Why Reputation-Based Access Control Will Kill Traditional KYC

Sismo builds ZK badges that prove specific traits (e.g., "Gitcoin Passport Holder") without revealing your full identity or linking accounts. This shifts the paradigm from data extraction to selective disclosure.

• Privacy-Preserving: Prove you're human, not who you are.
• Composable Reputation: Badges are portable across dApps, creating a unified, user-owned graph.
• Sybil-Resistance: Enables fair airdrops and governance without doxxing users.

Gitcoin Passport aggregates stamps from Web2 (BrightID, Twitter) and Web3 (ENS, POAP) to create a decentralized identity score. It's the foundational reputation oracle for DeFi and governance.

• Sybil Defense: Protects quadratic funding and airdrops with ~$50M+ in protected distributions.
• Developer-First: Simple API integration replaces custom KYC flows.
• User-Custodied: Stamps are stored in the user's wallet, not a central database.

Worldcoin uses orb hardware to issue a global, unique ZK-proof of humanity. It solves the primal Sybil problem at planetary scale, decoupling financial access from government ID.

• Global Scale: Aims for ~1B+ verified humans, creating a neutral base layer.
• Privacy by Design: The proof is zero-knowledge; biometrics are hashed and deleted.
• Universal Basic Access: Enables fair distribution of global digital assets and governance rights.

Traditional KYC is a centralized honeypot for hackers, creates friction for ~1.7B unbanked, and violates user sovereignty. It's a binary gate, not a nuanced reputation system.

• Data Breach Risk: Centralized databases with millions of SSNs are constant targets.
• Exclusionary: Requires government ID, excluding refugees and the underbanked.
• Non-Composable: Your verified status on Exchange A is useless on Protocol B.

The future is modular reputation. Developers can query for specific, verified traits (e.g., "user with >100 on-chain txs") via a standard like EIP-712 or EAS, paying for verification with a microtransaction.

• Modular Design: Mix credentials from Sismo, Gitcoin, Civic based on dApp needs.
• Economic Efficiency: Pay-per-verification costs <$0.01 vs. KYC's $10+ per user.
• Anti-Fragile: Decentralized attestation networks have no single point of failure.

EAS is the infrastructure layer for on-chain reputation. It allows anyone to create a schema (e.g., "KYC Verified by Protocol X") and issue attestations to Ethereum addresses. It's the SQL database for social trust.

• Permissionless Schemas: No platform risk; developers own their reputation graph.
• On-Chain Verifiability: Attestations are publicly verifiable, immutable records.
• Composability Backbone: Enables Sismo, Gitcoin, and others to build interoperable systems.

KYC verifies a human, not a unique user. It's trivial to bypass with forged documents, creating a false sense of security while protocols remain vulnerable to governance attacks and airdrop farming.

• Sybil clusters drain >30% of airdrop value on average.
• KYC costs users $5-$50 and days of delay, but offers zero on-chain utility.
• Reputation systems like Gitcoin Passport and Worldcoin prove identity can be persistent and portable without exposing PII.

KYC relies on centralized oracles (the verification provider). This creates a protocol kill switch and a massive data honeypot.

• A single subpoena or provider failure can brick access for millions.
• Chainlink and Pyth solved this for price feeds; reputation networks must solve it for identity.
• Decentralized attestation networks (e.g., Ethereum Attestation Service) enable verifiable credentials without a central validator.

Global KYC compliance is a legal fiction. Users and capital flow to jurisdictions with favorable rules, forcing protocols into an unwinnable game of whack-a-mole.

• MiCA in the EU and potential US rules create a patchwork of conflicting standards.
• Reputation-based access is jurisdiction-agnostic; it filters for behavior (e.g., transaction history, social graph) not citizenship.
• Systems like Orange Protocol and Rhinestone enable composable, programmable trust without geographic borders.

KYC's data collection is a liability, not a feature. Zero-Knowledge Proofs (ZKPs) allow users to prove eligibility (e.g., "I am a unique human") without revealing who they are.

• zkSNARKs and zk-STARKs enable selective disclosure for regulatory compliance.
• Projects like Sismo and Polygon ID are building the ZK credential stack.
• The future is proof-of-personhood, not proof-of-passport.

Traditional KYC is a one-time, high-friction gate that creates a single point of failure for user data and blocks legitimate users. It's incompatible with pseudonymous, multi-chain ecosystems.

• User Drop-off > 50% on many DeFi platforms.
• Static Data becomes stale and offers no ongoing risk assessment.
• Centralized Custody of sensitive PII creates massive honeypots for hackers.

Reputation is a composable, on-chain asset built from transaction history, social graphs, and protocol interactions. Think Ethereum Attestation Service (EAS) meets Sybil resistance scores.

• Dynamic Scoring: Risk assessment updates with each transaction via oracles like UMA or Chainlink.
• Cross-Chain Portability: A user's reputation from Arbitrum can be verified on Base.
• Granular Permissions: Protocols can set custom thresholds (e.g., reputation_score > 85 & volume > $1k).

Projects like Sismo and Semaphore enable users to prove compliance (e.g., 'I am not a sanctioned entity') without revealing underlying identity. This is the bridge between regulators and privacy.

• Selective Disclosure: Prove attributes, not identity.
• Regulatory Gateway: Enables compliant, institutional DeFi pools without doxxing.
• Integration Path: Works with existing identity stacks like Worldcoin or ENS.

The real TAM is the institutional capital sidelined by compliance fears. Reputation-based systems create the audit trail and risk frameworks required for large-scale adoption.

• RWA Protocols: Centrifuge, Goldfinch can onboard entities, not just individuals.
• On-Chain Credit: Enables underwriting based on cash-flow history, not credit scores.
• New Business Models: Subscription NFTs, tiered fee structures, and loyalty programs become programmable.

The foundational layer is verifiable claims, not complex AI models. Builders should integrate EAS or Verax to issue and consume attestations for simple traits.

• Low-Hanging Fruit: Guild badges, proof-of-humanity, protocol-specific achievements.
• Composability: Attestations become inputs for reputation aggregators like Orange Protocol.
• Avoid Over-Engineering: Start with deterministic rules before layering on ML-based scoring.

The system's security is only as strong as its data sources and aggregation logic. A naive implementation is vulnerable to wash trading and collusion.

• Critical Dependency: Reputation oracles become high-value attack targets.
• Solution Stack: Requires decentralized oracle networks, fraud proofs, and time-weighted scoring.
• Look For: Projects building robust data layers like Space and Time or HyperOracle.