The "IsAHuman" Attestation: Purpose and Limitations

Overview

The "IsAHuman" attestation is a simple verification tool that helps distinguish between human users and bots in the Ethereum ecosystem. While it provides basic protection against automated systems, it's important to understand both its benefits and limitations.

How It Works

The Process

  1. Wallet Connection: A user connects their Ethereum wallet to Zipwire

  2. Verification: The user completes a Yoti ID check to verify their identity and liveness

  3. Issuance: Upon successful verification, Zipwire offers the option to claim an "IsAHuman" attestation to the user's wallet

  4. Recording: The attestation is recorded on the Base blockchain, viewable via EAS Scan

  5. Other wallet-connected apps can see this attestation and that it was made by trusted issuer Zipwire

Privacy Features

  • The attestation is issued directly from Zipwire's Ethereum account to your wallet

  • No personal data is stored on the blockchain

  • No direct link is created between you and your employer or other entities

  • AI agents cannot access your personal information

How to Get IsAHuman Attestations

Self-Service Option

Your Digital Identity on the Blockchain

You can obtain IsAHuman attestations through our self-service platform, Zipwire Attest:

  • Independent registration - No business account required

  • Direct wallet connection - Connect your Ethereum wallet and get attested

  • Government-approved verification - Same Yoti ID checks used by banks

  • Immediate attestation - Claim your attestation right after verification

Business Integration Option

IsAHuman attestations can also be obtained through Zipwire Collect when businesses include ID checks in their document collections:

  • Free attestations - Users can claim attestations for free (business pays for ID check)

  • Same verification process - Uses the same Yoti ID verification

  • Wallet connection required - Users must connect their wallet to the collection

Choose Your Path

For individual users wanting to build their digital identity, use Zipwire Attest. For users completing business document collections that include ID checks, use Zipwire Collect and claim free attestations.

Use Cases

Combatting Bots

  • Filter out automated systems from dApps

  • Protect social platforms from bot manipulation

  • Ensure genuine human interaction in decentralized systems

Trust Building

  • Add a basic layer of trust for platforms

  • Enable quick verification of user authenticity

  • Provide a foundation for more complex trust systems

Limitations

Security Concerns

  1. No Identity Linkage: The boolean value (true) doesn't tie to specific identity details, i.e. no individual living person

  2. Limited Proof Mechanism: Unlike attestations with Merkle root hashes, it offers no way to verify specific attributes

  3. Transfer Vulnerability: If a wallet is sold or stolen, the attestation remains, potentially misleading others

Best Practices

For Users

  • Don't rely solely on IsAHuman for critical verifications

  • Consider combining it with other security measures

  • Be aware of its limitations when using it for trust

For Platforms

  • Use IsAHuman as a first layer of verification

  • Implement additional checks for sensitive operations

  • Consider more robust attestations for critical functions

Comparison to Robust Attestations

Contrast "IsAHuman" with an attestation of a passport:

  • Passport Attestation: Includes a Merkle root hash of document details (e.g., name, passport number). The holder can provide a Merkle proof to verify specific data without revealing everything, ensuring privacy and trust.

  • Stronger Verification: Such attestations link to verifiable identity data, making them harder to misuse.

Why It Matters

The "IsAHuman" attestation is a lightweight tool for initial trust but shouldn't be relied upon alone. Platforms and users must combine it with other checks, like transaction history or additional attestations, to ensure a wallet's legitimacy.

Last updated