The decentralized web makes it possible for users, rather than applications and service providers, to truly own their digital identity. A huge component of identity is the data generated when users interact with any application. Email, Google Maps, Facebook, Amazon accounts, Mint.com, and others together create a comprehensive picture of your digital identity — but one that you do not own or control.

Smart contracts allow users to own and leverage their data in new ways. We can also use the time we’ve already spent painting detailed pictures of ourselves on centralized sites to bootstrap identity and usability on the decentralized web.

We’re excited to be collaborating with Datawallet on “Bot or Not”, a tool for proving that a user is a real human. This is also called “sybil prevention”. In this use-case, user data from existing social media sites is downloaded, evaluated by Datawallet algorithms within the Enigma network (without exposing the social data to any 3rd parties), and the result is used to differentiate legitimate users from bots.

Motivation

Proving that a user is legitimate is a challenge that plagues crypto projects, where a single user can generate as many pseudonymous addresses as she wants. When a user does this maliciously, it is known as a “sybil attack”. If we can bootstrap a “confidence number” using existing data about users, we can get reasonable protection against this attack without the administrative overhead of official attestations from governments.

For example, consider an airdrop that wants to cap individual distribution. Nothing prevents a wealthy user from creating multiple accounts and subscribing for the max airdrop distribution from each. The same concept applies to voting, which is why many blockchain voting projects accept token-weighted voting, or explore other models such as quadratic voting to ensure a more democratic distribution. Similar challenges emerge in gaming applications, where the design of the game depends on being able to prevent players from generating many accounts to affect the outcome.

Sybil prevention can also be applied to domains such as ad fraud, a specific application that Datawallet is working on. A tool like Bot or Not can be used by media sites to reliably determine what traffic is legitimate. As projects like AdChain incentivize media outlets to guard against bot traffic through TCR membership, a solution such as Bot or Not could enable these outlets to achieve confidence in their legitimate traffic.

User Flow

A demonstrative use of Enigma for user to pass a “Bot or Not” validation, while protecting their data privacy

Using the Datawallet service, Alice downloads her social data from Facebook. The Datawallet service intercepts and encrypts the download, to provide confidence that the user has not manipulated the data after download. For more information about the process with Datawallet, see their blog post about this proof-of-concept. Alice’s encrypted user data is re-encrypted using the Enigma-JS library, and submitted to the Bot or Not contract on the Enigma network. At the same time as 2, a hash of Alice’s re-encrypted user data is submitted to the Enigma Contract on the ethereum network. Within the Bot or Not contract, an algorithm that analyzes social data provides a result and a degree of confidence as to whether Alice is legitimate or fake. If a destination address on the Ethereum network has been specified, the Enigma node that performed the computation will send the result to that contract. The result will also be returned, in encrypted format, to Alice. Furthermore, any future dApp that wants to know whether Alice is a bot or not doesn’t need to perform the computation again, as Alice’s status was stored encrypted in the Datawallet Enigma contract.

Future considerations

Self-sovereign data is key to building usability in the decentralized web. We’re excited about Bot or Not because it enables users to assert their identity with confidence, without relying on a centralized platform to manage their identity for them. It’s an example of the type of new applications we can build when users actually own their data, and when we consider user data to be a key part of user identity.

Enigma can unlock the utility of this data for applications without compromising user privacy. We’re excited both about how tools like Bot or Not can immediately improve dApps today, as well as how this proof-of-concept can inspire additional applications for user-sovereign data.

For more details on how the Datawallet algorithm and implementation works, check out their post on the topic.

And, as always, let’s work together. If you’re interested in using Bot or Not for sybil prevention in your own application — get in touch!

Have any feedback on this post? Leave a comment below!