound to this session, not a re-check in some other app.

LAYER 3

Entry gate

A sub-30-second pre-study scan hard-blocks known automation and pool-banned fingerprints before the participant reaches your stimuli.

LAYER 4

Network & TLS

Datacenter / VPN origins and modern JA4 / JA4H TLS fingerprints screened at the edge — non-browser clients never load the study.

LAYER 5

Environment

Browser-automation and headless markers, tiered into hard-stop vs. suspicious across desktop and mobile.

LAYER 6

Behaviour

Typing rhythm, pointer motion, paste and focus patterns, plus input-provenance — text that appears without a genuine keystroke is treated as injected, not typed. Touch kinematics on mobile.

LAYER 7

Responses

Timing vs. reading time, accuracy, cross-participant answer similarity and free-text canaries flag AI-assisted and relayed answers. Where answers are spoken, the audio itself is a powerful tell.

LAYER 8

Fusion → PAS

Everything above becomes one weighted PAS with three action bands. We keep the full behavioural session — input, focus and pointer events, plus the participant’s spoken audio whenever you enable it — to replay and re-score as new evasion emerges. Borderline cases go to a person, with appeals and a full audit trail.

Layers 1–2 are live today; layers 3–8 are rolling out now and will be fully operational in August 2026.

You cannot detect what you cannot see. On Testable, you see everything — by default. Capturing what happens inside your study takes no setup: every keystroke, paste, focus change and DOM write is recorded natively, with no third-party JavaScript to copy into a survey and nothing to wire up, because the experiment runs on our page. And it’s built for real experiments, not just questionnaires and scales: reaction-time tasks, precise stimulus timing, interactive and multimedia designs all get the same full behavioural capture. Build your study with us and the complete picture is yours from the first click — the highest-protection setup, working the moment you hit go.

Turn on audio — the hardest signal to fake

For any study with spoken or open-ended answers, you can record the participant’s audio for the whole session and review it yourself afterwards. Live human speech is one of the strongest authenticity signals there is: a bot can’t speak instantly (yet), and a person relaying an LLM gives themselves away — copying the question out, waiting for the model, then reading the answer back takes real, measurable time, and it sounds like reading, not answering. Both the latency and the voice land in the PAS. We recommend enabling it wherever your experimental design allows.

The Participant Authenticity Score (PAS)

One number, 0–100, for every session. Use it to include, review, or weight — whatever your analysis calls for.

The full PAS launches in August 2026; identity verification and per-study face-authentication are live today.

06085100

Band thresholds shown here are illustrative; the live cut-points are tuned per strictness level and kept proprietary.

85–100VerifiedConfident human presence. Include as-is.
60–84ReviewMixed signals. Inspect, or down-weight in analysis.
0–59FlaggedStrong non-human indicators. Exclude or hard-review.

Three ways to run a study — three levels of protection

Two things catch modern AI: a verified identity that persists across studies, and in-page behaviour where the answers are actually typed. They live in two different places — the participant pool and the study page. Every competitor owns one and rents the other. Testable is the platform that can own both. Here is exactly how coverage changes with your setup.

1

Built on Testable · participants recruited from Testable Minds

The complete picture — and no one else can copy it. Every layer is live — blue and pink — and reconciles to one verified participant: pool identity, per-study live face-authentication, cross-study reputation and permanent bans, plus the full in-page stream (keystroke, paste, input-provenance, mouse/touch, canaries, behavioural session recording). Catch a bad behaviour once and that person is banned from every future study, everywhere on Testable.

2

Built on Testable · participants recruited elsewhere (e.g. Prolific)

Full in-study protection — the blue layers. The study runs on us, so the entire behavioural and environment stack works — entry gate, JA4, keystroke / paste / injection, mouse / touch, timing, session recording — and produces a real PAS. What’s reduced: the person’s verified identity lives with the outside panel, so permanent bans are device-level, not person-level. And note the asymmetry: the external panel that supplied the participant sees nothing inside your study — in-study visibility stays exclusively ours.

3

Built elsewhere (e.g. Qualtrics) · participants recruited from Testable Minds

Pool protection only — the pink layers, the box Prolific lives in by default. Your study runs on another platform, and browsers isolate pages from other websites (the same-origin policy) — so our telemetry cannot reach inside a survey hosted elsewhere. We keep verified identity, face-authentication at launch, reputation, bans and the launch/return boundary — but not one keystroke inside the survey. Want the complete picture? Build the study on Testable — it’s the best protection.

Controls you set

Tune strictness to your study. Tighter modes catch more automation at the cost of more manual review; looser modes minimise false exclusions.

fewer false exclusions
more automation caught
◍ Auto-exclude Flagged Flag-only mode Guard Situations 2–4 Per-study face-authentication Full-study audio capture

Validation & transparency

Published detection & false-positive metrics, refreshed per release.
Methodology whitepaper available under NDA.
DPIA and bias-audit support for your ethics board.
Per-participant flag reasons, exportable with your data.

What we deliberately don’t expose

Exact signal weights, live thresholds and the current bot-signature library stay private. Publishing them would hand a circumvention playbook to the operators we’re screening out — the same reason bank-fraud systems keep their internals closed.

Need to look under the hood for an audit? We’ll go deep with you under NDA.

About everyone else’s “100%”

We’re blunt about this because the marketing in our field has become fiction, and you’re the one who inherits the contaminated dataset when it turns out to be fiction.

1“100% bot detection” is a number a company gave itself. The benchmark behind it pitted about five AI agents against a hundred-odd cooperative humans, scored in-house, no external audit, against bots engineered to lose (Prolific, CloudResearch). Anyone who tells you they detect 100% of AI in 2026 has never met a 2026 AI — or is hoping you haven’t.
2Their own fine print detonates the headline. The same free-text detector that advertises “100%” concedes, further down the very same page, to 78.9% recall — it misses roughly one in five AI-assisted answers. “100%” and “misses one in five” printed on the same page is not a data-quality product; it’s a sales tactic.
3The peer-reviewed science is brutal to magic scores. At ACM CCS 2025, LLM solvers beat even the purpose-built “human-easy, AI-hard” reasoning CAPTCHAs at 63.5%, and the literature now treats LLM pollution of online research as an open, unsolved problem. Anyone still selling a CAPTCHA — or one magic number — as proof of humanity is selling you 2019 at 2026 prices.
4And the tell that should settle it: look at what they make you do. A recruitment-only panel — one that doesn’t host your study — can watch behaviour inside it only if you paste its JavaScript into your survey by hand — manually, per study, and only on Qualtrics, a survey tool most experimentalists don’t use for experiments in the first place. We don’t hand you a kit to assemble. The study runs on us, so we capture all of it, natively, for any study type. That’s not a setting they flip next quarter — it’s the shape of who owns what.
5“Surprise” liveness that never watches the exam. Recruitment-only panels re-check a face in their own app, never during your study — the study isn’t on their platform, so it can’t be. It proves the account is awake somewhere; it can’t prove the person answering your questions is the verified human. We don’t bother with random re-checks: we run a live face-authentication at the start of each study, on the same platform the study runs on, and score the match into PAS. Same-origin isn’t just their detection problem — it’s their identity problem too.
Our stance. We don’t claim perfection — we publish our real recall, we name the one thing nobody on earth can catch (a genuine verified human relaying an LLM’s answers off a second phone), and we own both the room and the guest list. Honest, from the one platform that can actually see the whole study, beats a self-graded 100% from one that can’t.

Compliance & deterrence

Participant Authenticity is a data-minimising design with human oversight built in — and a permanent, cross-study ban network that makes fraud expensive to attempt.

Compliance
GDPR Art. 22 · human review CCPA DPIA support
On your terms
Data Processing Agreement Data residency Configurable retention