Introduction to Gitcoin Passport
Gitcoin Passport is an identity verification application built on Ceramic Network, designed to help users protect their identity privacy while providing trustworthy identification.
The project collects verifiable credentials or “stamps” (explained below) from both Web2 and Web3, enabling users to prove their real identity and trustworthiness without exposing personal information. These stamps can be used by projects to protect communities from Sybil attacks, where bad actors create a large number of fake identities to manipulate the system and gain undue influence and rewards.
Gitcoin Passport plays a key role in assisting projects in evaluating different identity providers. For example, in the Gitcoin Grants system, it assumes that each participant is an independent and genuine individual and rewards them based on that assumption. However, such systems are vulnerable to Sybil attacks. To address this, the Gitcoin team has invested significant time and resources, accumulating years of experience in defending against Sybil attacks, and has effectively protected the Gitcoin Grants program using Passport technology. This ensures that only real individuals can decide which projects receive funding.
Given their extensive experience in Sybil defense, the Gitcoin team believes it is their responsibility to help other Web3 projects protect their communities from bots and bad actors. They believe that private identity verification is a core service every project needs, which led them to develop Passport as a standalone product. Currently, dozens of identity providers use Passport to protect their communities, and it is expected to become a leading global open-source identity verification protocol in the future.
What is Gitcoin Passport?
Gitcoin Passport is an identity verification aggregator application where users can collect “stamps” from various Web2 and Web3 verifiers. Examples include: Holonym (KYC, Know Your Customer), Civic (biometrics), Google and LinkedIn (Web2), Snapshot (Web3), as well as specific models that score wallets based on Web3 transaction history.
Passport is privacy-protecting. When users link different stamps to their Passport, a verifiable credential is created proving the user has performed specific activities without collecting any personally identifiable information. Essentially, it is a unique decentralized identifier (DID) associated with the user’s Ethereum address, stored on the Ceramic network.
What is DID (Decentralized Identifier)?
Introduction to DID
In the Web2 era, identity management primarily relied on centralized platforms like Facebook and Google. These platforms controlled user data and identity information, often using or sharing this data without user consent, which posed significant privacy and data security risks. Moreover, users needed to create different accounts and passwords for each platform, which not only created management difficulties but also led to fragmented data that couldn’t be effectively integrated.
To address these issues, DID (Decentralized Identifier) emerged as a decentralized identity management technology that gives users full ownership, control, and management of their digital identity. By using cryptographic technology, DID can prove a user’s identity and authorization without revealing any personal identifying information, thereby protecting privacy and enhancing data security.
DID Features:
-
User control over identity and data: DID empowers users to control their identity and data completely. Data (such as transaction records, NFTs owned, etc.) is fully controlled by the owner, without relying on any centralized third party.
-
Privacy-protecting identity verification: DID allows users to verify their identity while protecting privacy, providing only necessary proof without exposing more personal details. For example, users can prove they are of legal age without disclosing their exact birthdate.
-
Data integration and reputation management: In the Web3.0 era, users can log in to different platforms with a single wallet authorization. This not only simplifies identity management but also consolidates the user’s digital footprint under a unified identity. This data integration helps build a more complete reputation system, such as the user’s risk preference and loan repayment ability.
Challenges of DID:
-
Privacy vs Transparency: While users have control over their data, the public nature of blockchains means that all transactions and actions can be traced, potentially compromising privacy and even threatening personal security.
-
Blockchain message silos: While DID aims to unify on-chain and off-chain identity, the barriers between different blockchains make it difficult to integrate identity information, creating information silos and affecting unified management of identities.
-
Insufficient incentives for identity value: Current DID systems quantify user behavior into “credentials,” but their value depends on community consensus. If credentials aren’t widely recognized, their practical value is limited, which may reduce user participation motivation.
What is a Sybil Attack?
Introduction to Sybil Attacks
A Sybil attack is a type of network attack where an individual creates numerous fake identities (such as fake accounts) to influence or manipulate the network. Sybil attacks are common, such as using multiple dummy accounts to vote and influence outcomes, increasing the chances of winning in lottery events through fake accounts, or posting fake reviews and creating false interactions online.
Risks of Sybil Attacks in Blockchain
Blockchain is a decentralized system that relies on many nodes to process and store information, which also confirm transactions and package blocks. However, if most nodes are created by the same person, the seemingly decentralized system becomes centralized, making data storage no longer truly distributed. Malicious actors could potentially control the majority of nodes to conduct a 51% attack or manipulate voting results, further compromising the security of the blockchain network.
For example, project owners may reward early users via airdrops, or use them for marketing purposes to raise awareness. Similar to real-life situations where restaurants offer rewards for check-ins or raffle tickets, if all the raffle tickets are claimed by the same person (or their aliases), the restaurant fails to achieve its original marketing objective, and the rewards and incentives are unfairly claimed by specific individuals.
Gitcoin Passport and Decentralized Identity Protection
Gitcoin is a fundraising platform for the Ethereum ecosystem, offering a variety of services such as Bounties, Hackathons, and Grants. Gitcoin Grants is the core feature of the platform, where users can donate funds to various open-source projects. Many well-known blockchain projects, such as Metamask, Aave, and Uniswap, have received funding through Gitcoin. Occasionally, these projects may offer “retroactive airdrops” to early donors as a token of appreciation for their support.