女巫攻擊和社群媒體人格憑證的天然限流
Web3的生態裡有一個大家會認真處理的「女巫攻擊」(Sybil Attack)問題。所謂女巫攻擊,指的是同一個人或同一個組織,用很低的成本製造大量看似彼此獨立的身份,讓系統誤以為這些身份代表很多不同的人。這個詞來自 1973 年的書《Sybil》中主角的名字。書中的主角 Sybil Dorsett 被診斷出患有解離性身分疾患(舊稱多重人格障礙),她在同一具身體裡展現了16種截然不同的獨立人格。這個比喻很直白,就是同一個實體,偽裝成許多個不同的個體.Web3很認真處理這件事是因為「女巫攻擊」會吃掉池裡的錢.
對應到現在的Web2我們平常看到的攻擊,就是批量複製出來的分身大量生成,灌票、洗版、操縱排序、扭曲共識、惡意檢舉等。這個攻擊麻煩的地方在於符合利益結構,平台跟個人都有利可圖;平台希望很多使用者在用,不論是不是真人,只要數據好看,就可以賣廣告;對內容創作者來講就是配合大量的假帳號衝流量,價碼就可以提高;我們都看過很多這類文章,講明了就是當你聽到有人發表了反科學、反常識、反邏輯、故意激化的言論時,他不是講給你聽的,他是講給假帳號跟上,用來欺騙演算法帶進更多真人眼球用的,這個大概就是「女巫鍊金術」(無誤)。
假帳號生成傳統上的解決方法會用 IP 限流、手機驗證、Captcha、裝置指紋、或者先讓你使用,塞進machine learning模型再判斷你是不是非人帳號等。這些方法在現代就只是減慢攻擊速度,但已經讓你眼球看到的、吸進去腦袋的,最終就是每個人在耗費自己的精神跟時間去承受這些轟炸。
這正是「社群媒體人格憑證」想處理的事情。它的核心跟目前的社群媒體平台剛好相反,並不是先相信帳號,再慢慢做風控;而是先建立一套可驗證的數位資格,讓系統在重要操作發生之前,就能確認某個身份是否真的符合「真人」、「唯一性」或更高強度的資格要求。這套設計背後所依循的標準,是 W3C 的 Verifiable Credentials Data Model v2.0。根據 W3C 的可驗證憑證(Verifiable Credentials)可以理解成一種在網路上表達主張與資格的標準方式:它可以描述某個發行者對某個主體提出了哪些可被驗證的陳述,並且讓這些資訊具備防竄改、可驗證、可交換的特性。這個標準同時也強調發行者、持有者、驗證者三方之間的協作,以及安全性、隱私性與資料最小化。
社群媒體人格憑證正是在這樣的標準基礎上運作。它把「這個人具備某種人格性、唯一性或身份強度」做成可以驗證的憑證。於是,上層應用看到的就不再只是帳號名稱,而是一種可以被檢查、被授權、也可以在必要時被撤銷的數位資格。
所以系統的限流單位,就從傳統的「每分鐘可以打幾次 API」或「可以註冊幾個帳號」,轉成「一個可驗證的人格可以取得多少權限、多少配額」。攻擊者若想大規模濫用,就不能只靠多開帳號、多換 IP 或多準備幾個信箱;他還必須取得更多能通過驗證的人格憑證。拉高可用身份的成本,女巫攻擊就無法只靠自動化腳本來達成。這就是人格憑證的「天然限流」。
真人投票 就是利用人格憑證蓋出來的系統。為了呈現帳號做不到的地方,我特別設計成投票是沒有帳號概念的,也就是只要送出符合這個投票所要求的人格條件,就可以投票了。把這個概念再往外推,人格憑證的應用就不只限於投票。社群留言、內容發佈、推薦排序、空投領取、治理參與、真人互動等,「很多不同的人」或是「真實的人」的場景,都可能從這種架構得到好處。
附圖是Facebook這幾年刪除的「非真實帳號」數量。 對,每季都是幾億這樣的數字。
Number of removed fake accounts in millions
Sybil Attacks and the Natural Rate Limiting of Social Media Personhood Credentials
In the Web3 ecosystem, there is a problem people take very seriously called a “Sybil Attack.” A Sybil Attack happens when the same person or organization creates a large number of identities at very low cost, making the system believe they are many different individuals.
The term comes from the 1973 book Sybil. The main character, Sybil Dorsett, was diagnosed with dissociative identity disorder (formerly called multiple personality disorder). She displayed 16 completely different personalities within the same body. The metaphor is straightforward: one entity pretending to be many separate individuals.
Web3 cares deeply about this problem because Sybil attacks drain money from the system.
In today’s Web2 world, we see similar attacks all the time: large numbers of fake accounts are mass-produced to manipulate votes, flood discussions, game recommendation systems, distort public opinion, or abuse reporting tools.
The difficult part is that the incentives often align for both platforms and individuals. Platforms want to show high user numbers — whether those users are real people or not — because impressive metrics help sell ads. Content creators may also benefit by using fake accounts to boost traffic and engagement, which increases their market value.
We have all seen posts that spread anti-science, anti-common-sense, or intentionally provocative opinions. In many cases, those messages are not really aimed at persuading you. They are designed to trigger fake accounts into amplifying the content, which then tricks algorithms into showing it to more real people. This is basically “Sybil alchemy.”
Traditional solutions for fake accounts include IP rate limiting, phone verification, CAPTCHAs, device fingerprinting, or allowing accounts first and later using machine learning models to detect whether they are bots. Today, these methods mostly just slow attacks down. By the time the system reacts, people have already seen the content and absorbed it. In the end, every user pays the price with their time, attention, and mental energy.
This is exactly the problem that “Social Media Personhood Credentials” aim to solve.
Its core idea is almost the opposite of current social media platforms. Instead of trusting accounts first and applying risk controls later, the system first establishes a verifiable digital qualification. Before important actions happen, the system can confirm whether an identity actually meets requirements such as being a real human, being unique, or satisfying a stronger identity standard.
The design follows the W3C Verifiable Credentials Data Model v2.0 standard. According to the W3C definition, Verifiable Credentials are a standard way to express claims and qualifications on the internet. They allow an issuer to make verifiable statements about a subject while ensuring the information is tamper-resistant, verifiable, and transferable. The standard also emphasizes collaboration between issuers, holders, and verifiers, along with security, privacy, and data minimization.
Social Media Personhood Credentials are built on top of this standard. They turn “this person has a certain level of personhood, uniqueness, or identity strength” into something that can be verified digitally.
As a result, applications no longer see just a username. Instead, they see a digital qualification that can be checked, authorized, and revoked when necessary.
This changes the system’s rate-limiting model. Traditionally, limits are based on things like “how many API calls per minute” or “how many accounts can be registered.” With personhood credentials, limits are instead based on “how many permissions or quotas a verifiable person can obtain.”
An attacker can no longer rely only on creating more accounts, switching IP addresses, or using extra email addresses. They must also obtain additional personhood credentials that can pass verification. Once the cost of obtaining usable identities becomes high enough, Sybil attacks can no longer scale through automation alone.
This is the “natural rate limiting” provided by personhood credentials.
Real Human Voting is a system built using this concept. To demonstrate what accounts cannot do, I intentionally designed it without the concept of user accounts. As long as someone can provide credentials that satisfy the voting requirements, they can vote.
Taking the idea further, personhood credentials are not limited to voting. Social comments, content publishing, recommendation ranking, airdrop claims, governance participation, and real-human interactions — any scenario that depends on “many different people” or “real people” — could benefit from this architecture.
The attached chart shows the number of “fake accounts” Facebook has removed in recent years.
Yes — the numbers are in the hundreds of millions every single quarter.