DEV Community: Vincent Narbot

The End of the "I Am Not a Robot" Box: Why Your Next Login Will Require 5 Squats

Vincent Narbot — Wed, 01 Apr 2026 06:34:00 +0000

Why physical verification is the final frontier of cybersecurity.

For twenty years, we’ve been clicking on traffic lights, buses, and fire hydrants to prove we’re human. We’ve collectively spent billions of hours training AI models for free, only for those same models to become better at solving CAPTCHAs than we are.

In 2026, the "I am not a robot" checkbox is officially dead. If a bot can pass the Bar Exam, it can certainly find a crosswalk in a grainy photo.

So, how do we solve the "Dead Internet Theory" while simultaneously tackling the "Sitting Disease" of the modern workforce?

Introducing HealthCAPTCHA: The world’s first security protocol based on Physical Verification.

The Cognitive Compromise

Traditional CAPTCHAs rely on cognitive work. But in the age of Generative AI, cognitive effort is cheap. Scripts can now mimic human click-patterns and solve recognition puzzles in milliseconds.

The only thing an AI cannot do is exist in the physical realm. It has no metabolism. It cannot feel the burn of a deep squat.

How It Works

At HealthCAPTCHA.com, we’ve shifted the verification layer from the screen to the floor. To access a protected site, a user must perform 5 squats in front of their webcam.

Our protocol doesn't just look for a face; it verifies humanity through kinetic movement. If you don't hit parallel, you don't get the password. It’s a physical firewall that makes automated scripts physically impossible.

The Health Advantage

This isn't just about stopping spam. The average knowledge worker solves multiple CAPTCHAs a day. By turning those into 5-rep sets, we are turning a digital hurdle into a circulation-boosting micro-break.

The Future is Physical

As we move into a world dominated by silicon intelligence, our biological reality is our greatest security asset. The era of the sedentary internet is over.

Kill spam. Skip the gym. You’re welcome.

→ HealthCAPTCHA.com

Every day we focus on healthcare interoperability and continuity of care. But sometimes we forget that small steps, taken every day, can have a big impact on your health over time. At Formidable Care, we believe that anything that makes your care more formidable matters. Even five squats.

Happy and Healthy April Fools Day.

Why digital signatures break on structured healthcare data

Vincent Narbot — Fri, 23 Jan 2026 10:23:06 +0000

Digital signatures are often treated as a solved problem. In practice, most systems solve identity, not integrity, and the distinction becomes critical once signatures are applied to structured data rather than static documents.

Healthcare is a good example, but the issue is not healthcare-specific. Any system that signs structured, interoperable data eventually runs into the same failure mode.

This post explains why that happens and what a correct signing architecture looks like.

A real-world failure scenario

Consider a common workflow:

A system generates a prescription encoded as structured data (for example, JSON).
A clinician signs it.
The data is transmitted to another system.
The receiving system re-serializes the payload:
- Fields are reordered
- Optional fields are omitted
- Formatting and whitespace change
Signature verification fails.

No semantic meaning changed.

No malicious modification occurred.

Yet cryptographically, the document is no longer identical.

This is not a bug. It is the expected outcome of signing non-canonical structured data.

Identity is not integrity

Any serious signing system must answer two different questions:

Who signed this?
Exactly what did they sign?

Most e-signature systems focus heavily on the first question:

Authentication
Identity proofing
Audit logs

They often answer the second question implicitly by signing a particular file representation, assuming that representation is stable over time.

That assumption holds for PDFs.

It fails for structured data.

Cryptographic signatures are binary-exact.

Structured data is not.

Why structured data breaks naive signing models

Structured data is routinely:

Stored in databases rather than files
Regenerated on demand
Transformed across APIs
Normalized or enriched downstream

Two semantically identical objects can have multiple valid binary representations. A signature over one representation will not verify against another.

Without additional guarantees, signing structured data amounts to signing a transient serialization artifact rather than the underlying meaning.

That is not a durable proof.

Interoperability makes integrity unavoidable

As interoperability increases (for example, through FHIR in healthcare), systems exchange meaningful data, not frozen documents.

In this environment:

Data crosses organizational boundaries
Content is transformed and re-emitted
Long-term verification matters

Connectivity without cryptographic integrity guarantees creates a false sense of trust. Systems can exchange data, but they cannot reliably prove that the data they consume is the data that was approved.

A signing architecture that preserves integrity

Closing this gap requires making the signed object deterministic.

A robust architecture consists of three explicit steps.

1. Canonicalization

Convert flexible structured data into a deterministic representation:

Stable field ordering
Normalized data types
Removal of non-semantic noise
Versioned canonicalization rules

Semantically identical data must produce identical bytes.

2. Fingerprinting

Hash the canonical representation using a collision-resistant algorithm.

This produces a fixed-length fingerprint that uniquely represents the content and changes completely if the meaning changes.

At this point, integrity is mathematically defined.

3. Signature

Sign the fingerprint, not the raw document.

This binds a signer’s identity to a precise, reproducible representation of the data. Anyone with the public key, the canonicalization rules, and the data can independently verify the signature.

No vendor trust required.

Why document-centric models fall short

Document-based signing works by freezing content into a visual artifact. Structured data systems do the opposite: they keep data queryable, transformable, and alive.

Applying document-centric integrity models to structured data is a category error.

The correct abstraction is not “sign the file.”

It is “sign the meaning.”

TLDR;

Digital signature systems were largely designed for documents, not interoperable data.

As systems become more connected, this mismatch surfaces as:

Failed signature verification
Fragile audit trails
Legal ambiguity
Compliance theater

Closing the gap does not require exotic cryptography. It requires discipline: canonicalization, fingerprinting, and explicit binding between identity and meaning.

If a signature cannot survive serialization, transport, and regeneration, it does not prove what it claims to prove.

Disclosure

I work at Formidable Care, where we are building Israel’s national digital prescription infrastructure. As interoperability increases, integrity becomes a collective responsibility, not a vendor-specific detail.

Building Formisoft: AI-Powered Client Intake Forms with Compliance at the Core

Vincent Narbot — Fri, 20 Sep 2024 09:19:58 +0000

When building a business, one of the most critical components is efficient client onboarding and information management. As industries continue to evolve, so do the technologies that support them. Enter Formisoft—a platform designed to simplify the client intake process while ensuring that businesses remain secure and compliant in their data handling.

In this blog post, I’ll walk you through the tech stack and philosophy behind Formisoft, and how it aims to revolutionize the client intake form process for businesses.

The Problem: Inefficient, Paper-Based Intake Systems

Many businesses still rely on outdated, paper-based methods to collect client information, which can lead to several inefficiencies:

Data entry errors
Time-consuming manual processes
Lack of integration with modern systems
Security vulnerabilities due to physical data handling

This creates a disconnect between the potential of modern business systems and the actual workflows many companies still depend on.

The Solution: Formisoft

Formisoft was born out of the need to provide businesses with a secure, compliant, and efficient way to manage their client intake processes. By using AI-powered tools, we’ve developed a platform that not only simplifies form creation but also enhances the client experience, ensuring seamless data collection and integration with existing systems.

Key Features

AI-Powered Form Creation

With Formisoft, businesses can create custom forms with the help of AI, streamlining the process of gathering client information. Our platform also allows the conversion of traditional paper forms into digital formats, making the transition to a paperless system easy and accessible.
Secure and Compliant

Data security and compliance are at the heart of Formisoft. We ensure that all forms are built with compliance in mind, adhering to industry regulations like GDPR, HIPAA, and others. This ensures that your business not only collects data efficiently but does so securely, safeguarding client information.
Integration with Existing Systems

Formisoft seamlessly integrates with your existing systems, meaning that client data is collected and immediately integrated into your workflows. This minimizes the need for manual entry and ensures that your team can focus on what matters most: providing excellent client service.

Tech Stack Overview

Here’s a breakdown of the tech stack we used to bring Formisoft to life:

Next.js: The backbone of our platform, giving us the flexibility and scalability needed to build a modern web app.
Auth0: Ensures secure authentication, making sure only authorized personnel can access and manage sensitive client information.
Netlify: We rely on Netlify for continuous integration and deployment, ensuring a smooth experience for both development and operations.
Stripe: For handling payments securely and efficiently, we’ve integrated Stripe to manage subscriptions and billing.
Tailwind CSS: Provides a clean, modern, and customizable design, ensuring a smooth user experience for both clients and businesses.
Claude Opus / Sonnet: Our AI-driven tools that power the intelligent form creation process, helping businesses build custom forms with ease.

Why We Chose This Stack

At the heart of Formisoft's development is the idea of speed and security. We wanted a platform that would enable us to iterate quickly while maintaining the highest standards of data protection. Here’s why each technology was chosen:

Next.js: It’s ideal for server-side rendering and static site generation, which offers performance benefits and scalability as we grow the platform.
Auth0: A powerful solution that handles user authentication securely, without adding complexity to our codebase.
Netlify: Their serverless capabilities and ease of deployment align perfectly with our goal of having a highly scalable infrastructure.
Stripe: For a business like ours, having a trusted and secure payment gateway is non-negotiable. Stripe’s API and documentation are top-notch, making it easy to integrate.
Tailwind CSS: Clean, fast, and minimal—just what we needed for a modern, responsive user interface.
Claude Opus / Sonnet: These AI technologies enable businesses to create forms more efficiently, reducing the friction that often comes with building customized client intake forms.

The Future of Form Building

Formisoft is more than just a form builder; it's a complete solution that enables businesses to move from inefficient, paper-based systems to digitally-driven, AI-powered ones. As we continue to develop the platform, we’re focusing on creating a comprehensive library of industry-specific templates that businesses can easily customize and deploy.

Our vision is to become the go-to platform for secure, compliant, and AI-enhanced form creation, ensuring that businesses can focus on growth, while we handle the rest.

Try it out @ formisoft.com