The "IsAHuman" Attestation: Purpose and Limitations

Overview

The "IsAHuman" attestation is a simple verification tool that helps distinguish between human users and bots in the Ethereum ecosystem. While it provides basic protection against automated systems, it's important to understand both its benefits and limitations.

How It Works

The Process

1. Wallet Connection: A user connects their Ethereum wallet to Zipwire

2. Verification: The user completes a Yoti ID check to verify their identity and liveness

3. Issuance: Upon successful verification, Zipwire offers the option to claim an "IsAHuman" attestation to the user's wallet

4. Recording: The attestation is recorded on the Base blockchain, viewable via EAS Scan

5. Other wallet-connected apps can see this attestation and that it was made by trusted issuer Zipwire

Privacy Features

• The attestation is issued directly from Zipwire's Ethereum account to your wallet

• No personal data is stored on the blockchain

• No direct link is created between you and your employer or other entities

• AI agents cannot access your personal information

Use Cases

Combatting Bots

• Filter out automated systems from dApps

• Protect social platforms from bot manipulation

• Ensure genuine human interaction in decentralized systems

Trust Building

• Add a basic layer of trust for platforms

• Enable quick verification of user authenticity

• Provide a foundation for more complex trust systems

Limitations

Security Concerns

1. No Identity Linkage: The boolean value (true) doesn't tie to specific identity details, i.e. no individual living person

2. Limited Proof Mechanism: Unlike attestations with Merkle root hashes, it offers no way to verify specific attributes

3. Transfer Vulnerability: If a wallet is sold or stolen, the attestation remains, potentially misleading others

Best Practices

For Users

• Don't rely solely on IsAHuman for critical verifications

• Consider combining it with other security measures

• Be aware of its limitations when using it for trust

For Platforms

• Use IsAHuman as a first layer of verification

• Implement additional checks for sensitive operations

• Consider more robust attestations for critical functions

Comparison to Robust Attestations

Contrast "IsAHuman" with an attestation of a passport:

• Passport Attestation: Includes a Merkle root hash of document details (e.g., name, passport number). The holder can provide a Merkle proof to verify specific data without revealing everything, ensuring privacy and trust.

• Stronger Verification: Such attestations link to verifiable identity data, making them harder to misuse.

Why It Matters

The "IsAHuman" attestation is a lightweight tool for initial trust but shouldn’t be relied upon alone. Platforms and users must combine it with other checks, like transaction history or additional attestations, to ensure a wallet’s legitimacy.

Related Resources