“Follow up question, if they verify through Holonym on Farcaster, is this a stamp they need to get periodically, or can we set it to where once they are verified, they don’t need to come back again?”
if you use our API to check validity of the user, we’ll return a false value 1 year after they verify ~ we recommend reverifying users occasionally. please note we do charge $5 right now for phone number proofs but plan to drop this cost soon. I think $1-2 dollars makes sense for phone number proofs.
Happy to see the active discussion around the topic!
The first round of using sybil-resistance with Octant gave us valuable feedback. The more generalized the problem of sybil-resistance, the harder it is to solve, so it makes sense that Passport is best used by large communities like L2. I think the combination of scores usually provides better outcomes than a single method, which is why Passport is so popular.
However, the advantage of a specific approach is that we can adapt the solution to our unique needs. I agree that there is no one-size-fits-all in this case. Solutions like Holonym or others that are directly embedded into our platform could be good options if combined with a good UX and a relatively simple verification process (like with phone numbers).
At the same time, this doesn’t negate the possibility of accepting other solutions like Passport as another mechanism people can rely on if they already have a passport or are willing to use it.
Happy to see where this discussion is going and to hear new ideas around sybil-resistance.
On Giveth, our original approach of using Gitcoin passport score of 5 was set up not as full sybil protection solution, but a 1st filter. It was used filter out the majority of bots and low-bar sybil attacks, and then we worked with Trustalabs to identify sybils that made it though the first pass, and did a lot of manual analysis then on the results.
We are evolving our system now, updating to using a dual verification mechanism - using Passport’s model based detection system, and then Gitcoin passport with a min score of 15 - as per recommendations from the passport team. We are also doing some post-round data analysis and finally calculating QF results using COCM, which algorithmically dampens the effect of sybils.
I’m basically explaining all that because I fundamentally agree with this. There isn’t a one size fits all solution for sybil protection, and you’re can never be absolutely certain that you’ll protect against ALL attacks, but having a couple of layers of friction stacked can work really well.
Users already have to do this extra step of getting GLM, staking it, earning rewards then allocating them… So I think it’s pretty reasonable to consider this a 1st layer, and you can experiment with slightly lower than recommended Gitcoin Passport scores to find the optimal balance between user friction & round protection.
In any case, doing some manual analysis on the data post-round and making observations, can help to evolve your protection system as time goes on.
Spot on, and there seems to be a lot of community alignment with what you said, that if the GP score was lowered just a bit, while having thorough analysis done at different points, would be a good enough experiment to roll with. Thanks for sharing!
IMHO it is just a matter of educating the user base. Once they understand that no private data can be leaked (just like with FaceID on your iPhone) then there is no UX that is more smooth than looking at a camera for a couple of seconds.
Explaining that data can be anonymized directly upon collection is not difficult. It can easily be audited and/or open sourced for anyone to check.
Any social, task, reputation, financial based anti-sybil protection has much higher levels of friction.