Online Sybil resistance and KYC project

Hello ICON community. Sorry for sharing this very late to the application period. We like to get thin in this cycle since our schedule and everything is around that, but we can discuss the details and make it work for next term too.

The goal is for creating Sybil resistance for projects. It can be utilized for whitelists, earn-to-play games, compliant defi, and many more areas. There are many similar products in the area, but none of them exactly do what we aim for here. They can give some ideas on what we are building here. Examples can be world coin, ens, civic, and quadrata. Why it’s essential for the community. There are many aspects, but when there is money to gain, people go around many ways to game the system and maximize their gains. These can be bot’s multi accounts or other ways to exploit a system. We are confident we found the best solution to all of these problems. As a B2B product, we are also convinced of profitability. All these aspects make this project exciting for us. We hope you feel the same way. For the full proposal and details, please check out this document KYC app - Google Docs

Hello!
You write very good things! My view is that many people only want to deal with cryptocurrency because of the wealth. There could be more articles where a video could be used to show a little better what the icon network is and why it was created. The metaverse is starting to spread, I would go along this line. Is there a metaverse project on the icon? I haven’t heard of it… I really like Studio Mirai, I think the NFTs are quite unique. In many places, you can already stake the NFT, which is quite a good thing, the value of the NFT increases and you even earn money with it. Go ICON :muscle:t2:

2 Likes

First of all, i have to agree with Mrallin2 that a lot of people are in crypto for the money first. A lot of them will also like the tech and the idea’s behind crypto, but i still think people also want to earn money with it. At least this is the case for me.

I like the idea for some kind of identification to prevent gaming the system, and have seen some already (like the CREW3 system, where tasks are connect to your Discord account). Looks like you are going for a universal solution, that would be great. Have to admit i don’t understand al the technical details, but for the end-user that also shouldn’t be necessary. I like the idea of connecting a wallet to a social media identity like Discord. That also should be enough, I wouldn’t have my wallet connected to my real-life identity, that is a step to far. Also it’s important that other people can’t identify your wallet with the help of your Discord account. What i mean is that other users shouldn’t be able to see the connected wallet.

2 Likes

I think this is a fantastic idea, lots of companies are thinking strongly about this and ICON should be no different, there have been many a case where people use multiple accounts to get ahead of the crowd and earn more money unfairly. It doesn’t just go for games but has multiple use cases across the board where this can be applied.
If there was a one stop solution for a whole ecosystem this would make it perfect, as we also want the ux to be as seamless as possible.

For a B2B model, you could charge a maintenance fee, onboarding fee, or fee per user base which would incentivise the project to be careful about their approach.

Overall, love the idea of it!

1 Like

Great idea :bulb: but need to work more.

Great idea. Very good initiative. Good luck.

Hello Emre, I think your project is a good step forward for a saver community, especially for the less experienced users like me. Keeping the trolls, bots and scams away will make the overall use far more pleasant. I wish you good luck with this project.

1 Like

I think this is a bold undertaking which is desperately needed in the the crypto World. However before being going forward, I would like to see a think-tank of people trying to figure out more loopholes in the system besides the one mentioned in your paper that would cost bad actors money. I know of many big brand names such as Nike, BMW, VeVe etc, who have tried and failed to fix being heavily botted. Whenever something pops up to block/reduce bots, they inevitably find a way round it. Finding and plugging holes as many holes as possible before others discover them would go a long way towards building confidence and momentum in the project.

1 Like

From the fact that there are many similar products in this area, it’s clear that there is demand. Within the ICON community, have you talked to people who lead projects/discords whether they are interested in the alternative you would provide, and would they be willing to publicly endorse this effort? If you are building a tool, it would be good to have an idea how to attract clients to use it, ideally also outside the ICON community where I expect the competition to be fiercer. It’s not entirely clear to me how your tool is different/better than the alternatives, I would be interested if you could shed some more light on this.

1 Like

I’m not familiar with the technical side of things but any form of identification to stop gaming of a system is a win in my opinion. There’s far too many bounty hunters and spammers out there that will do anything for a quick buck. There’s more and more systems that require connecting of your accounts to it as a proof of identity and it’s great to see it’s being considered within the ICON ecosystem in more detail

1 Like

Hi!

I personally think that this is a good initiative as it will minimize the use of multi-accounts to exploit the system. It will help us have extra protection against people that has an intention of doing things that are not ethical for the community. This will also lessen spam on different channels which will help us grow the community organically by having a way of maintaining users for our ecosystem as it will establish the user’s identity on-chain.

Also, I think we can use this also for the upcoming project releases on the ecosystem as it will provide KYC for the current and new users.

1 Like

I agree with the general idea and echo the need for a solution. As others have stated, I do think more discussion is required to address further potential loopholes. Having a rushed discussion for the sake of not missing out on this funding round, isn’t the right call imo.

1 Like

Absolutely for Sybil Resistance as long as the KYC isn’t related to a real-life profile.
I’m not interested in risking my personal data if/when hacks occur.

Being an early player in Project Nubula with only 1 account proved how people using multiple accounts and/or BOT’s made the game completely unfair for the average Joe. I’m sure there are many other use cases well above my knowledge grade.

I believe in the crypto space for what blockchain technology can do for the world. BUT! I’m here to make money 1st and foremost and support good projects trying to bring real technology and use cases into the mainstream.

1 Like

I agree to this comment. 1) Most of the people are in crypto for making money. 2) There is definitely a big need of a product to stop bots. I always thought crypto is unique because of it’s blockchain transparency and it can provide fair circumstances to build and use services/products… 3) i can understand that using kyc can beneficial but you have to be really careful with risking personal data… that for me would probably be a reason not to use such services or products… in combination with a twitter, or discord verification i can live with that and i think is a good step in the right direction

1 Like

I think reducing bot activity is definitely a step in the right direction for the many projects connected to the ICON ecosystem who have built solid communities within Discord for example.

I also echo other peoples sentiments about connecting KYC to a Discord profile as opposed to a real life social media account, to give peace of mind to the user.

Plus learning how other companies have dealt with bot accounts in the past sounds good (also mentioned by someone in the replies already)

1 Like

The crypto space needs solutions like the one you are planning. There are bots everywhere: discord, telegram, twitter. It’s disgusting for us as real users when we join a channel and immediately get spam messages from bots. The Sybil resistance is very important as well, so keep working on that.

1 Like

It seems to me that all the ways to integrate the concept of private identity is essential for web3 and the right way to go. Anyway, at Polkadot we already have a project focused on identities, Litentry, don’t you think it would be good to take advantage of it?

1 Like

Love to see the bot’s taken out for being abused. Hate to see this happening on other chains and it’s such a pity and gets in the way of bigger adoption.

That’s a good step to take. Sybil attack is always one of the challenge of any project cos it prevent real and organic participants. KYC will help protect investors and overall good of the project. So go for it

While I am not 100% sure how crew3 works we are more like a layer in front of the authentication. In long term, people in the crew3 can use our solution for login to crew3 or this might not even be needed at all because people can make their servers only accessible for people verified by our service so since they are not in the server they can’t utilize crew3(while I think it’s very early for these). There is a lot of possibility.

There is always a way, yes. Our system strength is you can’t fake it. If you are malicious, you are permanently banned. There is no way to return. The issue is you can give people money to get verified for you. Our difference is single verification is not enough for the very important stuff in the future app/protocol/server. Whatever uses our service is able to ask for verification. Since you can’t keep maintaining communication with some random people, you pay for verification anytime you need. For stuff like that, you need to hire them full-time. At that point, I don’t think it’s not feasible but if it is yes, there is not much think we can do. That doesn’t mean these malicious activities can’t be detected by the project and they can ban these persons.

We believe asking for the cost to the user going to create a lot of friction so we want to streamline the process. Not to mention asking people to pay to join a community is not a good way.

We have some interest in the icon community and outside icon community. There is a lot of solutions but all are somewhere around the 2 ends of a spectrum. Some solutions are like ens and looking for your wallet history holding 5 eth for a year etc., which can be easily faked. Full KYC which is verified once and use forever. People can pay others for KYC, but privacy concerns and regulations also complicate a lot of aspects here. What we do is just an ai based liveness check which creates data that can compare whether you are unique or not. Nothing from your name, address, age etc. involved in this process. Because it’s with camera and nearly everyone has a smartphone with a camera. It’s a very easy and fast process. We can keep asking for verification over time frames, so verifying once and using forever doesn’t work here. Even though we don’t hold or access any private data. Onboarding users into the ecosystem going to be a challenge. The core discord part will be seamless and possible so we can onboard other communities instead of just web3 ones.

At the start and first state it’s not a KYC it’s a Sybil resistance. For KYC part we are looking into our options and doing a lot of research with providers and the ZK area. There is a lot of complication in that area. We could process the KYC over ZK and didn’t have anything else but proof of the KYC. In some jurisdictions that is not acceptable so either our service or the KYC service provider needs to hold that data. We will never hold any data on these aspects. So we are looking for ways to make it work legally with the provider holding the data(this happens no matter what). You could ask why you are spending time on this after reading all this. The aim here is to make it possible so only a single entity has your KYC data and you won’t need to share that with anywhere else again. Instead of sharing your KYC with multiple providers and the increasing possibility of your personal data leak.

As I explained above Sybil doesn’t have anything personally identifiable to you. KYC part will be something in the future and opt-in. Users who want to join will do KYC with a provider we make it work and have their ZK proof of that KYC on our service. So again with the hack, we will not leak any data because ZK proof will not have data like your name address, etc in it. At the moment proof will only show your country and confirm you are over 18 or 21. I can’t give exact details because this part mostly involve laws and regulations and they differ from country to country. We spend the last few months on this, and it’s still far away from completion. One of the reasons KYC part is something further down the line with future stages and not in this proposal.

The whole project is about not holding any personal identifiable data. On broad personal data. Because according to GDPR you could use pseudonymous email like abc@gmail.com because it’s very likely you use it somewhere else or have your name written in that gmail accounts profile this fall to personal data for GDPR. It’s complicated I don’t have full understanding. Only thing I can say is our lawyers working on these aspects and we will be GDPR compliant. We will not hold any personal identifiable data even with KYC part developed since it’s just going to exist as a ZK proof of the KYC.

First time I heard Litentry. It mostly fell to the spectrum of what ens do. Our problem with these is they are good for linking your wallets over different chains nft’s and such. For filtering out bots and multi. They are so easy to cheat. They could actually integrate what we are doing into their service.

2 Likes