← Back to Blog
January 22, 2026

How In-Person QR Verification Stops Bots, Trolls, and Grooming

noalgo.me requires an in-person QR scan to add a friend. This single design choice eliminates bots, trolls, anonymous harassment, and the primary vector for online grooming. Here's how it works.

QR verification safety privacy anti-grooming

The stranger problem

Every major social network has the same structural flaw: anyone can reach anyone. You can send a friend request to a stranger. You can DM someone you’ve never met. You can create an account with a fake name and a stolen photo in under two minutes. The platforms know this is a problem — they employ thousands of moderators and deploy AI detection systems to manage it — but the architecture itself allows it.

This is the stranger problem, and it’s the root cause of most social media harm: bots, trolling, harassment, impersonation, and the grooming of minors. Every one of these threats depends on the ability of a stranger to enter someone’s network undetected.

The QR handshake

noalgo.me solves the stranger problem at the architecture level. There is no search function. There is no “people you may know.” There is no way to send a friend request to someone you haven’t met. The only path to a connection is a physical QR scan.

Here’s how it works: one person opens their noalgo.me app and displays a unique QR code on their profile. The other person scans it with their camera. The app verifies the handshake, and the two accounts are connected.

The critical constraint is that this must happen in person. You have to be physically present with someone, holding your phone, looking at their screen. A bot in a data center cannot do this. A troll on the other side of the world cannot do this. Someone with a fake profile and a stolen photo cannot do this unless they are standing in front of you — at which point the deception is far harder to maintain.

Why this eliminates bots

Bots are automated accounts. They scale because they don’t require human presence — one operator can run thousands of bot accounts, each sending friend requests and DMs around the clock. The economics depend on volume and zero physical cost.

On noalgo.me, bot scaling is impossible. Every single connection requires a human being to physically scan a QR code with another human being’s phone. There is no API endpoint for “send friend request.” There is no search to scrape. The cost of creating a fake connection is not zero — it’s the cost of physically traveling to another person and convincing them to scan your code. That’s not scalable, and that’s the point.

Why this prevents grooming

Online grooming typically follows a predictable pattern: a predator creates an account, reaches out to a target (often a minor) through search, suggestions, or unsolicited messages, builds trust over time, and eventually exploits the relationship. Every step of this process depends on the ability to initiate contact with a stranger.

On noalgo.me, the first step is blocked. A predator cannot find a target because there is no search. They cannot send an unsolicited message because there is no DM-from-strangers feature. They cannot appear in “suggestions” because there are no suggestions. The only way into someone’s noalgo.me network is to be physically introduced by that person.

This doesn’t make the platform a substitute for parental supervision or education. But it does remove the primary vector — remote, anonymous contact with strangers — that grooming depends on. For student communities and younger users, this is a structural safety advantage that no moderation system can replicate.

Verification without surveillance

A common response to safety problems on social media is to add more surveillance: identity verification, phone numbers, government IDs, biometric checks. These approaches trade privacy for safety — you prove who you are by handing over personal data to the platform.

The QR handshake achieves verification without any of that. It doesn’t verify who you are to the platform. It verifies that you were physically present with another person. The platform doesn’t need to know your real name, your government ID, or your face. It just needs to know that two phones were in the same room and one scanned the other.

That’s the difference: surveillance-based verification proves your identity to a corporation. Presence-based verification proves your existence to a friend. noalgo.me chose the latter.

Not a moderation problem — an architecture problem

The social media industry frames safety as a moderation problem: how do we detect and remove bad actors after they’ve entered the network? noalgo.me frames it as an architecture problem: how do we prevent bad actors from entering the network in the first place?

The QR handshake is an architectural answer. It doesn’t rely on AI to detect harm. It doesn’t require a team of moderators reviewing reports. It simply makes the most common forms of social media harm structurally impossible. Strangers can’t reach you because the network doesn’t let them in.