Decentralized Identity: Gitcoin Passport

Decentralized Identity is an area I am very passionate about and excited for. I think decentralized identity is deep enough and important enough to emerge as one of crypto’s core sectors alongside DeFi, NFTs etc. This post will be the first of a series where I map out some of the most important concepts and projects I’m aware of as I go deeper and continue to refine my theses.

Gitcoin Passport is a sybil resistance tool that Gitcoin developed to improve the legitimacy and effectiveness of quadratic funding in Gitcoin Grants. Gitcoin Passport will grow to be much more than this, and can be used by anyone who wants sybil resistance with just a few lines of code.

A Passport is a Decentralized Identifier (DID) housed on the Ceramic Network that stores a users Stamps. Each Stamp contains one or more Verifiable Credentials (VCs) from integrated identity providers such as Facebook, LinkedIn, CoinBase, Google, etc. Stamps are assigned a weight and aggregated into a score that represents one’s credibility as a unique individual.

Gitcoin Passport offers a sleek UI and straightforward onboarding process. The platform automatically picks up most available stamps on behalf of the user. Connecting to third party apps to authenticate and collect additional stamps is simple and intuitive.

Gitcoin Passport utilizes a robust scoring system for the 27 entities and 60 unique tasks/credentials. The aggregated total of points available by entity can be seen above.

There are often multiple achievements and tiers of scoring within each project, which explains some of the variance. Under Snapshot, for example, a user earns 1.41 for voting on 2 or more DAO proposals, and 2.82 for creating a DAO proposal that was voted on by others. The complete list of data points and weights can be found here.

Passports have a maximum score of 100. Gitcoin requires a Passport score of at least 20 to be eligible for donation matching with Gitcoin Grants. Personally, I find the current scoring weights to be far from optimal. Holonym, Civic, and Coinbase are much more stout defenses against sybils than ENS names, GTC holdings, or a Lens handle, yet this is not reflected in the scoring system.

I found that at least 44 points can be earned through moderately simple sybil vectors (dupe social media accounts, low tier requirements for on-chain activity). I have a Passport score of 32, largely from Gitcoin Grants donations and on-chain activity. By spending $50 on GTC, linking some socials, and holding idle ETH in my wallet, i could easily get above 40.

This is not to argue that these requirements shouldn’t be included. As a whole, these hassle-related sybil defense certifications serve as a solid top of funnel filter, preventing low effort sybil attacks. The system remains vulnerable only to the 0xSisyphuses of the world.

Gitcoin Passport’s scoring system is constructed in this way because it is tailored for Gitcoin’s community. The architecture allows Passport-gating to be implemented by other projects in a variety of ways, with custom score thresholds and custom scoring weights.

If I were to create my own rubric, I would split these data points into three categories with a minimum requirement for each.

  • Sybil Hassle – Low effort certifications to make a sybil attackers life a bit more frustrating: Facebook, LinkedIn, ENS, Snapshot, NFT holder, ETH gas costs, etc.
  • Sybil Defense – Cutting edge technology ideally incorporating zk-KYC, biometrics, and social graph solutions: Holonym, Upala, Civic (Uniqueness test), Coinbase, Idena.
  • Proof of Personhood – Civic (Liveness test, CAPTCHA test), BrightID, Proof of Humanity.

While it may be a little frustrating that Gitcoin Passport’s imperfect scoring system will be the de facto status quo as Passports gain adoption, Gitcoin Passport is undeniably one of the most important projects in crypto at the moment. As discussed in the Year Ahead report last year, I believe DeFi will struggle to progress much further without embracing SSI solutions. The more ambitious killer apps of crypto and DeFi will require additional assurances on behalf of users in order to extend the leash.

As an aggregator of identity solutions, Gitcoin Passport allows emerging identity technology a seat at the table with a test-in-prod environment while they establish themselves without shouldering too much of a burden. If the two big hurdles to embracing a new identity solution are security, effectiveness, and go to market, Gitcoin Passport instantly solves 2/3 of the big problems.

Despite the importance and scope of Gitcoin Passport, there has been underwhelming implementation outside of Gitcoin grants. On July 31, Gitcoin launched an Anti-Sybil Assembly campaign in collaboration with Galxe. Users can mint NFT rewards based on their Gitcoin Passport Unique Humanity score.

The chart may looks bearish at first glance, but Passport NFT mints are not as renewable of a resource as DEX volume. The high initial volume and overall participation rate suggest the program was well-received and users may have been eager to use their Passports for something.

Before the Anti-Sybil Assembly program, there was little reason to strive for a higher score once a user reaches 20. In theory, the majority of these Passports could be sybils, but there is little reason to game the system right now. Even without a more carefully curated scoring system, Gitcoin Passports can offer valuable context to market research metrics like Ethereum active users, which has always been a hotly debated topic.

Gitcoin Passport and associated projects are one of the most positive-sum endeavors for crypto’s growth prospects moving forward. There are plenty of ways Gitcoin’s sybil defense apparatus can start making an immediate impact on DeFi:

Communities can implement Gitcoin Passport according to their needs with just a few line of code. With as simple as it is to implement, more protocols need to incorporate and experiment Gitcoin Passport. As a community, we all need to be more proactive in building, integrating, and experimenting with identity solutions.

Leave your comment...

I believe DeFi will struggle to progress much further without embracing SSI solutions

what is SSI an acronym for?

Self-Sovereign Identity. SSI refers to identity users have complete control over. They can issue, store and permit/revoke access to credentials rather than trusting centralized entities. SSI has a lot of overlap with blockchain, but they exist outside of one another.

There is some debate on the degree to which SSI 'needs' blockchain and vice versa (there are plenty of web2 SSI products emerging from Okta, Microsoft, and startups)

The main aspect blockchain brings to SSI is a trustless, censorship resistant way to store decentralized identifiers (DIDs). The tradeoffs associated w non-blockchain DID warehousing are the meat of the debate on how intertwined blockchain and SSI are/should be.

SSI and blockchain are both young, unestablished, and have struggled with the use case problem, so im hoping both lean into the relationship as much as possible

i'll touch on this more soon!

Thanks Jordan! this was really helpful.