Current State Analysis
Common failings of Sybil-defence Protocols
We have scoured the internet for decentralized non-KYC Sybil Resistance options. There are a few protocols already in existence which have tried to solve the unique human conundrum, each in their own way.
From our research we found that they commonly share the following problems...
Require biometrics in the form of video recording, picture of your face, fingerprint, or retina scan. These are stored centrally, which naturally become a honeypot of data for hackers to steal. The repositories are supposedly both hashed and encrypted with the original imagery deleted, but still... Many of these are also unproven and new technologies.
Lack of implementation of continued aliveness checks. People die. We don't know much about life, but we do know that. So it's surprising that most web3 projects don't have even the most rudimentary recurring checks if people are still alive.
Are complicated and non-user-friendly experiences. The most common issue here is the requirement that users save a mnemonic phrase which they "can't lose" but always end up losing anyways and thus ruins the experience.
Requires users to store their seed phrase. Prone to loss of keys / compromised account, with a lack of account recovery functionality. In case an account gets compromised, it is incredibly important that a user can recover it, especially for a PoUAH standard where users only get to create ONE account each, ever.
Does not support people with shared devices, so they would be excluded.
Require download from an app store to an expensive smart phone, so people without phones and people censored from the app store would be excluded.
Are still standalone esoteric experiments, with no utility in the real world.
Overly reliant on one single method for user verification, which is a risky proposition to say the least
Lack of stratification of trust into for example categories of increasing trust, to denote the quality of the uniqueness and aliveness credentials.
Some web3 project have fewer issues than other, that's for sure, but they all feature one or more of the above. We should say clearly that we applaud their groundbreaking efforts though. Many of the pioneering projects are absolutely amazing in their own rights, driven by passionate and incredibly skilled people. But let's have a look at some of the best solutions to date, and review their remaining issues.
BrightID - A Web of Trust
Users validate each other, either as "known" connections or as "just met". With enough verification pairs a web of trust arises, and for people that are "closer to the center" of web are more likely to be unique humans than those further out.
Relies on a small set of gatekeeper humans to first verify you. These gatekeepers can’t possibly remember everyone they’ve seen before.
Relies on users to get connected with apps in order to get “sponsored” by at least one of them. But common users have no affiliation with or interest in most of these apps.
Requires you to be connected with as few "degrees of separation" as possible to a “seed group,” an inner circle of trusted people, before you can gain full trust. It's currently very hard, almost impossible to find and get connected to someone who is connected to the seed group, at least before BrightID gains exponential adoption.
Valiant effort to create a recovery function, but solved poorly which leaves them open to new attack vectors.
BrightID also suffers from issues 2, 5, 6 and 8 above.
Idena Network - Simultaneous Flip Test Verification
Requires people to repeatedly show up at the same time all over the globe to perform a verification task simultaneously, building on the premise that one person can only be at any one place with one login at a time.
Users have to show up at the specified time or risk losing their trusted status. This is infeasible to maintain at best, does not scale well. The world would stop, the internet would break if all 8 billion had to log on at once.
If and when users aren't required to show up to every event, then it's no longer a uniqueness certificate. (If for example it's enough to show up at every fourth event, then an ambitious user could maintain four identities.)
Idena Network also suffers from issues 3, 4, 5, 7, 8 and 9 above.
Gitcoin Passport - A rollup aggregation of multiple identities
Users are required to connect their one Ethereum wallet to identities from various other sites (Facebook, Discord, etc) and thereby collect "stamps". Apps can set their own rules for which combination of stamps are sufficient.
False sense of uniqueness 1. GP allows users to prove uniqueness with protocols without any form of Sybil defense, such as Facebook, Google, Discord and other platforms where it’s very easy to create duplicate accounts.
False sense of uniqueness 2. Even if GP only included stamps from protocols with some form of Sybil defense, it would still be possible to create dupes. For example, a user could create one account that relies on a stamp from BrightID and another that relies on a stamp from Proof Of Humanity.
Apps that wish to build on Gitcoin Passport have to create and code their own definitions of uniqueness and criteria to calculate it, which can be a complex and daunting task.
Only compatible with EVM chains
Gitcoin Passport also suffers from issues 2, 3, and 4 above.
Proof of Humanity - Video Submissions Challenged in Court
Users are asked to submit a short video of themselves claiming that this is the first and only time they have applied, and post a bounty to bet on the veracity of their claim. Anyone can then scrutinize their submission and challenge it in a Kleros Court which will arbitrate any challenges. The bounty is split between the court participants and the winner.
The most criticized feature of PoH is the complete lack of anonymity, i.e. the requirement to post a public video of yourself onto the internet with a link to your wallet address.
False sense of uniqueness. When the user count goes beyond millions, it will be close to impossible to cross-reference all those videos and find duplicate accounts, particularly if a lot of time has passed between submissions. People age, apply makeup, change looks over time.
Low capacity. There are only 17k individuals to date.
Expensive. Ethereum gas fees are among the higher, and not everyone can afford to post the required bounty.
The PoH community seems to be in a state of implosion. There have been constant public fighting between community members. There is a vote ongoing about if the community and protocol should fork into two different ones.
Only compatible with EVM chains
Proof of Humanity also suffers from issues 1, 3, 4, 8 and 9 above.
GoodDollar - Repository of Hashed 3D Facial Scans
Users are asked to take a video selfie to validate both aliveness and uniqueness.
Relies on licensing from a centralized third-party, prone to account censorship and/or service disruptions
Proprietary and non-open sourced technology. Relies on an proprietary unverifiable algorithm, not open sourced, and therefore also very risky
No independent audits available. Not reliable based on comments in user forums, seems to have higher rate of false positives and false negatives than what the third party alludes to. Users frequently complain about false negatives from experience ("not allowed to log on because you have a twin in the repository"). Ask yourself: How much does the third party increase their tolerances to circumvent this problem? And how much does that increase the false positives on the other end? Answer: there is no way of knowing how many false positives there are.
Only compatible with EVM chains
GoodDollar also suffers from issues 1, 2, 8 and 9 above.
GlobalCoin
A team of users travel the world with a hardware device called the "orb" and offer free retina scans to passersby. The scanned images are compared to other retinas in the database to determine uniqueness.
Not readily available, requires dedicated expensive hardware, as retina scans require access to highly specialized hardware.
Similar drawbacks as FaceTec
GlobalCoin also suffers from issues 1, 2, 4, 7, 8 and 9 above.