Proof of Personhood Systems
The Unique Human Problem
Challenge: Prove you're a unique human without revealing who you are.
Requirements:
1. Uniqueness: One proof per human (no Sybils)
2. Privacy: Don't reveal identity
3. Decentralization: No central authority
4. Accessibility: Available to everyone
5. Security: Hard to fake/transfer
Paradox: These requirements are contradictory!
For uniqueness: Need to verify each person is distinct
But: Verification requires some identifying information
And: Information can compromise privacy
For privacy: Minimize information collected
But: With minimal info, can't ensure uniqueness
Result: Potential Sybils
For decentralization: No trusted party
But: Someone must verify humanness
Who?: Trusted parties (contradiction)
For accessibility: No barriers to entry
But: Verification has costs (time, money, technology)
Result: Some people excluded
For security: Hard to fake
But: Biometrics can be faked, spoofed
Social verification can be gamed
Technical verification can be bypassed
No perfect solution exists. All systems trade off these properties.
Worldcoin: Biometric Verification
Approach: Iris scanning for uniqueness
How it works:
1. Visit an "Orb" (scanning device)
2. Iris scan captures unique pattern
3. Generate hash of iris pattern
4. Check hash against database (no duplicates)
5. If unique, issue World ID (credential)
6. World ID links to crypto address
7. User can now prove humanness with World ID
Technical design:
Iris scan → Iris Code (2048 bits)
↓
Hash to 256 bits
↓
Store only hash (not original scan)
↓
Check for duplicates in database
�↓
If unique: Issue credential
↓
Credential stored on-chain or device
Privacy claims:
Worldcoin says:
- Iris scan deleted after hash generation
- Only hash stored (can't reverse to image)
- No personal info collected (except iris)
- Can prove uniqueness without revealing identity
Verifier sees:
"This World ID belongs to a unique human"
Verifier doesn't see:
- Who the human is
- Where they registered
- Iris scan or hash
Criticisms:
1. Centralization:
- Worldcoin Foundation controls Orbs
- Database of hashes is centralized
- Can be shut down, censored
- Single point of failure
2. Privacy concerns:
- Biometric data inherently identifying
- Hash reversibility unclear (potential future attacks)
- Location data from Orb visits
- Surveillance implications
3. Accessibility:
- Limited Orb availability (mostly wealthy countries)
- Physical visit required
- Excludes remote areas
- Barrier for disabled individuals
4. Coercion risk:
- Biometrics can't be revoked
- If compromised, permanent
- Potential for forced scanning
- Black market for World IDs
5. Trust assumptions:
- Must trust Worldcoin deletes scans
- Must trust hash can't be reversed
- Must trust no backdoors
- Unverifiable claims
Scale:
Launched: July 2023
Users: 5M+ verified (as of mid-2024)
Orbs: 1,500+ locations globally
Token price: $2-5 per WLD
Funding: $250M from a16z and others
Proof of Humanity: Video Verification
Approach: Social verification with video proof
How it works:
1. Submit profile:
- Name (or pseudonym)
- Photo
- Video of yourself saying "I certify I am a real human"
- Ethereum address
2. Deposit stake:
- Lock ETH as anti-spam measure
- Currently: 0.125 ETH (~$250)
3. Verification phase:
- Existing verified humans review submission
- Check: Is video genuine? Is person real?
- Vouch: Existing users can vouch for you
- Challenge: Anyone can challenge (costs deposit)
4. If approved:
- Profile becomes verified
- Address gets Proof of Humanity status
- Can now claim UBI token (periodic distribution)
- Can participate in Sybil-resistant systems
5. Renewal:
- Must re-verify periodically (annually)
- Prevents dead profiles
Game theory:
Vouching:
- If you vouch for fake profile, you lose stake
- If you vouch for real profile, you might earn rewards
- Incentive: Only vouch for people you're confident in
Challenging:
- Cost: Deposit to challenge
- If challenge succeeds: Earn stake from fake profile
- If challenge fails: Lose your deposit
- Incentive: Challenge obvious fakes, avoid borderline
Verifying:
- Jurors earn fees for correct decisions
- Jurors lose stake for incorrect decisions
- Incentive: Review carefully, vote honestly
Challenges:
1. Video can be deepfaked:
- AI-generated videos improving rapidly
- May fool human reviewers
- Arms race: Detection vs generation
2. Identity rental:
- Real person creates profile
- Sells access to scammer
- Scammer controls address
- Hard to detect remotely
3. Accessibility:
- Requires camera
- Requires internet
- Requires existing verified user to vouch
- Barriers for some populations
4. Privacy trade-off:
- Video and photo are public
- Name (even pseudonym) is public
- Less private than Worldcoin
- Face is strongly identifying
5. Scalability:
- Human reviewers don't scale
- Long verification times (days/weeks)
- Expensive (stake + fees)
Scale:
Launched: March 2021
Verified profiles: ~15,000 (as of 2024)
UBI distributed: $1M+ to verified humans
Success rate: ~70% of submissions approved
Cost: ~$300 (stake + gas) per verification
BrightID: Social Graph Verification
Approach: Prove humanness through social connections
How it works:
1. Download BrightID app
2. Make connections:
- Video call with people you know
- They verify you in-app
- Mutual verification (both parties confirm)
3. Join groups:
- Verification parties (scheduled events)
- Existing communities
- Build connection graph
4. Achieve verification:
- Need N connections (varies by application)
- Connections must be diverse (not all from same cluster)
- Achieve "sponsorship" level
- Apps can set own thresholds
5. Use BrightID:
- Prove to apps you're human
- Without revealing your identity
- Just prove: Sufficient verified connections
Social graph analysis:
Honest user's graph:
Alice
/ | \
/ | \
Bob Carol Dave
| \ | / |
| \ | / |
Emma Frank Grace
Properties:
- Diverse connections
- Multiple communities
- Mutual friendships
- Gradual growth
Sybil attacker's graph:
Attacker
/ | \ \
/ | \ \
S1 S2 S3 S4 ... S1000
Properties:
- Star pattern (one center)
- All controlled by attacker
- No mutual connections
- Sudden creation
Detection:
- Graph analysis algorithms
- SybilRank, SybilInfer
- Identify star patterns
- Flag suspicious clusters
Verification levels:
Level 1: Seedling
- 3+ connections
- Basic protection
- Can use some apps
Level 2: Sapling
- 10+ connections
- Multiple groups
- More trust
Level 3: Verified
- Sponsored by app
- Sufficient diversity
- Full access
Advantages:
+ No biometrics (privacy-friendly)
+ No central authority (decentralized)
+ Free (no monetary cost)
+ Accessible (just needs app)
+ Revocable (can burn identity and restart)
Challenges:
1. Sybil attacks via social engineering:
- Attacker makes real connections
- Slowly builds legitimacy
- Eventually controls multiple verified IDs
- Detection is statistical, not certain
2. Exclusion:
- Need existing connections
- Cold start problem for new users
- Communities might exclude outsiders
- Network effects favor early adopters
3. Graph analysis complexity:
- Hard to detect sophisticated attacks
- Privacy vs accuracy trade-off
- Requires centralized graph analysis?
4. Adoption:
- Requires network effect
- Chicken-and-egg problem
- Low adoption = easy to game
Scale:
Launched: 2017
Users: ~100,000 (as of 2024)
Connections: 1M+ mutual verifications
Apps integrated: ~20
Unique humans: ~50,000 (estimated verified)
Comparison of Proof of Personhood Systems
Property Worldcoin Proof of Humanity BrightID
─────────────────────────────────────────────────────────────────
Uniqueness ★★★★★ ★★★★☆ ★★★☆☆
Privacy ★★☆☆☆ ★☆☆☆☆ ★★★★☆
Decentralization ★★☆☆☆ ★★★☆☆ ★★★★☆
Accessibility ★★☆☆☆ ★★☆☆☆ ★★★★★
Security ★★★★☆ ★★★☆☆ ★★★☆☆
Cost Free $300 Free
Time Minutes Days/Weeks Hours
Adoption 5M+ 15k 100k
Sybil Resistance Very High High Medium
No winner:
- Worldcoin: Best uniqueness, worst privacy
- Proof of Humanity: Balanced, but expensive
- BrightID: Best privacy, hardest to bootstrap
Ideal (doesn't exist yet):
- Uniqueness of Worldcoin
- Privacy of BrightID
- Decentralization of all three
- Accessibility of BrightID
- Security better than all