Why Soulbound Tokens Are the Wrong Tool for Citizenship

SBTs treat identity as a static, permanent record, but real-world citizenship is fluid. Revocation, appeals, and status changes are impossible without centralized overrides, recreating the oracle problem for human identity.

• Permanent Stigma: A revoked credential is a permanent, public scarlet letter.
• Governance Paralysis: Cannot model probationary periods or temporary bans.
• Oracle Dependency: Any update requires a trusted issuer, defeating decentralization.

Public-by-default SBTs create exhaustive, linkable social graphs on-chain. This is a data leak of unprecedented scale, exposing affiliations, memberships, and financial behavior to anyone.

• Graph Exposure: A single SBT can link all your wallet activity and other SBTs.
• No Selective Disclosure: Cannot prove a credential (e.g., over 18) without revealing the entire token.
• Forces Mixers: Users will be pushed to privacy tools like Tornado Cash, complicating compliance.

The correct primitive is off-chain, attested Verifiable Credentials (VCs) with on-chain ZK verification. This separates the claim from the proof, enabling privacy and dynamism.

• Selective Disclosure: Prove you're a citizen without revealing your name or ID number.
• Instant Revocation: Issuer updates a revocation list; the proof fails without on-chain mutation.
• Composable Proofs: Combine credentials (e.g., Citizen + KYC'd) into a single ZK-SNARK, as seen in zkPass or Sismo attestations.

SBTs are a data primitive, not an economic one. They create permanent, non-transferable records that are unforgiving and unproductive.\n- No Secondary Market: Locked capital with zero utility beyond attestation.\n- Permanent Stigma: A single bad attestation is a permanent scar, disincentivizing participation.\n- Misaligned Incentives: Issuers bear no cost for bad data, while holders bear all the risk.

Citizenship must be a productive, stake-based asset. Think bonded reputation or staked attestations like EigenLayer's restaking model.\n- Skin in the Game: Reputation requires capital at risk, aligning incentives between issuer and subject.\n- Dynamic Valuation: Market pricing reflects real-time credibility, not binary yes/no.\n- Composable Capital: Staked reputation can be used as collateral or delegated, creating utility.

SBT issuance replicates Web2's permissioned identity model. A whitelist of trusted issuers becomes the new centralized authority.\n- Single Point of Failure: Compromise or corruption of an issuer invalidates an entire graph.\n- Permissioned Innovation: New use cases require begging gatekeepers for attestations.\n- Fragmented Graphs: Isolated SBT silos prevent a unified, composable identity layer.

Citizenship must be built via consensus, not credentials. Use systems like Ethereum Attestation Service (EAS) or Hypercerts for portable, verifiable claims.\n- Multiple Attesters: Reputation aggregates from a decentralized set of signers, reducing trust assumptions.\n- Schema Freedom: Anyone can define and issue attestations for any purpose.\n- Portable Data: Attestations live on-chain, independent of any single issuer's platform.

Real-world reputation decays, evolves, and is context-specific. A permanent NFT cannot model this.\n- No Forgetting: Systems cannot model rehabilitation or changing contexts.\n- No Nuance: Binary (has/doesn't have) encoding loses all granularity and history.\n- No Computation: SBTs are dumb tokens; they cannot execute logic based on state changes.

Citizenship must be a verifiable, expiring credential with programmable logic. Build with ZK proofs and smart contract wallets.\n- Temporal Decay: Attestations can expire or decay, requiring renewal and reflecting current status.\n- Context-Aware: Proofs can reveal specific claims (e.g., >21 years old) without exposing full identity.\n- Automated Governance: Smart wallets can execute based on credential state, enabling fluid, condition-based access.

SBTs are just a non-transferable NFT standard. They store a claim, but cannot enforce logic, manage revocation, or handle complex membership states.

• Static vs. Dynamic: SBTs are static records; citizenship requires dynamic, context-aware permissions.
• No Native Revocation: Burning an SBT is a crude, on-chain event, not a graceful off-chain policy update.
• Use Case: Better for static credentials (e.g., conference attendance) than live governance rights.

Frameworks like Ethereum Attestation Service (EAS) or Verax separate the attestation (the claim) from the storage, enabling scalable, revocable, and private credential graphs.

• Off-Chain Flexibility: Schemas and revocation can be managed off-chain, then proven on-chain only when needed.
• Rich Context: Attach expiry dates, tiered scores, or links to other attestations.
• Composability: Build complex identity graphs that SBTs cannot represent, crucial for sybil-resistant airdrops or governance.

Immutable, permanent records on a public ledger create legal and privacy nightmares for users and issuers.

• GDPR Violation: The 'right to be forgotten' is impossible with an immutable SBT.
• Negative Reputation: A permanently on-chain 'badge' of a failed vote or expired membership creates perverse incentives.
• Stale Data: Citizenship status changes; an SBT is a fossil the moment it's minted.

Use zero-knowledge proofs to verify membership or reputation without revealing the underlying credential or storing it on-chain.

• Privacy-Preserving: Prove you're a citizen (or meet a threshold) without exposing which SBT or attestation you hold.
• Aggregation: Bundle multiple credentials into a single, powerful proof (e.g., 'Prove >100 Rep in DAO A OR Holder of NFT B').
• Off-Chain Verification: The authoritative state can live off-chain, with only the cryptographic proof submitted for access.

Each protocol mints its own SBT, leading to a universe of non-composable, isolated reputation islands. This defeats the purpose of a portable web3 identity.

• No Shared Semantics: An SBT from 'Protocol A' means nothing to 'Protocol B' without custom, brittle integration.
• Vendor Lock-in: Users are tied to the issuing platform's interpretation and continuation of that token.
• Anti-Network Effect: More SBTs decrease, not increase, the utility of the overall identity layer.

Build on decentralized data networks that provide a global namespace for verifiable data streams, not one-off tokens.

• Universal Resolver: Use a DID (Decentralized Identifier) like did:key or an ENS name as the root identifier, to which various attestations can be linked.
• Interoperable Data: Platforms like Ceramic allow composable data streams that any app can read and write to with proper permissions.
• Future-Proof: Separates the identity from the application, allowing reputation to accumulate across the ecosystem.