Math meets humanity where web3 needs it most | Opinion

Every month, another token distribution falls prey to coordinated bot attacks. Within minutes of launch, automated programs claim a significant portion of the supply, leaving genuine users with nothing but frustration. The pattern repeats with alarming regularity: a project announces an airdrop, bots flood the system, and real users find themselves crowded out––from Kaito (systemic flaws enabling bot predation) to Linea (the sheer scale of Sybil farming) to Magic Eden (technical vulnerabilities exploited by bots), and more.

Beyond token grabs, governance systems across web3 also face increasing manipulation. Voting mechanisms designed to serve as vox populi become puppet shows instead, with single entities controlling multiple identities to sway outcomes in their favor. What appears to be community consensus often masks the influence of a concentrated few operating via bot armies.

This problem intensifies as new tokens launch daily, with each facing the same fundamental challenge of reaching real humans rather than automated scripts. Without solving this identity verification challenge, web3 remains vulnerable to exploitation, undermining its foundational promise.

Enter zero-knowledge cryptography, which offers a logical and attainable solution. This technology, evolving from mathematical theory into practical applications, can solve this core contradiction by enabling the verification of humanity without exposing personal information.

The privacy paradox

Web3 advertises the promise of decentralized systems that preserve user privacy while enabling trustless interactions. Yet today, projects face a seemingly impossible choice when verifying users.

On one hand, there are conventional KYC solutions—intrusive identity verification systems that demand personal documentation and create centralized repositories of sensitive data. These systems not only contradict web3’s ethos but also present security vulnerabilities. In an era where deepfakes and AI-generated content can easily circumvent traditional verification methods, KYC has become both philosophically and practically problematic.

On the other hand, there are soft spam prevention mechanisms that preserve privacy but fail to provide meaningful protection against bot attacks. Captchas, email verification, and social media checks can be effortlessly bypassed by determined attackers, leaving projects exposed to Sybil attacks.

What’s revealing is that users themselves recognize this dilemma. While few prioritize privacy for casual social media interactions, sentiment changes dramatically when financial transactions or personal identification come into play. People want privacy for what truly matters—their money and their identity.

A human problem, not a technical one

Crypto’s deepest challenges don’t solely lie in blockchain mechanics, consensus algorithms, or smart contract optimization. They exist at the boundary where digital systems meet human reality. While the industry has made significant strides in reducing gas fees and speeding up transactions, it has struggled to translate real-world trust into the digital realm.

This represents a human problem first and foremost. Without reliable human verification, the web of trust that underpins all social and economic systems can’t translate to digital spaces. We need systems that recognize genuine human participants without requiring them to surrender their privacy.

Too many projects have attempted to solve this by building entirely new trust infrastructures from scratch. They launch new networks, create isolated verification mechanisms, and inevitably fail to generate meaningful network effects. These isolated efforts fragment the ecosystem rather than strengthen it.

How do we verify someone’s humanity without demanding they surrender their personal data?

The zero-knowledge solution

Zero-knowledge proofs—once theoretical mathematical constructs—now offer a practical solution to this paradox. This cryptographic approach allows users to prove specific facts about themselves without revealing any underlying data.

For identity, this means that one can verify they possess a valid government-issued ID without sharing any of the personal information contained within it. They can prove they’re of legal age without revealing their birthdate; confirm they’re from an eligible jurisdiction without disclosing their address; or establish they’re a unique human without exposing their identity.

This technological approach enables truly Sybil-resistant systems while preserving the privacy principles that define web3. A person can only register once, preventing bot farmers from creating thousands of fake accounts while maintaining complete control over their personal information.

This works through mathematical verification of cryptographic signatures already embedded in modern electronic passports and IDs. When a country issues a passport, it digitally signs the document’s data with its private key. Using zero-knowledge circuits, users can prove this signature exists and is valid against the country’s public key without exposing its data. The verification confirms the government vouched for this person without sharing who they are, functioning like a mathematical black box that outputs only “valid” or “invalid” while keeping all personal details sealed inside.

Practical applications are already emerging across the web3 landscape. Airdrops can now implement genuine one-verification-equals-one-claim systems, preventing bot armies from draining token supplies. Projects can verify a user’s age for compliance without collecting birthdate information. Services can confirm a user’s country of origin without storing precise location data. DeFi protocols can restrict specific functions based on regulatory requirements without compromising user privacy.

Building bridges between trust systems

The solution to web3’s identity crisis doesn’t require reinventing trust from scratch. It can be done by building secure bridges between existing trust infrastructures, like government-issued IDs and digital systems.

By extracting the cryptographic signatures from electronic passports and other official documents and then verifying them against issuing authorities’ public keys, we can create a privacy-preserving pathway between established trust systems and emerging digital economies.

This approach leverages existing infrastructure rather than building parallel systems. It recognizes that trust already exists in the world––the challenge is translating it to digital contexts without compromising personal sovereignty.

In sum, zero-knowledge verification dissolves the false tension between privacy and trust that has limited web3. Through mathematical certainty, users prove their uniqueness without revealing themselves. This shift enables bot-free token distributions, sovereign compliance with regulations, and manipulation-resistant governance systems. These technologies create selective disclosure on user terms by tapping into existing trust infrastructures, removing the need for a parallel system. The result brings what web3 always needed most: verified humans interacting with full data sovereignty.

Florent Tavernier

Florent Tavernier is the co-founder of Self Labs, building a scalable trust layer for the internet that puts privacy first. Florent joined Self Labs (founded by Celo core team members in early 2024), following its acquisition of OpenPassport, where he was also a co-founder. Self’s mission is to provide essential infrastructure for verifying human identity while preserving individual privacy, with the capacity to scale for hundreds of millions of users. Driven by his fundamental belief that Sybil-resistance is the main barrier to mainstream crypto adoption, Florent first worked in the DeFi sector, later developing privacy-preserving identity verification infrastructure closely with the Ethereum Foundation.