An Internet for Humans: Proof-of-Personhood Explained

Identity is one of our most fundamental human rights. In the age of surveillance, commodification and centralization, it is under threat.

AccessTimeIconOct 27, 2020 at 7:27 p.m. UTC
Updated Sep 14, 2021 at 10:24 a.m. UTC

Identity is one of our most fundamental human rights. Yet, in the age of surveillance, commodification and centralization, it is under threat. Edward Snowden said it best, "The one vulnerability being exploited across all systems is identity."  

If the “State is the monopoly on violence,” as Max Weber once defined it, then the surveillance state (or surveillance capital) is the monopoly on identity. In this time of rising surveillance capitalism, entrenched surveillance states and, more recently, the plutocracy of blockchain networks, this monopoly has never been more important to break. Despite the growing public awareness of these issues, there is little discussion of the fact that these seemingly disparate phenomena all trace back to identity. Authentication systems are the key pathway through which these networks lock-in their subjects into extractive, scarcity-based, economic and social contracts. 

Paula Berman is a co-founder of Democracy Earth, a nonprofit researching and building open source software for governance and identity. Divya Siddarth is a researcher at Microsoft’s Office of the CTO, and also with the RadicalXChange Foundation. She works on a broad range of research and applications in the space of participative technology and democratized governance.This article is part of CoinDesk's "Internet 2030" series, an examination at the technologies developed today that will power the economy of tomorrow.

Major internet platforms such as Facebook, Twitter and Google established themselves partially by achieving a sufficient level of consensus over their legitimacy as credential providers – taking over a role that has, in the modern era, been the exclusive purview of the state. Despite their many faults, Web 2.0 platforms formed a new, networked social infrastructure for humanity, or a layer of trust where a myriad of social applications were built. 

This new global identification system outside of strict state control bred a new kind of digital, participative politics. Yet, the underlying architecture and ownership structure of these centralized identity protocols exposed society to surveillance, political manipulation and data theft. Consolidated credential mechanisms today all implement practices that require the disclosure of personal and private information to an identifier. Eventually, this wealth of data accrues into credential monopolies, a perfect apparatus for anti-democratic practices. 

Despite initial excitement, we find that blockchains simply have not deviated much from these norms. Most crypto networks validate membership by employing either proof-of-stake, which requires ownership of a given cryptocurrency and results in a "one-dollar-one-vote" governance model, or proof-of-work, requiring ownership and use of mining hardware, and resulting in a "one-CPU-one-vote" system. These are not truly consensus mechanisms, as they are usually referred to – to determine how members vote, Bitcoin employs the Nakamoto Consensus while Ethereum uses GHOST – but instead are identity solutions, or credentialing mechanisms that grant membership and governance rights over these networks. Based on the possession of scarce resources, they are prone to monopoly formation, creating plutocracies and re-centralizing power within systems originally conceptualized as distributive and free. 

Clearly, these systems understand that identity is a crucial part of the problem, but have not yet provided effective solutions for a human-centered, empowered and democratic society. Authentication mechanisms fundamentally shape socioeconomic, sociopolitical and socio-technical systems – and if there was ever a time to spotlight it that time is now when those systems are breaking. 

While Web 2.0 served, to an extent, to democratize content, it failed to drive meaningful political inclusion.

Providing such a spotlight was the intent of our recent review focusing on one of the most enigmatic problems in cryptography: proof-of-personhood protocols. These are new types of privacy-preserving authentication mechanisms that aim to shield digital networks from identity fraud, a pursuit that could have profound political and economic implications. 

While Web 2.0 served, to an extent, to democratize content, it failed to drive meaningful political inclusion, partly due to a lack of protections against the creation of fake identities. Online votes can be, and often are, attacked by illegitimate accounts. Blockchain networks have similarly decentralized the creation of money, but the possibility of distributing this value equitably (e.g. in the form of a Universal Basic Income) was equally hampered by the lack of robust identity frameworks that could safeguard these currencies from attackers creating fake accounts to obtain more than their fair share of value. Addressing this foundational problem is the raison d'etre of Proof of Personhood. 

Key to understanding how this type of protocol operates (and why it's so improbably exciting!) is an old unsolved challenge of the internet. You might not have heard of the term "Sybil attack" before: It’s been a pervasive problem, with iterations ranging from SPAM attacks to automated disinformation through bots. Once thought to be impossible to overcome, this type of vulnerability is present in scenarios where, lacking any intermediaries that can verify identities, anyone with sufficient resources can attack and control a network by joining it with multiple, illegitimate virtual personas. 

In the context of identity, this threat was best synthesized by Vitalik Buterin, who referred to it as the "unique human problem," or the challenge to ensure that each unique person can only create one account within a given domain. In that sense, anti-Sybil identities are not designed to obtain any particular information about users, other than that they are not defrauding the protocol with fake accounts. By focusing on this specific quest for “uniqueness” (also known as Sybil-resistance), proof-of-personhood shifts the prevailing perspective on authentication. Instead of asking "who are you" – and then unilaterally exploiting and monetizing that personal data – it limits itself to "is this the only account you control?" 

The result is nothing short of extraordinary: a digital web of humans, emancipated from identity intermediaries. 

To formalize such unique online personas, new solutions entirely abstract objective markers of identity (such as name and nationality), which can easily be controlled, aggregated, repackaged, manipulated and subverted; instead favoring the use of subjective, human inputs (such as interpreting, conversing, or vouching), which are more elusive, and more impervious to undue interference. 

The first generation of solutions for these types of threats converge under the CAPTCHA test, which was designed to protect platforms from bots or DDoS attacks. Yet, the crucial problem with CAPTCHAs is they are algorithmically generated, and thus can always eventually be solved algorithmically. In fact, each of our responses to these tests is utilized to train the pattern recognition capacities of AI, so these systems are effectively facilitating a perennial stream of information that flows from us humans, towards machine intelligence (and Silicon Valley overlords). 

Some proof-of-personhood protocols are designed to directly invert this logic: instead of being generated and solved by computation, they are created and unlocked exclusively by the distinctive cognitive abilities of human brains. Such tests work with common-sense reasoning or cooperative games, which are  easy for humans to perform but difficult for AI to replicate. A prominent example here is Idena, a fully decentralized blockchain in which members gather periodically for authentication ceremonies where they solve the FLIP test, and earn token rewards for proving unique personhood. Having established a network where every node corresponds to a unique human (currently at 4,556 members), Idena is already being utilized as a base for Universal Basic Income and decentralized governance applications. 

See also: Finn Brunton – A Day in the Life of the Splinternet

On the other end of the spectrum, we have Web-of-Trust-type solutions, such as BrightID, where members vouch for each other and different applications can establish their own parameters to analyze the resulting social graph and determine which identities they consider to be unique. Additional strategies include formalizing credentials in offline gatherings ( and Duniter), deriving metrics from DAO participation (Upala and Democracy Earth's Equality Protocol), using crypto-economic incentives to reward legitimate behavior (HumanityDAO) and even distributed digital courts where randomly selected jurors adjudicate cases in which the legitimacy of an identity is contested (Kleros). 

What unites these different approaches goes beyond a strong emphasis on privacy. In contrast to hyper-individualistic applications such as dark markets, where anonymity comes at the expense of accountability, these protocols are designed to foster prosocial, community-oriented behavior, where both users and applications are significantly limited in their ability to exploit and attack each other. 

Paradoxically, the constraints they impose lead to unprecedented levels of both individual and collective agency. For the first time, they are creating a viable framework for social applications to be constructed upon an enduring bedrock of collective agency, consent and data dignity. In doing so, the heightened assurances and social richness of the offline world can be harnessed by online environments – moving them away from the current wild west paradigm of power concentration, inaccessibilities, fake identities and distorted social signaling. This dramatically expands the pathways through which trust can be consolidated in our increasingly digital societies, which could lead to a new, innovative iteration of the networked social infrastructure that was once created by the social media credentials of the Web 2.0. 

Identity isn’t just objective, it is also subjective. As we experience and live it, identity is a rich patchwork of interactions, perceptions and intersectionalities.

With the exception of protecting against digital feudalism, there are no specific economic models or ideological inclinations that are embedded into proof-of-personhood protocols: they provide fertile ground for a diverse and pluralistic online ecosystem. 

However, in their earliest applications, proof-of-personhood networks are already manifesting several of cypherpunk's most far-fetched dreams. Universal Basic Income cryptocurrencies, peer-to-peer democracies and public goods funding are simply a few of these newly piloted applications — which are now for the first time operationally possible. Human-only networks make space for cooperative and collective modes of economic functioning, rather than the default of extraction and individualism. We note, of course, that these are currently operating on reduced scales, still either too-fragile or too-complex for widespread adoption. That said, their creation is opening a path where alternatives to Surveillance Capitalism can be crafted with solid incentive systems and enduring economic foundations. 

Crucially, these alternatives counter the logic of what we might call AI Realism (after Mark Fisher’s capitalist realism): the belief that our current surveillance apparatus, and the political economies that have come to support themselves upon it, is the only possible paradigm for technological, economic and political development. Some even have the audacity to describe surveillance as an evolutionary process, where humans will eventually merge with centrally-controlled AI!

Infused with this type of thinking, current discussions surrounding how to address these challenges either point to the inherently defeatist path of regulation or the narrowly liberal response of paying individuals for their data – mechanisms that can legitimate the rendering of personal experiences as behavioral assets "for the sake of others’ improved control of us," as Shoshana Zuboff warns. These solutions seem to ignore that the situation at hand cannot be reduced to the traditional domains of "monopoly" or "individual privacy" but instead concern the fundamental protection of our collective human agency and value – the ability to give or deny consent, to move beyond atomized ownership and to fully participate in society. 

The so-called objective conception of formalized identity leads to similarly rigid, individualistic, and mechanistically driven political economies. But identity isn’t just objective, it is also subjective. As we experience and live it, identity is a rich patchwork of interactions, perceptions and intersectionalities. 

Formalizing identity in the subjective sense allows for new modes of coordination and collectivization, different formations of digital communities with real, effective and open governance, and the ability to selectively or wholly bring ourselves into new spaces and prospects. 

Striving for these possibilities is the imperative task ahead of us. While surveillance capitalism and the ideology of AI bear a worldview that downgrades human value and dignity in favor of machine learning algorithms, proof-of-personhood protocols based on subjectivity enable us to reorient our systems from a technocratic and mechanistic paradigm. We move towards enshrining the attributes that make us human: our collective, unpredictable and diverse set of needs and innovations. In doing so, they counter the misleading logic of AI realism by formalizing a structure for flourishing, regenerative and newly possible human futures, where subjectivity is not only employed as a necessity, but as a strength. 



Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.