Create a Decentralized Passport in Three Minutes! Gitcoin Passport Quick Guide and Vulnerability Analysis
#623
GM,
Today’s introduction is a bit longer as I have two announcements to make. The Chinese edition of the book Read Write Own, which Blocktrend has recommended several times, is officially on sale. I also have two copies to give away to paid members. The deadline to enter the giveaway is August 10th (Saturday) at 24:00.
In addition to the previous reasons1 for recommending the book, if you purchase it from Books.com.tw, you'll receive an exclusive "Generative Art Card" as a bonus. This card is not just a regular bookmark; it’s a premium card embedded with NFC. By simply tapping it with your phone, you can connect to your wallet and claim the NFT for the book. Each card costs nearly 1,300 TWD to produce, making it a great deal when you buy the book. The Generative Art Card is a limited bonus, so I highly recommend adding the book to your cart right away. Please note that the Blocktrend giveaway only includes the book, not the card.
The second announcement is about an upcoming event. Blocktrend recently received a small grant from Coinbase Exchange to host a Base Meetup in Taiwan. This will be the first physical Base gathering in Taiwan and also the first event in Taiwan funded by Coinbase. I plan to hold a workshop where attendees can get hands-on experience with different wallet creation and recovery processes, including Coinbase’s newly launched Smart Wallet. This event is expected to take place in September, with members getting priority registration. The exact location and time will be announced later. Now, let’s dive into the main topic.
The coming week will be the most active period for Web3 public funding activities. Two of the world’s largest public funding platforms, Giveth and Gitcoin, are hosting quadratic funding events. Whether you want to support your favorite projects or position yourself for potential airdrops, this article will help you reach your goals faster. This is especially true as the decentralized passport Gitcoin Passport has improved.
Public Funding
In the blockchain world, everyone can create countless wallets. Managing different wallets based on their use cases can help protect personal financial privacy. However, when it comes to voting, having multiple wallets per person can become problematic.
Many decentralized autonomous organizations (DAOs2) adopt a "one token, one vote" rule to address the issue of unlimited wallets. However, this shareholder-like voting system often results in outcomes where the wealthiest participants win, which may not be suitable for all situations. Particularly in matters involving public interest, both the poor and the rich should have equal rights. If the digital world is to achieve "one person, one vote, with each vote equally valued," it first needs to establish a unique online identity for individuals.
A centralized approach is not difficult. By linking to national ID cards and connecting with the Ministry of the Interior’s database, each person could have a unique identity. However, national ID cards rely on closed databases, making it nearly impossible for them to serve as on-chain data. This is why Taiwan's Ministry of Digital Affairs is working on creating a digital wallet3, aiming to become the foundation for collaboration between the government, businesses, and the open web.
The decentralized passport, Gitcoin Passport, started even earlier4. It assumes that there is one person behind each wallet, but whether they are real or not is unknown. Gitcoin Passport assigns each wallet a "humanity score" that other applications can reference.
For example, if I were to host a book giveaway, due to the low value of each book, I might set the humanity score threshold at 5. Wallets with a score higher than 5 would qualify for the giveaway, while those with a lower score would be deemed bots and disqualified. When organizing a giveaway, I could further verify participants by checking their name, email, or shipping address to determine if they are real people. However, in online public funding events hosted by Giveth and Gitcoin, the Gitcoin Passport score is the most critical factor.
That said, Gitcoin Passport has also become somewhat "notorious." Readers who want to donate just $1 to Blocktrend often find themselves spending a significant amount of time earning their score. Although I didn’t design the system, even I feel a bit guilty about it.
Fortunately, the Gitcoin Passport system has been improving. This time, Giveth requires a wallet score of at least 15 points for micro-donations to count. In the past, unfamiliar users might have needed to set aside 3 hours to successfully navigate the process and reach 15 points. Even when I helped my family members, it took an hour. But with the recent adjustments to Gitcoin Passport, I’m confident that most people can now complete the process in under 5 minutes.
Speedy Guide
Gitcoin Passport functions like a stamp collection passport. Each stamp represents a verification of being a real person, earning you a corresponding score. Previously, users had to manually collect stamps, each offering only a small amount of points. The rationale behind this design was simple: the more tests a wallet passes, the higher the likelihood that the person behind it is real. However, in hindsight, this approach seems like something dreamt up in an air-conditioned office—it had the opposite effect.
The passport raised the barrier for participation, effectively shutting out individuals who genuinely wanted to contribute to public funding. After all, who would want to spend 3 hours proving they’re real just to donate $1? In the end, the only ones willing to invest significant effort and resources were “troll workrooms.”
Fortunately, the lessons from Gitcoin Passport didn’t go to waste. It became clear that the higher the participation threshold, the more uneven the distribution of public funds might be. Recently, Gitcoin Passport introduced three major improvements to lower the participation barriers for real people:
Introducing New Mechanisms
Adjusting the Weight of Scores
Automatic Score Updates
If you’re already experienced with wallets, you might not need to do anything to score a quick 15 points. One of Gitcoin Passport’s stamps is based on the wallet’s activity, such as how much gas fee has been spent and the frequency of transaction history. After all, zombie wallets are like zombie accounts on Facebook—completely inactive.
Additionally, gas fees and transaction history are readily available on the blockchain. As long as the Gitcoin Passport engineers establish the right metrics, users don’t need to provide identification documents; the system can "guess" whether the person behind the wallet is real. The fact that no action is required makes this the fastest experience possible!
However, this stamp might not be very friendly to beginners. Does only using a centralized exchange mean you’re not a real person? Therefore, Gitcoin Passport has designed other stamps as well. Verification records from exchanges can also serve as proof of identity. This is done through an authorization method similar to social login. Currently, Gitcoin Passport supports Coinbase and Binance.
For Taiwanese users, creating a Coinbase account is fraught with difficulties. I personally struggled for months and still haven’t found a fully English document that Coinbase accepts. The most user-friendly method is to obtain a Binance Account Bound Token (BABT). According to Binance:
The Binance Account Bound Token is a credential for users who have completed Binance’s identity verification process. It is a Soulbound Token (SBT), meaning it is non-transferable, can only be revoked by the issuer, and each Binance account can only hold one token on one chain.
The process of obtaining a BABT is incredibly simple. If you already have a Binance account, just connect your wallet to this screen and pay a 1 USDT fee with your Binance account to receive the token. Just obtaining this BABT will give you 16.02 points, instantly making you a verified real person according to Giveth!
There will certainly still be people who say, “So if I don’t use a wallet or have an exchange account, I’m not a real person?” At this point, Gitcoin Passport can be said to embody the spirit of the multiverse5 by allowing you to obtain 16.03 points through Holonym, a service that verifies your identity using your passport and a selfie. Holonym claims to use zero-knowledge proof technology to protect data privacy, and the cost of obtaining the verification is only about $5 worth of ETH. If the practicality of Gitcoin Passport continues to grow, this could prove to be a very worthwhile investment.
You only need to choose one of these three stamps to easily score 16 points, surpassing the 15-point threshold set by Giveth, without the stress that used to come with it. However, I believe Gitcoin Passport still has significant room for improvement and numerous vulnerabilities, especially when it comes to ensuring that each person can only have one passport.
Vulnerability Analysis
The biggest flaw in Gitcoin Passport lies in the inability to cross-verify between different stamps. If I have both Coinbase and Binance accounts, I can link each to separate wallets, A and B, creating two "real" wallets with over 15 points each. If I’m willing to submit my passport, I could create yet another wallet. Three wallets easily surpassing 15 points, yet all controlled by a single person.
The idea that one person could have multiple “real” passports sounds odd, but it does protect user privacy. Thankfully, Gitcoin Passport cannot trace a user’s real identity from the stamps; otherwise, it would be akin to making users’ identities publicly visible on the blockchain. People also worry about the additional risks of cross-verification of data.
For those used to centralized systems, Gitcoin Passport might seem like a completely flawed mechanism. The fact that one person could have three real passports sounds like a joke. But in reality, it’s a trade-off. Centralized systems choose to be closed, offering the benefit of high control but at the cost of poor interoperability with other applications. Decentralized systems choose openness, maximizing the potential for collaboration with external entities, but at a significant downside.
From another perspective, while it might be easy for someone to have three passports now, having ten passports would already be difficult. Gitcoin Passport’s future goal is to continue reducing this number. One day, it will become very challenging for a person to hold more than three valid passports. This is the ideal state of the decentralized world—damage control within an open system, rather than overreacting to the issue.
Going back to voting activities—if an ordinary person like me can hold more than five valid passports, using just one of them to participate in public funding votes is almost too modest. The most practical approach might be to temporarily consider the "everyone has five passports" scenario as an industry norm. While this might seem like encouraging cheating, I believe it’s worse to ignore the elephant in the room. We should instead encourage people to create more valid passports under current conditions to avoid being at a disadvantage, while also keeping an eye on Gitcoin Passport’s ongoing improvements.
I invite everyone (with some extra time, create a few more passports) to use $1 in loose change to support your favorite projects on Giveth and Gitcoin.
Blocktrend is an independent media platform sustained by reader subscription fees. If you find Blocktrend's articles valuable, we welcome you to share this piece. You can also join discussions on our member-created Discord or collect the Writing NFT to include this article in your Web3 records.
Furthermore, please consider recommending Blocktrend to your friends and family. If you successfully refer a friend who subscribes, you'll receive a complimentary one-month extension of your membership. You can find past issues in the article list. As readers often inquire about referral codes, I have compiled them on a dedicated page for your convenience. Feel free to make use of them.