Proof of Personhood (PoP) Introduction | Challenges in the Development of Digital Identity

On-chain identity verification and sybil-resistance against witch attacks have become major obstacles to widespread adoption in Web3, as pointed out by Volt Capital here. The fundamental reason lies in the incomplete infrastructure of Proof of Personhood (PoP), which requires further methods to confirm the uniqueness and humanity of accounts, continuously updated, in order to eradicate witch attacks and promote industry development.

Web3 Identity Crisis

Project Growth Requires a Sound Identity System

As Web3 applications become increasingly prominent, the issue of online identity verification is significantly underestimated compared to other applications. Particularly, the lack of development in combating sybil attacks – where an individual applies for multiple wallet addresses to engage in unexpected behaviors – has become a bottleneck for the growth of the cryptocurrency sector among a wider consumer base.

The issue of online identity is not new, but despite years of development, it remains largely unresolved. Many projects still inaccurately assess real users on the chain, erroneously treating invalid wallet addresses and non-human behaviors as indicators of product-market fit, leading to misguided decisions.

Without sybil attack prevention measures, this situation may reoccur in the upcoming market cycles.

Dynamic Competition Makes Sybil Attacks Incurable

Early airdrops like Uniswap and dYdX have set an unsustainable industry standard, where many cryptocurrency users now expect lucrative airdrops for interacting with a product, leading to the emergence of bots, multiple wallet operations, and a sophisticated industry chain.

While several preventive measures and tools are emerging, anyone who has researched sybil attacks would acknowledge, "It's an ongoing cat-and-mouse game," where attackers continuously learn new tactics to bypass defenders, leading to an endless cycle of dynamic competition.

This shocking article by Kerman Kohli, which can be found here, is an extreme example, openly introducing products involving automated wallet deployment and various on-chain operations, providing means to eliminate fake wallets that crypto teams might use.

How can airdrop enthusiasts ensure they are not labeled as sybil addresses?

Proof of Personhood

The aforementioned issues stem from the incomplete identity infrastructure in the current industry.

Proof of Personhood as the Foundation of Digital Identity

Most digital identity verifications focus on reputation, decentralized identity (DID), and privacy, all of which are crucial but fundamentally fail to address Proof of Personhood (PoP) issues.

Proof of Personhood is an identity mechanism based on individual uniqueness and human attributes. Identity verification and authorization require proof of personhood, making it a fundamental component of establishing digital identities.

While most PoP solutions on the market are designed to combat AI-generated fake information and sybil attacks, Web3 seems to require PoP solutions for similar yet different reasons.

Within the structure of Proof of Personhood, two key aspects need to be met: Uniqueness and Humanness.

Uniqueness: Ensuring Each Person has Only One Identity

Uniqueness ensures that the individual behind the account interacting with DApps is unique and not derived from one person operating multiple accounts. While having a single wallet for each unique user is ideal, the current existing crypto wallets do not enforce this.

Thus, some projects opt for verified methods like Know Your Customer (KYC) to strike a meaningful balance. This helps understand the so-called "impossible trilemma" of current identity verifications:

• User Experience (UX): Excessive verification processes introduce significant friction, reducing user conversion rates and subsequent metrics.
• User Sovereignty: Using KYC conflicts with decentralized and autonomous principles.
• Assurance: Different means provide varying levels of assurance; the National Institute of Standards and Technology categorizes assurance levels into three, ranging from basic, e.g., email, to high assurance, e.g., third-party certification, and highest assurance, e.g., biometrics, in-person verification.

An ideal identity solution would offer the highest level of assurance without adding excessive friction or compromising user sovereignty. However, since such a solution does not currently exist, projects are forced to make meaningful trade-offs for their use cases.

Humanness: Ensuring it's a Human, not a Bot

Humanness ensures that there is a real person operating the account. Typically, account activities can be used to determine whether it's a bot or a human behind the scenes.

In the past, distinguishing humanness was relatively easier than uniqueness because human users are usually more complex than bots, with distinct user footprints.

However, in the long run, discerning humanness may become a more challenging issue, partly because certain accounts may swing between bots and humans. This issue may escalate if humans deploy bot proxies to transact on the network on their behalf.

Opinion | How Autonomous Worlds and Autonomous Agents Enrich Future Gaming

Therefore, some identity solutions are beginning to explore more precise means of determining humanness, often sparking controversy. For example, Worldcoin employs iris scanning.

Worldcoin has open-sourced its iris scanning device, Orb, aiming to alleviate market privacy concerns.

Continuous Updates

In addition to verifying uniqueness and humanness, a robust proof of personhood mechanism must undergo healthy continuous identity verifications.

Solutions that only verify identities at creation are particularly vulnerable to sybil attacks and fraudulent activities; for example, Worldcoin faces issues with iris sale verifications.