Proof of Personhood
The unique-human problem
Last updated
Was this helpful?
The unique-human problem
Last updated
Was this helpful?
A digest of by Vitalik Buterin.
One of the trickier, but potentially one of the most valuable, gadgets that people in the Ethereum community have been trying to build is a decentralized proof-of-personhood solution.
Proof of personhood, aka the unique-human problem, is a limited form of real-world identity that asserts that a given registered account is controlled by a real person (and a different real person from every other registered account), ideally without revealing which real person it is.
There are two main forms of proof of personhood: social graph and biometric.
Social graph proof of personhood relies on some form of vouching: if Alice, Bob, Charlie and David are all verified humans, and they all say that Emily is a verified human, then Emily is probably also a verified human. Vouching is often enhanced with incentives: if Alice says that Emily is a human, but it turns out that she is not, then Alice and Emily may both get penalized
Biometric proof of personhood involves verifying some physical or behavioral trait of Emily, that distinguishes humans from bots (and individual humans from each other).
Most projects use a combination of the two techniques. Three efforts at tackling this problem are:
: you upload a video of yourself, and provide a deposit. To be approved, an existing user needs to vouch for you, and an amount of time needs to pass during which you can be challenged. If there is a challenge, a decentralized court determines whether or not your video was genuine; if it is not, you lose your deposit and the challenger gets a reward.
: each person holds an ID and makes connections with people they know. A social graph is formed connecting IDs and sharing personal information peer-to-peer (not with servers or apps). Fake identities are detected by analyzing the whole graph.
: you play a captcha (common sense test) game at a specific point in time (to prevent people from participating multiple times); part of the captcha game involves creating and verifying captchas that will then be used to verify others.
Some of them come with a (UBI) token, and some have found use in to verify which accounts are valid for quadratic voting. adds privacy to many of these solutions.
Worldcoin was co-founded by Sam Altman, who is best known for being the CEO of OpenAI. The philosophy behind the project is simple: AI is going to create a lot of abundance and wealth for humanity, but it also may kill very many people's jobs and make it almost impossible to tell who even is a human and not a bot, and so we need to plug that hole by:
creating a really good proof-of-personhood system so that humans can prove that they actually are humans, and
giving everyone a UBI
The Worldcoin project includes:
World ID: a privacy-preserving digital identity designed to help solve important, identity-based challenges, including proving an individual’s unique personhood.
Worldcoin token (WLD): a token providing utility and giving users a say over the direction of the Worldcoin protocol. WLD is globally and freely distributed to people just for being a unique individual.
World App: an app that enables payment, purchases and transfers globally using digital assets and traditional currencies
Worldcoin has also committed to decentralize over time. At first, this means technical decentralization:
the Worldcoin token is distributed over Optimism, an L2 on Ethereum
users' privacy is protected with zero-knowledge proof technology (ZK-SNARKs): a registered user can prove to be in the database without revealing any other information (in particular their identity).
Later on, it includes decentralizing governance of the system itself.
There are four major risks that immediately come to mind when thinking at Worldcoin and more generally to any biometric solution of the unique-human problem:
Privacy. The registry of iris scans may reveal information. At the very least, if someone else scans your iris, they can check it against the database to determine whether or not you have a World ID. Potentially, iris scans might reveal more information.
Accessibility. World IDs are not going to be reliably accessible unless there are so many Orbs that anyone in the world can easily get to one.
Centralization. The Orb is a hardware device, and we have no way to verify that it was constructed correctly and does not have backdoors. Hence, even if the software layer is perfect and fully decentralized, the Worldcoin Foundation still has the ability to insert a backdoor into the system, letting it create arbitrarily many fake human identities.
Security. Users' phones could be hacked, users could be coerced into scanning their irises while showing a public key that belongs to someone else, and there is the possibility of 3D-printing "fake people" that can pass the iris scan and get World IDs.
Proponents of social-graph-based verification often describe it as being a better alternative to biometrics for a few reasons:
it does not require collecting biometric data, making it more privacy-friendly
it does not rely on special-purpose hardware, making it much easier to deploy
it is potentially more friendly to pseudonymity, because someone can chooses to split their digital life across multiple identities and keep them separate from each other
biometric approaches give a binary score of "is a human" or "is not a human", which is fragile: people who are accidentally rejected would end up with no UBI at all, and potentially no ability to participate in online life. Social-graph-based approaches can give a more nuanced numerical score, which may of course be moderately unfair to some participants but is unlikely to "un-person" someone completely.
However, it's worth also taking into account the weaknesses of social-graph-based approaches:
Bootstrapping: for a user to join a social-graph-based system, that user must know someone who is already in the graph. This makes large-scale adoption difficult, and risks excluding entire regions of the world that do not get lucky in the initial bootstrapping process
Privacy: while social-graph-based approaches avoid collecting biometric data, they often end up leaking info about a person's social relationships, which may lead to even greater risks. Zero-knowledge technology can mitigate this, but the interdependency inherent in a graph and the need to perform mathematical analyses on the graph makes it harder to achieve the same level of data-hiding that you can with biometrics
Inequality: each person can only have one biometric ID, but a wealthy and socially well-connected person could use their connections to generate many IDs. Essentially, the same flexibility that might allow a social-graph-based system to give multiple pseudonyms to someone (eg. an activist) that really needs that feature would likely also imply that more powerful and well-connected people can gain more pseudonyms than less powerful and well-connected people
Risk of collapse into centralization: most people are too lazy to spend time reporting into an internet app who is a real person and who is not. As a result, there is a risk that the system will come over time to favor "easy" ways to get inducted that depend on centralized authorities
What we should ideally do is treat these three techniques as complementary, and combine them all. Biometric bootstrapping may work better short-term, and social-graph-based techniques may be more robust long-term, and take on a larger share of the responsibility over time as their algorithms improve.
More recently, we have seen the rise of a much larger and more ambitious proof-of-personhood project: .
Worldcoin is unique in that it relies on highly sophisticated biometrics, scanning each user's using a piece of specialized hardware called the Orb. The goal is to produce a large number of these Orbs and widely distribute them around the world and put them in public places to make it easy for anyone to get an ID.
