Proof of Humanity (Terms and Conditions Apply)

This is an EVMavericks Production

The first presentation I attended at ETHPrague was by a man named Rémi from Self Labs, who was calmly proposing that identity itself might be reinvented. It sounded reasonable, which is always the first warning sign. We could, Rémi told us, prove that we were human without telling anyone who we are.

On the surface, their product, Self Protocol, offers a smart, privacy-focused solution to identity in an age of AI hot takes, bots and Sybils. I was fascinated by the idea of a self-sovereign identity layer which would offer a massive increase in personal privacy. It all sounded very sensible, in the way that IKEA instructions sound sensible until you try to assemble the thing and end up crying on the floor.

Self Labs acquired OpenPassport to tackle the need for Sybil resistance and user verification. Self Pass and Self Connect form the core of a system that lets users prove discrete facts about themselves without disclosing full personal data.

I might be in over my head here, and Rémi talks pretty fast, but here’s what I managed to piece together, hopefully in the right order.

Self Protocol uses Merkle trees and zero-knowledge proofs (ZKP) to allow users to prove facts about themselves without revealing their full passport. Merkle trees are data structures used to store and validate data in small chunks, making verification straightforward. Zero-knowledge proofs are protocols that allow someone to demonstrate knowledge of a fact without revealing the underlying information. Together, they let you verify that something is true, without irrelevant detail.

The problem: If you want to prove your age or nationality online, you usually have to upload a full scan of your passport and hope no one misuses it.

Self Protocol‘s solution is to generate zero-knowledge proofs based on passport data. Rather than uploading documents or disclosing raw details to everyone who asks, users can locally verify their passport signature using electronic passport NFC technology. Country-level Signing Certificate Authorities (CSCAs) are published on-chain in a Merkle tree, sourced from the official ICAO registry. Once verified, users can generate a zero-knowledge proof attesting that they own a valid state-issued passport, without exposing anything else about themselves.

The result is that you can generate a new proof when you need to share personal information to meet a regulatory requirement. Instead of handing over your passport, you reveal only the specific detail that's needed, for example your citizenship status or country of residence, without having to reveal your name, birthdate or passport number.

There’s a bunch more privacy wizardry involving deterministic nullifiers and entropy that I’ve glossed over but the point is that you're in control of your own data. You choose what to prove and what stays sealed in the envelope.

I love the concept. It has never made sense to me that the teenager at the gas station gets my full name and details just because I want to buy a bottle of beer. With Self Protocol, only the relevant information is shared, that I am over 18, for example, or that I am not from a sanctioned jurisdiction. The virtual version of the guy at the gas station never needs to know my name or how old I am.

So far, so good.

Rémi told us about some of the problems they encountered. One recurring headache was that different countries use different cryptographic signature schemes and hash functions on their passports. In theory, all e-passports follow the ICAO standard, but in reality, not so much. Another challenge was supporting users in emerging markets with low-end devices and spotty internet.

All of which was interesting…but I started to feel uneasy about Rémi’s description of Self Protocol as offering proof of humanity. Certainly, we need ways to tell whether we are dealing with a real person or a bot, or whether an opinion flooding a forum is from a crowd of individuals or one person spinning up a hundred fake identities. But is my passport really what makes me human?

I was also unconvinced by Self Protocols application as an anti-Sybil measure, stopping people from creating multiple identities for nefarious reasons. I have two passports. My daughter has three. During the break, I asked another attendee how many passports he had: two. In an era of globalization, multiple passports is becoming increasingly common.

Now, if you are trying to cut off the guy who spins up 147 wallets for an airdrop, sure, it’s an improvement. But a passport isn’t actually representative of a single soul but of citizenship. A person might have two or three but it's still just one of them in there.

The truth is, I didn’t dwell on it for long, as their assumption worked in my favor. I dropped a note to my daughter to let her know she was a Sybil and went to the next talk.

My doubts didn’t really come into focus until the last day of the conference, when I attended a session by Aleksejs Ivashuk from the Apartride Network. Born in Riga during the era of the Latvian SSR, Aleksejs is one of 700,000 individuals who were denied Latvian citizenship following the country’s independence in 1991. He is stateless.

Aleksejs made it clear that statelessness is not a marginal issue; he told us that they estimate as many as one billion people are stateless. If the state does not recognize you, you do not have a legal identity. The result is that you don’t have human rights, because, in the eyes of the law, you do not exist. Banks will refuse to make you an account if you can’t prove your nationality or show state-issued identification. Aleksejs shared a direct quote from a bank even after Apartride intervened on behalf of a stateless person: “We know it is against the law but it is our policy”.

Theoretically, crypto could offer a solution for these people: they can be their own bank. However, decentralization is key.

You have zero percent ownership of your state-issued identification. If you don’t trust the state, Aleksejs told us, then you need to retain ownership of your identity. What we need is stubborn dedication to decentralized systems.

That uneasy feeling abruptly came into focus. Self Protocol claim to be a decentralized system, even though they are utterly reliant on state-issued passports.

There was another Self Protocol talk on the ETHGlobal Pragma agenda, happening in parallel with the final day of ETHPrague. I hadn’t planned to attend. But now I had questions.

After lunch, I went to “Shipping zkPassport: Bringing Self Protocol to Production” by Marek Olszewski, a co-founder of Celo.

Much of the material covered the same ground but this time, I caught the contradiction. Passports are decentralized, Marek told us, because they are issued by many different countries.

This is wild.

The fact that each country issues its own form of state identification doesn't make it decentralized. You can’t self-issue. You can’t opt out. You can’t simply decide, “Oh, I don’t like being American, I think I’ll be German!”

Recently, many of my American friends have asked how to get a European passport, citing a great-grandfather from France or simply a desire to live and work somewhere else. But for most people, the passport that you are born with is the one you are stuck with…unless you are willing to spend years in residency and effort before you qualify even to attempt an application, and even then, this may require you to relinquish your original.

Your government-issued ID is the very definition of a centralized system. As Aleksejs showed us, if your government decides that you do not qualify, you have no recourse.

And Marek knows this, because he then repeated Rémi’s “anti-Sybil” claim. Self Protocol protected against Sybils, he told us, because it is difficult to get multiple passports.

After the first session, I tweeted a photo of Rémi along with a description of the talk. Self Protocol’s X account retweeted it almost immediately. After Marek’s presentation, I tweeted again, this time asking if anyone from Self had attended Aleksejs Ivashuk’s session about the billion stateless people who would be left behind by apps like Self Protocol.

You refer to passports as a decentralized system but Apartide’s point is that it is actually massively centralised: if my country revokes my citizenship, I can’t just pick another one.

As of now, two weeks later, I have had no reply. The people most harmed by identity failures remain invisible in the very systems claiming to solve them.

Self Protocol is doing something valuable: protecting privacy and nudging the identity stack in a better direction. It’s a government-approved identity in a zero-knowledge wrapper. That’s still useful.

You get privacy. You get plausible deniability. You are likely limited to one or two instances rather than how many wallets you can be bothered to create.

In a world full of bots, sockpuppets and synthetic opinions, we want to know who’s real. Whether it’s airdrops, governance or public discourse, Sybil resistance is a real issue.

But Self Protocol has chosen to anchor that resistance in one of the most centralized systems we have: government-issued identity. A passport doesn’t prove you are human. It proves that an ICAO-approved bureaucracy somewhere has decided to acknowledge you.

That’s the disconnect. Self Protocol borrows the language of self-sovereignty but not the principle. It offers control over data but not control over inclusion. It's easy to talk about proof of humanity when you’re holding the right documents.

If we are serious about building decentralized identity systems that are verifiable, portable, privacy-preserving and genuinely inclusive, then we have to confront the reality that not everyone starts from the same place. Do we really want to claim that government recognition defines who we are, or if we are?

The question isn’t just about proof of humanity. It’s how much of our humanity we are willing to outsource and what we lose by trusting governments to decide who counts.

—

(This is the second of a series of articles on ETHPrague commissioned through a grant from EVMavericks)