Passport is our AWS is the worlds largest web based retail store.

It is also the trojan horse that allowed AWS to grow into the dominant cloud hosting platform in the world in the early 2000s. AWS did $62 billion last year in revenue.

(for the uninitiated AWS is Amazon Web Services - an infrastructure provider that allows for easy cloud hosting + other compute services. It is the #1 cloud hosting provider in the world)


What I think is funny about this story is how AWS looks so obvious in hindsight, but at the time it was seen as a “risky bet”.

Screen Shot 2022-06-22 at 4.19.48 PM

Jeff Bezos risky bet in 2000 was basically:

  1. the market for cloud services is going to be huge
  2. Amazon could deliver better cloud services than anyone else on the planet (bc of the scale of
  3. Spend the money to realize the market share.

What does this have to do with us?

I basically think that there is a similar setup going on at GitcoinDAO.

The DAOs primary product, Gitcoin Grants, by way of its network effects has created a treasure trove of user data about Quadratic Funding (which we all know because we’ve been following the posts by the FDD relies on sybil resistence :)).

Here is the setup:


I think the bet GitcoinDAO is faced with is:

  1. the market for a sybil resistence/DeSoc identity money lego is going to be huge
  2. Gitcoin could deliver better a sybil resistence/plurality money lego than anyone else on the planet (bc of the scale/plurality of Gitcoin Grants)
  3. The dao could spend the money to realize the market share.

I was very happy to see that the DAO ratified in its essential intents for 2022: Build a widely adopted, modular Pluralism Passport protocol that creates a flourishing ecosystem of network effects around Decentralized Society.

Looks like other people see it too :slight_smile:

My prompts to you all:

  1. Do you have pushback on the market opportunity (or Gitcoin’s positioning to make a move) here? Id love to hear it + talk it out.
  2. What would have to be true to start cranking the network effects of Passport?
  3. I’m giving a talk at ETHcc about the opportunity of Decentralized Society, Sybil Resistence, and Gitcoin Passport. What would have to be true for this launch to go really well?
  4. Defi protocols have a KPI called TVL (total value locked). I think for us a similar metric is total cost of forgery what is the total cost of forgery in gitcoin passport ecosystem now? what would have to be true to 1000x it?
  5. I’m planning on having other tools in the sybil resistence/DID toolchain on the greenpill podcast. I will likely dedicate all of Season 2 to this subject. Who should I have on?
  6. What are the coolest things we could build if 1h1v was solved? Dream big!

Caveat: Web3 is Pluralistic

One area where the analogy to AWS breaks is that Gitcoin desires to be pluralistic. Gitcoin Passport will lift the tide of all boats in the plurality value chain. It offers

  1. distribution to our sybil resistence provider friends (like BrightID, Idena, POH, etc) and our DID friends (spruce, disco, ceramic)
  2. beyond just distribution, hopefully we are good ecosystem neighbors to this grouip too.
  3. aggregation of a plurality of identities to dApp providers who want sybil resistence
  4. benefits to users who collect stamps.

Addentum: Is DID/sybil resistence really as big of an opportunity as cloud hosting?

TLDR - I think it is, yes.

Here is what I think this world looks like. Imagine its Q4 2022 and we release a press release like this:

Gitcoin, the market leader in web3 crowdfunding, has released Passport - a core money lego for the next generation of web3.

Gitcoin Passport is a new decentralized identity money lego that enables more democracy in the DAO space. Gitcoin Passport allows DAOs to go from 1 token 1 vote to 1 person 1 vote, reducing plutocracy + enabling more democracy in the DAO ecosystem with just 1 line of code.

With Passport, DAOs can verify the uniqueness of a (1) visitor to their website or (2) executor of a smart contract + and provide unique benefits to those users. Here’s how the technology works: Using Gitcoin Passport’s APIs, dApps can input an ETH address for their visitors and receive back a “personhood score” for that user. That personhood score (PS) is equivalent to the cost of forgery in USD for that users identity. If a user has a PS100, then a DAO can give them up to $100 worth of benefits. If a user has a PS10000, then a DAO can give them up to $10k worth of benefits.

Using Gitcoin Passport, users collect “stamps” that allow them to boost their Personhood Score. As they boost their PS, they gain benefits in Gitcoin Grants + other prominent dApps that provide benefits to users who have high personhood scores.

Gitcoin Passport is backed by Gitcoin Grants. Gitcoin Grants is well known as a crowdfunding platform – But if you look closer, because Gitcoin Grants requires sybil resistance, Gitcoin Grants is actually a giant red team / blue team exercise for battle testing Digitally Native Sybil Resistance (Sock Puppet) technologies. Gitcoin Grants processes over $6mm/quarter in funding for the web3 space, and the sybil resistance baked into your Grants experience is what backs Personhood Score (PS) - the scoring algorithm behind Passport.

Gitcoin Passport is a Building Block for a Better Internet. Right now, the DAO ecosystem is built around one-token-one-vote or one-cpu-one-vote schemes. With Passport, the ecosystem could move to DAOs built on one-human-one-vote. This unlocks use cases like:

  1. quadratic funding
  2. quadratic voting
  3. Gini coefficient measurements
  4. UBI
  5. one-person-one-vote DAOs
  6. sybil resistant airdrops
  • other use cases we haven’t discovered yet!

Passport is

  1. Open Source - Passport was built Open Source from the start; to create transparency, security, and fork-ability at the foundation of the project.
  2. Privacy-Preserving - Passport is designed narrowly to allow users to prove their humanity, the rest of your identity does not matter to us. For this reason, Passport only provides information about your Personhood Score (PS). Your Passport does not contain anything personally identifiable about you.
  3. Programmable - Passport is built on web-standards like ERC-721 and the W3C DID/VC standards (coming soon). Using our JS SDK + Solidity SDK, developers can leverage Passport in their own platforms.
  4. Consent-driven - it is important that Passports are only generated for ppl when they consent to it.

From now until FUTURE_DATE Gitcoin is running an exclusive Passport alpha developer program to (1) get more developers building on Passport (2) get more stamps integrated into Passport.

There are already 10k users using Gitcoin Passport. If you’re a developer who would like to get access to Passport:

  1. To join to Gitcoin Passport’s alpha partner program, contact
  2. If you are a developer, and want to build on Gitcoin Passport, check out LINK_TO_DOCS.

back when i was creating web2 platforms, we used to have a strategy of going broad when creating the platform (which was marketed to developers), and going deep on creating one really really good app (and showed people the power of the platform).

after thinking about this post more, pondering platform creation strategy, and confering with @lthrift , i actually think the above diagram misses an important point - how do we sequence these things?

GitcoinPassport might be able to eventually support identity in many plural dimensions of Decentralized Society, but to be able to do that, I think it needs to be successful at creating sybil resistence on Gitcoin first.

because the DAO has limited resoures, it could consider first focus on spinning the flywheel of sybil resistence on gitcoin, and then exporting more sybil resistence to web3, then and only then will it have the momentum/resources to export those nfx to the rest of the ecosystem via a plurality of DeSoc use cases

as such, i would like to revise this network effects diagram to reflect this inner loop (sybil resistence, the first use case) and the outer loop (plurality of desoc use cases).



This is a super important alignment piece imho.

My first big question is: Is passport better as a product or a protocol? Do you need to reward participants to change the individual optimal strategy to collaborate rather than compete?

I’m working on a more accessible way of explaining these efforts to present at this Thursdays Gathering Hour for DAO contributors.

It could also INVEST in the standards set forth by a passport product. One reason for a token is to bootstrap network effect. Another is to signal the agreed upon set of standards enabling permissionless participation in a hard-coded set of choices to collaborate or compete. This is key to where the protocol conversation is centered in my perspective. (It doesn’t mean a token is launched tomorrow or next month, only that the roadmap to get there is different if that is the plan.)

I would love to see GitcoinDAO own 50% as a collective governance body driving it to success and partaking in the upside of our shared values recognizing the need for it.

Should we be finding ways for anyone to run their own implementation of Passport and still be effective in signaling to any other Passports running on the dominant fork? If yes, does this require a stake mechanism for identifying the chain with the agreed upon true state? Should we push for client diversity when we have defined the base set of rules for a passport gardener (used instead of miner - I hate the term because it sounds extractive)

This answer gets a little further out in the roadmap, but it’s fun to think about where we could go!


Partnerships in using Passport. Continually improved detection of sybil actions. The trust bonus or any exclusive logic design (you cannot participate fully unless you have x) is inherently SYBIL PREVENTION.

Any inclusive logic mitigation technique is based on SYBIL DETECTION. For us to run an A/B test on any prevention model, we must have a fairly accurate detection model to tell us if it is effective. Even if we decide that mitigation is not needed, the prevention method needs a target metric to 1) know that it is working and 2) know that it is not doing more harm.

I’ve been starting to think that our Gitcoin Community Main Round could be decoupled from the Ethereum round and use more inclusive logic all around. This would us to test both techniques in parellel until we better understand the tradeoffs.

One of these tradeoffs is growth. It would be a shame to lose market share by attempting to have the perfect system. Splitting these could help us achieve both goals for the Program Success intent as well as having impact on our protocol adoption intent.

This cost of forgery line of thinking is one way to think of it, but it is hard to say in context. I think the cost of forgery ends up being co-efficient to some standard way of assessing which communities can apply based on their chosen funding mechanism.

I do think that from a detection standpoint, we can iterate and improve on correctly identifying sybil within our ecosystem and assign that a cost of forgery to use on the preventative side. Another way is to leverage the triple-entry accounting economies of scale where sybil resistance is validated across multiple ecosystems where the cost of forgery might be worth losing your status in one, but not in all.

I think a fundamental piece of this issue is to find ways to crowdsource the data models used to detect sybil incidence. This is where we have been trying to take the community model. It isn’t as much about any one model, it is about us knowing how to leverage information that stays the same across many models.

This kind of plurality is built into the the direction we have been trying to move our efforts since November. It definitely needs understanding and a conscious choice to continue investing in it to work. I’m very happy with conversations with the product, Passport, and Engineering teams since our Season 14 budget experience. It seems that we all needed to discuss the roadmap more so we could understand the WHY behind many of our decisions.

Definitely Adam of BrightID and their Aura product. I don’t think people realize how ethics concious and ahead of the game they are in thier ideas. I’d like us to share systems more.

GoodDollar has a very interesting tool that I think could go a long way for automating user appeals.

I would love to see us set up Gardening rules, encode them on chain into an issuance curve, and let our partners build. Gitcoin would only subsidize the building of the protocol until the protocol could sustain on it’s own.

Identifying the best stamps and the best stamping partners is crucial. Imagine that an ecosystem wants to only give their DAO contributors access to a vote. One easy way would be by using the stamps they have. Would they simply stamp verification of owning a wallet? What if they wanted to use the total amount earned by that DAO? Would the tooling be there for them to immediately query the graph to see how much they have earned?

Could I look at all Passport holders who have earned at least $1,000/month from any DAO for 6 months straight and send them a stamp. Is there an incentive for someone who wants to aggregate stamps into one quick verification? (Similar to subgraph developers on Graph protocol)

The cycle between FDD detection continually improving and that giving a measurable goal for the prevention efforts of a personhood score is another flywheel to add. FDD is just the first service provider. By crowdsourcing the detection methods and the data models we might enable an ecosystem of scoring willing to financially back the cost of forgery guarantees they make.

I like the idea of consent to a community. When you consent to a community, you consent to the good AND the bad they stamp in your passport. If you no longer consent, then you can remove consent to the community at large, but you should not be able to selectively collect only good stamps from a community. (Communities themselves can choose if this is a policy they would like to enact.

I think its almost 15k!

For the Gitcoin main/ETH rounds, FDD can continue to provide detection services, recommend updates to trust bonus (Personhood score) including stamp data and scoring, and continuing mitigation (squelching) until the difference between the two is negligible.

Additionally, we can continue to improve detection models to provide more accurate insights. We can build a strong foundation for scaling the efforts by building the pipelines needed to crowdsource data and models. We can build better tooling and education for human evaluators who detect if the system is working as it should. (Yes, some individuals are wrong, but in a situation where there is no data set for a true class, scaling human subjectivity is likely more correct than letting algorithmic bias be the truth.) We can offer bounties for recommended stamp aggregations. All of these are reasonable directions.

Sybil effect

Most important, we need the direction we choose to be a decision made together with other workstreams, especially GPC, MC, and PGF. How does FDD best support this vision?


Scrolling through the forum. A lot to digest here (missed quite a bit). Just a quick and humble note for now. Upala price of forgery (aka cost of forgery) protocol is already live on xDai chain. Everything is ready to start price of forgery discovery process for any/all human verification methods used by gitcoin. More here - Upala dashboard

I bet we can estimate every human verification method with great level of precision within a month.

1 Like

I 100% agree with this! Passport is so important. Reminds me more of Plaid than AWS but I see the bigger picture.

Adapters I’d like to see added to Passport:

  • other eth addresses, so users can build a web of their public addresses, and over time shielded private ones
  • Instagram, especially with all the meta stuff happening
  • student emails. great sybil resistance


Something that’s tricky about the proof-of-personhood landscape is that if there are multiple competing providers (which is healthy), then an attacker could split stamps, e.g. put my Worldcoin ID on one account, my BrightID on another account, PoH on another account, Idena on another account, KYC another account, e-mail/social media/GitHub on another account, etc. This is especially tractable if privacy is in the picture.

EDIT: moved the above into a topic: Plural Passports without literally plural passports?
EDIT2: I would add under the “Use Cases” sections, plain ol’ Web2 use cases. CAPTCHAs, social media, etc. Russian bots are a huge topic lately, and having a human badge on Twitter could go a long way towards improving the situation. More broadly, DID/VCs could go a ways towards improving the fake news situation.

nit: My reaction to the Trojan Horse framing - Grants is more than a means to an end (same with, especially Grants 2.0. And I think bounties are also a good product and would advocate for them being a Gitcoin mainstay and continue to receive investment and hype.