The Future of Social Graphs: Portable Reputation Built on VCs, Not APIs

Platforms like Twitter and Farcaster expose social graphs via APIs, but this is a permissioned illusion.\n- Revocable Access: Platforms can and do shut off API access, killing dependent apps overnight.\n- Fragmented Identity: Your reputation on X is siloed from your reputation on Lens or Farcaster.\n- No Composability: You cannot programmatically stake, trade, or underwrite with your social capital.

W3C Verifiable Credentials turn attestations (follows, likes, badges) into cryptographically signed, user-held claims.\n- User-Owned & Portable: Credentials live in your wallet, not a platform database.\n- Selective Disclosure: Prove you're a top 1% contributor without revealing your entire follower list.\n- Chain-Agnostic: VCs are a standard, enabling interoperability between Ethereum, Solana, and even non-blockchain systems.

Portable reputation becomes collateral. Projects like Gitcoin Passport and Orange Protocol are early examples.\n- Sybil-Resistant Airdrops: Allocate tokens based on provable, aggregated reputation scores across platforms.\n- Underwrite Loans: Use your developer or creator reputation score to get a DeFi loan with better terms.\n- Governance Power: DAOs like Optimism can weight votes based on off-chain contribution credentials.

New protocols are emerging to issue, store, and query VCs at scale. Ethereum Attestation Service (EAS) and Verax are critical infrastructure.\n- Schema Registry: Standardizes credential types (e.g., "KYC Verified", "Project Contributor").\n- On-Chain Graph: Creates a public, immutable ledger of attestations, enabling The Graph-style indexing.\n- Aggregation Oracles: Services that pull in data from Lens, Farcaster, and GitHub to issue composite reputation scores.

Your social capital is trapped. A 10k-follower Twitter account has zero value on Farcaster. This siloing stifles competition and locks users in.

• Zero Portability: Reputation is a platform-specific API call.
• High Switching Costs: Rebuilding a following from scratch is prohibitive.
• Platform Risk: Your entire social graph can be deplatformed overnight.

Reputation becomes a set of portable, cryptographically signed claims. Think Soulbound Tokens (SBTs) and W3C Verifiable Credentials.

• User-Owned: Stored in a wallet (e.g., Ethereum Attestation Service), not a corporate DB.
• Context-Specific: A DAO voting history credential is separate from a developer POAP collection.
• Composable: Apps can request and verify specific credentials without exposing the entire graph.

The base-layer schema registry and attestation engine. It's the TCP/IP for onchain reputation.

• Schema Flexibility: Developers define attestation formats (e.g., is_verified_human, contributed_to_protocol_X).
• Onchain/Offchain: Data can be stored onchain for immutability or offchain (e.g., IPFS, Ceramic) for cost.
• Permissionless: No gatekeeper. Used by Optimism's Citizen House, Gitcoin Passport.

Leading social protocols are becoming the first large-scale adopters of this stack, not the endpoints.

• Lens Protocol: Profiles are NFTs, interactions are composable modules. Reputation is built via collectible posts.
• Farcaster Frames: Embeds executable apps into casts, allowing credential-gated actions (e.g., token-gated frame).
• Network Effects: Their activity generates the rich attestation data that other apps can leverage.

The ultimate stress test for portable reputation. Lend based on proven cash flow and social standing, not just ETH.

• Credit Score SBT: Aggregates attestations from Goldfinch, Cred Protocol, and salary payment histories.
• Sybil-Resistant: Leverages Worldcoin or BrightID for unique-human proofs to prevent fraud.
• Capital Efficiency: Unlocks trillions in latent economic potential currently locked by over-collateralization.

Privacy is non-negotiable. You must prove you have a credential without revealing its contents (e.g., age > 21).

• zk-SNARKs/STARKs: Enable selective disclosure for sensitive credentials. Used by Sismo, zkEmail.
• Onchain Verification: Proofs are verified by a smart contract, enabling private, gated access.
• Regulatory Path: Provides a technical path to compliance (e.g., KYC) without doxxing the entire user base.

VCs prove you own a credential, not that you're a unique human. Without a robust, decentralized identity layer, portable reputation becomes a game of credential farming.

• Attack Vector: Low-cost issuance of fake credentials from colluding issuers.
• Consequence: Reputation markets become meaningless, replicating Web2 bot problems on-chain.
• Mitigation: Requires a costly-to-fake root like Proof of Personhood (Worldcoin) or persistent social graphs (Ethereum Attestation Service).

The trust model shifts from platform APIs to credential issuers. If issuers are few and centralized, they become the new de facto gatekeepers.

• Attack Vector: A major issuer (e.g., Coinbase Verifications) revokes credentials en masse for political or regulatory reasons.
• Consequence: Users instantly lose portable reputation across all dApps, creating a single point of failure.
• Mitigation: Requires credential revocation registries on-chain and a diverse, competitive issuer ecosystem.

On-chain VCs are public. Malicious actors can spam users with unsolicited, misleading, or harmful attestations to pollute their graph.

• Attack Vector: Flooding a user's wallet with fake 'endorsements' from disreputable sources to damage their social capital.
• Consequence: Reputation scoring algorithms become noisy and unreliable, forcing manual curation.
• Mitigation: Requires selective disclosure frameworks (ZK proofs) and graph curation markets where spam has a tangible cost.

Reputation is context-specific. A 'trusted lender' credential is worthless for a 'reliable content curator' context. Cross-context portability creates false equivalencies.

• Attack Vector: Actors port high-reputation from a low-stakes context (e.g., gaming) to a high-stakes one (e.g., lending) to exploit trust.
• Consequence: Undermines the utility of portable reputation, forcing dApps to re-implement their own verification layers.
• Mitigation: Requires context-specific credential schemas and reputation oracle networks that weight credentials by context.

Governments will regulate credential issuers for KYC/AML compliance, turning VCs into state-controlled identity systems by proxy.

• Attack Vector: Mandatory, government-issued VCs (e.g., digital ID) become the only legally accepted form of on-chain identity.
• Consequence: Creates a permissioned reputation layer, destroying censorship resistance and enabling global social scoring.
• Mitigation: Relies on credential minimalism and privacy-preserving proofs (like zk-proofs of age >18) to avoid handing over raw data.

On-chain social graphs are persistent and immutable. Negative or outdated credentials cannot be easily forgotten, creating a permanent 'digital scarlet letter'.

• Attack Vector: A single early-career mistake (e.g., a failed loan) is permanently attached to an address, hindering future opportunities.
• Consequence: Discourages experimentation and growth, making the graph a brittle record of past actions rather than a living reputation.
• Mitigation: Requires expiring credentials, reputation redemption markets, and soulbound token burning mechanisms.