The "IsAHuman" Attestation: Purpose and Limitations
Last updated
Last updated
The "IsAHuman" attestation is a simple verification tool used in Ethereum wallets to indicate whether a wallet holder is likely a human, not a bot. Issued by services like Zipwire, it plays a role in enhancing trust in decentralized systems but has notable limitations due to its lack of detailed identity data. This page explores its functionality and flaws compared to more robust attestations.
The "IsAHuman" attestation is a boolean (true/false) claim added to an Ethereum wallet after a basic verification process, such as an ID check via Zipwire. For example:
A user submits an ID to Zipwire, which verifies it and issues the attestation to the user’s wallet address.
The attestation is recorded on the Base blockchain, viewable via EAS Scan .
Its simplicity makes it useful for quick checks, such as filtering bots in dApps or social platforms.
While "IsAHuman" helps combat bots, its minimal data makes it less reliable for establishing true identity:
No Identity Linkage: The boolean value (true) doesn’t tie to specific identity details, like a name or document number, so it can’t confirm who the human is.
Lack of Proof Mechanism: Unlike attestations with a Merkle root hash (e.g., for a passport), "IsAHuman" offers no way for the holder to present a Merkle proof to verify specific attributes securely. Learn more about Merkle proofs in .
Vulnerability to Transfer: If the wallet is sold or stolen, the attestation remains, potentially misleading others about the new holder’s identity.
Contrast "IsAHuman" with an attestation of a passport:
Passport Attestation: Includes a Merkle root hash of document details (e.g., name, passport number). The holder can provide a Merkle proof to verify specific data without revealing everything, ensuring privacy and trust.
Stronger Verification: Such attestations link to verifiable identity data, making them harder to misuse.
The "IsAHuman" attestation is a lightweight tool for initial trust but shouldn’t be relied upon alone. Platforms and users must combine it with other checks, like transaction history or additional attestations, to ensure a wallet’s legitimacy. For guidance, see .