Can you imagine any theoretical way to seperate live users from bots?

Homomorphic encryption, and trusted third parties. Nobody needs to know where you're going, only that you are there.

Probably too complex for casual use. One could imagine a kerberos like "time limited proof" which certifies you for a window.

What you have is who you are is in 2FA so issuing people with 2fa and then interacting through the 2fa.

For sufficient corruption, the TTP flips so it's not foolproof.

Have to start using device secure enclaves similar to what WorldCoin’s orb is doing or Apple’s iPhones.

Use a captcha. If the user fails, it's a real person.

Yes. Ask the users questions only users can understand.

This is partially what sama's orb was trying to address, correct? I ain't no city slickin' cryptographer, so can anyone explain if he was on to something there?

I don't know the Worldcoin orb architecture, but I had always believed that biometric security was flawed, as it is a password that you can never change.

However, there were smart people working on that, so was I missing something?