Using Holonym + Gitcoin Passport for Private Sybil Resistance and the Public Good

How can we improve resistance to Sybil attacks?

Bot armies are one of the biggest problems in the internet, and web3 rewards bots even more

We need a strategy to combat fraud and bot assaults, specifically improving our Sybil resistance: the principle that each individual should only have one opportunity to act, regardless of their wealth or the number of bots under their control. Achieving complete Sybil resistance is challenging. We can’t completely eliminate fake accounts or prevent every type of crime. However, we can make creating a Sybil account so costly that Sybil attacks become highly unlikely. You’ll soon realize that the fusion of zero-knowledge (ZK) identity and Sybil resistance can do more than just limit bot activity. It can also serve a political purpose, introducing democracy and privacy where they were previously unattainable.

Sybil resistance is the property of being resistant to multiple “Sybils” representating the same person. I.e., an unnecessarily complex way to say “bot resistance.”

Every method of Sybil resistance has its own pros and cons. Some offer robust protection but come with a complicated user experience, while others may be weaker but user-friendly, like signing in with Google. Gitcoin Passport doesn’t discriminate when it comes to Sybil resistance methods. It lets users blend different methods. Thus, the landscape of Sybil resistance design is multifaceted, shaped by user experience, security, and privacy factors.

The collaboration between Holonym and Gitcoin Passport significantly raises the bar for forgery. This is because it takes the best aspects of government IDs (proof of identity) without the negatives (it keeps your identity concealed).

Government IDs are strong sources of anti-sybil information, but should only be handled with strict privacy gaurantees.

Government IDs provide strong Sybil resistance and secure trillions of dollars in government benefits every year. They even, and to some extent, secure voting systems in large democracies. They are quite tough to falsify. Faking often them results in fines and jail time. Identity theft, however, is far riskier than forgery. The penalties for ID theft can include huge fines and up to 15 years in prison in the U.S. This deters people from launching Sybil attacks on government systems. Even those who do so usually operate on a small scale due to the difficulties in executing large-scale identity theft.

But simply digitizing government IDs isn’t sufficient. Using a government ID for Sybil resistance risks exposing all your personal information. Linking them to your public blockchain activity makes matters worse! Large financial institutions like Equifax have experienced data breaches, resulting in leaked social security numbers. If such giants can’t protect user data, imagine entrusting your data to hundreds of decentralized finance (DeFi) and Web3 sites for KYC…

New cryptographic techniques enabling private computation open up an exciting design space. Holonym employs zero-knowledge proofs, a type of cryptography that lets you validate facts about your identity without disclosing it. By proving specific relationships between hidden and public polynomials, the combination of Holonym and Gitcoin Passport significantly increases the cost of forgery. It brings the best of government IDs (proof of ID) while keeping your identity concealed.

A setup using zero knowledge proofs to provide credential-gated services without identifying any user

Government IDs aren’t always needed to show you’re a unique human

Government IDs aren’t the only solution for Sybil resistance. Sometimes, you don’t need government-level security but prefer a seamless user experience. Holonym also offers phone number-based Sybil resistance, providing an improved user experience without compromising security. Moreover, if you don’t want to reach for your phone, Gitcoin Passport allows you to use a Twitter account with a reasonable follower count or a Google account that appears to belong to a human. It even supports sign-in-with-ethereum if you demonstrate human-like on-chain activity. If you prefer a fully decentralized option, you can use Proof of Humanity or BrightID via Gitcoin Passport.

It goes byeond just bots

Gitcoin Passport and Holonym are about more than just providing a flexible and secure toolkit for Sybil resistance. They’re political tools enabling democracy and privacy. Lobby3 DAO, founded by Andrew Yang, illustrates this perfectly. To comply with the law, it must ensure all its users are from the U.S. To achieve this in a privacy-preserving, value-aligned way, it helped create Holonym, commissioning a protocol for on-chain proof-of-residency that respects privacy. This privacy is vital for politically sensitive subjects and citizens.

Other applications include geographically bound DAOs, age-gated DAOs, and ensuring internet safety for minors in line with European regulations. These tools are also ideal for privacy-conscious parents. Quadratic funding is now expanding beyond public goods funding for Web3. For instance, Gitcoin recently held a funding round with UNICEF on its Grants Stack platform. As quadratic funding scales up with non-Web3 audiences, zero-knowledge decentralized identity can help prevent Sybil attacks, and facilitate compliance in collecting large donations and screening politically risky donors.

The blend of Sybil resistance toolkits and ZK identity will be a powerful asset in making the internet safer and more trustworthy. With this, quadratic voting can achieve mainstream adoption, individuals can maintain privacy on the blockchain, and political groups can organize compliantly, safely, and anonymously in the third iteration of the internet.

Part II. Improving your Passport Unique Humanity Score using Holonym.

To improve your Unique Humanity Score on Gitcoin passport, first you want to verify your identity:

To get a Holo ID, do the following steps.

1. Head to app.holonym.id and connect your wallet.
2. Hit verify

3. For usage with Gitcoin passport and strong Sybil resistance, use your government ID. Otherwise you can just verify your phone number without ID documents, and the protocol will check whether it’s a burner. We do not store your personal data; your identity is protected with zero-knowledge proofs.

4. Follow the steps on the screen to first enter your phone number, then verify your ID or phone number, depending on which option you choose in step 3

5. After following the above steps, you should have a Holo. To donate with Gitcoin, you need to do one more thing: prove you’re a real, unique person.

Proving you are a unique, real human

Note: You don’t have to trust Holonym to keep your data safe. For an extra layer of super-privacy, you can optionally waiting a week, or longer, before doing this step. That way, the company who verified your ID cannot try to guess your wallet address by when you proved compared to when you verified with them. But for most users, that’s a pretty remote concern, and even if you prove right away, your identity and data are kept private.

1. Head over to the prove tab

2. Select unique personhood proof with your government ID

3. Generate the proof

There you go. Now it can be used with Passport

How?

To use your newly-minted Holonym ID with GTC Passport

• Head to passport.gitcoin.co
• Connect to your wallet associated with your Holo ID
• Find the Holonym stamp
• Click add stamp

Notice your Gitcoin Passport Unique Humanity Score increase! You have proven you are a unique human, without doxxing your wallet address 🌈✨