Every open blockchain system has a Sybil attack problem: because anyone can create unlimited wallets for free, a single bad actor can fake “many people” with no cost. This undermines democratic governance (whales create 1000 wallets to vote 1000 times), airdrop distributions (farmers use bots to collect 10,000x allocation), universal basic income (a single person claims 10,000 UBI payments), and reputation systems (build fake credibility with fake accounts). Proof of personhood protocols attempt to solve this by verifying “one human, one identity” without centralized identity systems and without revealing who the person is. The approaches range from biometric scanning (Worldcoin’s orbs) to social graph verification (BrightID, Gitcoin Passport) to government document verification (Proof of Humanity), each with different tradeoffs in privacy, accessibility, and Sybil resistance strength.
Why Proof of Personhood Matters
The following sections cover this in detail.
The Sybil Problem
- Airdrop: Project sends 100 tokens to each wallet that used the protocol. “1000 wallets = 100,000 tokens” — even if they’re all one person.
- Governance: Protocol has quadratic voting. One whale creates 1000 wallets to vote 1000 times instead of once.
- UBI: A protocol distributes $1/day to every “person.” One person claims $1,000/day.
- Reputation: Build a lending protocol that “100 real users reviewed.” All 100 are the same person.
Sybil attacks are not theoretical — they consume billions of dollars of mistargeted airdrop value annually and corrupt governance across DeFi.
Why Blockchain Makes It Hard
- Email verification (weak)
- Phone number verification (stronger, but same person can have many phones)
- Government ID verification (strong, but requires trusting a centralized issuer)
Crypto defaults to pseudonymous addresses with no identity layer — which is a feature for privacy but creates Sybil vulnerability.
Approaches to Proof of Personhood
The following sections cover this in detail.
1. Biometric Verification (Worldcoin)
Worldcoin / World ID:
- Physical “Orb” device takes an iris scan
- Iris pattern hashed to prevent linking across contexts
- ZK proof: “I have a unique iris scan in the World ID system” → receive World ID credential
- The iris scan is not stored — only the commitment
Pros:
- Very high Sybil resistance (hard to fake iris scans)
- Privacy-preserving (ZK proofs; no name/address revealed)
- Scalable (Orbs deployed globally)
Cons:
- Biometric data raises profound privacy concerns even “hashed” versions
- Requires physical access to an Orb (availability in developing countries limited)
- Centralized: Worldcoin/Tools for Humanity controls Orbs
- Regulatory concerns in multiple countries (Germany, Spain, Brazil investigated)
2. Social Graph Verification (BrightID)
BrightID:
- Users join video calls with existing BrightID members
- Existing members vouch for new members
- Social graph analysis detects Sybil clusters
- No biometric data ever collected
Pros:
- No biometric data
- Decentralized verification process
- Works in low-tech environments
Cons:
- Vulnerable to “Sybil rings” (group of real people who all vouch for each other plus fake accounts)
- Slow verification (requires social connections)
- Less globally accessible than technology-based approaches
3. Attestation Aggregation (Gitcoin Passport)
Gitcoin Passport:
Not pure proof of personhood but Sybil resistance scoring:
- Aggregate verification stamps from multiple sources
- Each stamp adds “humanity score”: Twitter verified, Google verified, ENS owner, Coinbase KYC, BrightID verified
- Score threshold determines eligibility for grants, airdrops, voting
- Higher score = harder to fake = more permissions
Pros:
- Flexible and composable
- Works across multiple existing identity signals
- Already deployed at Gitcoin Grants (distributing $50M+ in grants)
Cons:
- Not binary proof-of-personhood — it’s probability-based
- Wealthier actors can more easily acquire multiple stamps
- Stamps can be sold or lent
4. Government Document Verification (Proof of Humanity)
Proof of Humanity (PoH):
- Upload a video of yourself holding a sign with your Ethereum address
- Existing verified humans vouch for your registration
- Challenged entries disputed on decentralized court (Kleros)
- Used for UBI token distribution (UBI token)
Pros:
- Strong identity linkage
- Decentralized challenge mechanism
Cons:
- Privacy: publicly linked video and wallet address
- Vulnerable to deepfakes
- Limited adoption globally
Applications of Proof of Personhood
The following sections cover this in detail.
Sybil-Resistant Airdrops
- Airdrop goes to verified humans, not bots
- Potentially 10-100x more per legitimate user vs. standard farming
- Used by Worldcoin, some Gitcoin grants
Quadratic Voting and Funding
- Gitcoin Grants uses Passport scores to weight donations quadratically
- Proof of personhood enables democratic governance of DAOs
Universal Basic Income
- The vision: AI creates economic displacement → UBI from AI-generated surplus
- Every human who gets an Orb scan → receives WLD tokens
- The most ambitious UBI experiment in history, if it scales
Login and Identity
Controversies and Open Questions
The privacy dilemma: Iris scans feel invasive even if “hashed.” The promise that biometric data can be safely anonymized is contested.
Centralization risk: Who controls the Orb devices and the hash database controls personhood verification.
Deepfake vulnerability: As deepfake technology improves, video and photo-based PoP becomes more attackable.
Global access: Any physical device approach has unequal geographic coverage.
Regulatory: Multiple countries have opened investigations into Worldcoin for privacy law violations. The legal landscape is unresolved.
Social Media Sentiment
Proof of personhood is one of the most genuinely contested concepts in crypto. The Worldcoin biometric approach is deeply divisive: one camp (often Sam Altman/Worldcoin advocates) sees it as essential infrastructure for the AI age — the only way to distinguish humans from AI at scale. The opposing camp sees biometric data collection by a VC-backed company as exactly the dystopian outcome decentralization was supposed to prevent. The social graph approaches (BrightID) are less controversial but have had limited adoption. Gitcoin Passport is probably the most practically impactful existing proof-of-personhood-adjacent system due to its deployment in real grant distribution. The underlying problem (Sybil resistance in permissionless systems) is universally acknowledged as important; the disagreement is entirely about which approach is acceptable. The field will likely bifurcate between privacy-maximalist social graph approaches and more adoptable (but biometric/KYC-dependent) approaches, with different regulatory environments favoring different models.
Last updated: 2026-04
Related Terms
Sources
Douceur, J. (2002). The Sybil Attack. IPTPS 2002.
Buterin, V., Weyl, E. G., & Ohlhaver, P. (2022). Decentralized Society: Finding Web3’s Soul. SSRN Working Paper.
Weyl, G. (2022). Why I Am Not a Technocrat. Medium.
Triantafyllou, A., et al. (2022). Proof of Humanity: A Decentralized Identity System. arXiv.
Resnick, P., & Varian, H. R. (1997). Recommender Systems. Communications of the ACM, 40(3), 56–58.