<aside> 💡 This is a reference sheet for people who want to protect their projects from bots and Sybils.
</aside>
The Unique Humanity Score is our way of assigning a confidence level to an address in terms of how likely it is to be a human versus a bot or a Sybil. Currently, the threshold is set at 20. We evaluate various identity providers and third parties, which we refer to as stamps, such as our newly launched Guild stamp, which offers three credentials.
Each credential is assigned points, and we evaluate the weight of these points across all different identity providers and data we have so far, with about 450,000 individual end users using Passport. We use datasets of known Sybils and known humans to analyze how credentials are used by good and bad actors, and assign weights accordingly.
While it's not a perfect system and we can't entirely eliminate Sybils with a score of 20, the data suggests it's a good starting point. Users may choose to set a higher threshold for increased protection, but our default is currently set at 20.
It’s important to note that our algorithm for calculating the Unique Humanity Score updates regularly, and stamp weights might sometimes be lowered.
This is because we're engaged in an ongoing effort against Sybils, which can be seen as an infinite game. We establish thresholds and standards, and Sybils attempt to game these for their advantage. Our job is to continually assess the data, making adjustments to improve our effectiveness against Sybils while making it easier for genuine humans to prove their humanity.
We cater to a wide range of users. Some are Web3 natives, and we have stamps that allow them to prove their humanity easily. Others are newer to Web3, so we provide options like KYC or biometric stamps for them.
This continuous assessment leads to changes in our system. For example, we found that the POAP and GitHub stamps were easily abused. We've removed the POAP stamp for now and lowered the point total from the GitHub stamp, as we discovered that Sybils were creating their own social graphs within GitHub. They would generate hundreds of repos, share them, star them, and replicate other activities that real humans would do, thereby accumulating a lot of points.
In contrast, most of our genuine human users couldn't gain many points from this stamp, turning it into a signal of Sybil activity instead of a signal of humanity. Therefore, we made the change, and similar adjustments will continue in the future. We may introduce new stamps, remove existing ones, change weights based on data, or modify credentials. It's a continuously evolving product aimed at maximizing its effectiveness against Sybils.
The more integration partners we have, the more rapidly we can respond to challenges. We can observe an attack vector on one 'blue team', whether it's ours or a partner's, and use that knowledge to bolster defenses for all other blue teams.
Our objective is to improve the entire ecosystem, maintaining privacy while establishing data feedback loops. There's still a considerable amount of work to be done in this area. Regarding the identity providers that are part of the Passport system, we're continually seeking to add more providers, which in our terminology are 'stamp providers' or credential providers. These include identity systems like our friends at BrightID.
We aim not only to add more systems but also to improve those already in place as they gain new signals. For example, we might find that Twitter serves as a strong signal today, but two weeks from now, it might not. In such cases, we might remove it, replace it, or alter the credentials associated with it. We're constantly observing these vectors and figuring out how to enhance them.
What's really exciting is the anti-fragility of this pluralistic system. We're not only making it more robust, but we're also accelerating the feedback loops. If an attack occurs in one place, the defensive mechanisms across all other areas, even those not yet attacked, are already alerted. If we can start rapidly iterating with a broad community, we can achieve a more potent and faster immune response."
Your users may be wondering what the benefit of creating a Gitcoin Passport is beyond