At SKALE we are interested in solving the proof of humanity problem now even if roughly, because Dapps cant work well without a solution.
I think many other blockchains are interested in this problem.
Basically, for fast and cheap chains you need to be able to enforce that your registered users are humans, otherwise you will have too many bots and DoS.
Google, FB etc are solving this problem using either SMS or email verification, but it is
first centralized
and second blockchain is passive, so it cant send an email or SMS.
So here is a practical solution, which is probably the best you can do at the moment for billions of users. It is based on Gmail signing message headers with Google public key (DKIP signatures)
A user sends a short email from Gmail to a relaying party on Internet, that posts this email to a smart contract on ETH-compatible blockchain. The relaying party is simply a reposting service, does not have security relevance and could be the user herself.
The email includes user public ETH key.
A smart contract verifies Google-signed email headers and then posts email/public-key pair on-chain.
To be roughly human means to have your email/public-key on chain
Thats it! We are looking for people that want to help us impement this as opensource library.
Also looking for more privacy-preserving tweaks to this.
This is a practical and useful solution towards mass adoption. This would be a great way to verify individual wallets as human. Sounds fantastic and really would love to follow this project closely! Wishing you the best of luck
First of all: I agree this is an important problem to solve!
Unfortunately I do not see how your solution is more decentralized than google email verification (especially as you rely on Gmail here)
The best (most privacy preserving and hard to game) solution to the problem I found so far is idena - what is really needed is a bridge to ethereum - there where some developed via gitcoin grants once - but they have been impractically expensive - maybe this should be reevaluated with L2s now.
I’m sorry if this is a stupid question, but I’m aware of https://app.proofofhumanity.id/
Is anything wrong/unsatisfactory with it? (I must admit I haven’t looked at how it works)
Regarding GMail specifically, while this would be a relatively good “whale deterrent”, it’s very easy to get many Google accounts. If you’re crafty, you can even scale/game this process up quite a bit. A startup I was briefly associated with used to order free/trial SIM cards by the dozen, and spawn Facebook accounts in order to advertise themselves.
There’s a solution in the works. It’s roughly something like this:
Register as a human.
Mint a fungible ERC-20 token that can only be minted once you’re accepted as a human
Everyone uses a Tornado Cash-like protocol to mix these tokens up.
Now you have the guarantee those tokens came from humans, but you don’t know which new wallet represents which human.
While you still have the privacy issue of you having to have your picture accessible on the blockchain, but you also unlock things like anonymous voting, that you can use for 1 person 1 vote, quadratic voting, etc…
That’s a nice idea actually. But I think it should still be on top of a system where you do not have to hold your face in a camera for it. Really dislike that idea. Also think it can be attacked via deepfakes. Really like a system like idena more and see more future in there.
The question is why do you feel the need to protect from bots? If submitting a valid transaction to the chain is undesirable doesn’t it mean that the economy of the chain is broken? If the distinction between bots and humans is important it’s likely than the transaction costs are not going to be covered by fees, but by some additional value extracted from the fact that users are humans.
This is just a first step. After a user is registered they monitor their behavior and ban accounts as soon as they notice something suspicious. It’s hard to allow fast bans like that without lots of centralization and some false positives. For any sms, email, or captcha based service it’s pretty easy to automate and register thousands accounts for just a few bucks.
