Introduction
This tutorial presents an overview guide on creating an attestation-gated web3 forum using Holonym, Orbis, and Ceramic (using ComposeDB). The goal of this article is to provide an overview of the solution and highlight the problems being solved for non-technical users. To deploy your own forum with Holonym integration see the technical tutorial available on Github.
But first - What is Holonym, Ceramic, and Orbis?
Holonym is a privacy-focused zero-knowledge protocol designed for decentralized identity verification and key custody. Its key strength lies in providing a secure way for users to verify their identity or attestations without compromising their privacy. Holonym employs zero-knowledge proofs, ensuring that individuals can prove specific facts about themselves without revealing the underlying details. This approach addresses challenges in digital identity, offering a balance between user privacy and the need for identity verification in various web3 applications, such as decentralized forums and online communities. Holonym's modular architecture further allows for customization, making it a versatile solution for diverse identity-related use cases.
Ceramic, a decentralized data network leveraging verifiable event streams, combines blockchain-like qualities with the efficiency of traditional databases. It provides composable data formats for developers to address digital presence challenges, supporting multiple development approaches, such as using graph-based databases like ComposeDB, or integrating with developer-friendly templates like Orbis SDK. Considered a "Data Ledger," Ceramic serves as a middle ground between on and off-chain activities. All events are periodically compiled into a Merkle tree and published to the Ethereum blockchain, ensuring consensus and cryptographic signing for security. ComposeDB, a graph database on Ceramic, enhances composability and querying, supporting GraphQL and optimizing read/write load. Developers can define data models using GraphQL or leverage existing community-defined models, offering flexibility in implementation.
Orbis is a toolset designed for decentralized identity management and access control in web3 social applications. It integrates with the Ceramic network and offers developers a platform to create, customize, and manage decentralized identity (DID) projects seamlessly. Orbis allows users to establish and configure contexts, categories, and access control conditions within their decentralized applications. By providing a user-friendly interface and embedding with Ceramic, Orbis facilitates the creation of secure and privacy-preserving social systems for managing identity-related interactions on the Ceramic network. While we won’t be covering the Orbis SDK in this article it is important to mention as it provides essential primitives for social applications, in our case a forum.
Problem Being Solved
Today’s online forums are mostly restricted to a handful of platforms with limited functionality for decentralized communities. Take for example Discourse, a popular open source software that offers both self-hosting and managed hosting options. Many DAOs rely on this platform to have long form discussions pertaining to governance or some other critical decision for the decentralized organization. Unfortunately, these forums often require intensive management from centralized moderators and do not integrate well with existing Web3 tooling for DAOs. Accounts are also not interoperable, meaning you will need to create a separate forum account for each DAO you join. Centralized forums are also at high risk of sybil attacks because users can create multiple accounts using separate emails. This puts voting results at risk of manipulation as one person could vote from several accounts. Combining all these problems you can quickly see how inconvenient centralized forums can be to use for DAO management. To fix this, we decided to build an open source forum that leverages Holonym for sybil resistance, token gating, and voting.
Holonym in Action: Embedding Sybil Resistance into Web3 Forums
Addressing identity and Sybil attacks in decentralized forums is an interesting problem to solve because there are many ways to accomplish. At Holonym, we believe proving your uniqueness shouldn’t violate your privacy or anonymity. That’s why we leverage zero knowledge proofs to verify your wallet through a phone number, government id, or some 3rd party method defined by the developer. For this application we opted to verify uniqueness by phone number. Doing so helped us guarantee two things for users of the forum.
First, it was important to establish that one vote = one person. We wanted to be able to ensure any verified users on the platform had proven their uniqueness through Holonym by verifying a phone number. Doing so allowed us to reduce risk of voter manipulation and sybil attacks on the forum. It also increases the quality of posters by attracting only verified users to posts.
Universal account management across forum instances was also a priority. We wanted to be able to ensure you only need to verify with Holonym once to use it across many forums. Thanks to how Ceramic is designed and our integration with Orbis only one verified user account is needed to login to multiple forums across separate instances. This means the account you use at one DAO would be the same at a different one. By leveraging Holonym as an identity management solution we enable interoperability across platforms and reduce friction for users.
Creating a peer-to-peer (P2P) attestation network to manage user permissions from a bottom up approach was another priority. Current centralized forums rely on top down approaches to user management. Rather than having moderators our platform chooses to distinguish verified users and non-verified users based on attestations. Verified users must receive three peer attestations from three existing users who have been verified on the platform. To make an attestation a Holonym Id is required to prove the attestor is unique (see figure 1). In creating this multistep verification process the forum is now complete with an attestation-gated solution for user management and permissions.
Figure 1
Conclusion
In this tutorial overview we discussed several key things:
- Sybil attacks and identity fraud pose significant threats to the integrity of decentralized forums.
- Ensuring a secure and trustworthy environment is crucial for the success of web3 applications.
- Holonym's innovative approach with ZKPs strikes a balance between privacy and accountability.
If you found this article overview interesting you can follow the technical tutorial and deploy your own attestation-gated forum. Technical users can start developing with Holonym today to extend the forum capabilities or build entire new custom zero knowledge identity apps. I also recommend users to ​​Mint your own Holo id and begin embedding Sybil resistance into your governance processes (LPT - You can add Holo to your Gitcoin passport stamps to increase your trust score)!
