Summary
Platforms with privacy-conscious audiences, like crypto companies, do not have an effective, private, and low friction bot prevention tool. Existing options like are low friction, private, but ineffective (email), or effective, but high friction and privacy-invasive (passport upload). Because they're missing these tools, crypto companies with valuable users are unable to provide signup bonuses.
Priverify prevents bot fraud without storing, sharing, or linking activity to, personal identity information. This allows websites to provide onboarding incentives and reduce spam. Over time, this can be the default bot prevention service used by any website or app.
It consists of a verification flow that websites integrate into their onboarding flow, a verified user database that store pseudonyms but no personal identity information, and an API that lets websites check if a user is verified or not.
Who needs this?
I work in crypto and it’s an industry that’s both highly financialized and with privacy-conscious users. Companies want to run user acquisition promotions, but traditional KYC products are too privacy-invasive for their audience, since they both store identity information and link it to usage.
Examples from prominent crypto companies (click on triangle next to bullet to learn more):
I expect these needs apply to other “taboo” industries like gambling or adult content as well.
What do users and platforms need?
Platforms want a solution that users are comfortable opting into. Crypto natives need personal identity information to not be stored anywhere and no way to tie that data to their activity. These are the only requirement.
What does this system require?
A verification service that deletes date after verification
- This can be a identity verification platform like Stripe Identity, Veriff, or others.
- This service needs to agree to delete data after verification. Veriff does this.
A database of verified users that does not store, and cannot be connected to, a user’s personal information. It is connected to a pseudonymous identifier, like email or a wallet address.
- This is the most handwavy part: I think we can do this by hashing and salting a user’s information (eg. first name, last name, DoB, ID #) and discarding the personal data. This prevents users from creating a duplicate verification.
- Users associate an email and/or blockchain public wallet address with their verified identity to login across different apps. Users are recommended to use burner emails or wallets.
An API to let platforms to identify if a user is verified
- Platforms provide us with an email or wallet address, and our API response lets them know if this is a verified user.
- It is the platform’s responsibility to verify that a user does own their pseudonymous identifier (eg. click an email confirmation link or do a wallet gasless signature), as well as to keep track of emails and wallets to ensure no duplicate users.
The inspiration came from World ID, which does the above, and more, in a complex way to ensure it’s decentralized and highly accurate. However, their approach has privacy and narrative concerns (it scans eyeballs) and isn’t scalable (requires in-person visits to an expensive device). I believe that business needs can be met right now with a centralized solution with 99% accuracy.
What’s next?
Users will always want more privacy. This is much more than just a problem with crypto — I think this is the future of identity. Companies only need to know you’re unique to prevent fraud, or if you’re a certain nationality to adhere to laws. User data leakage is a byproduct of the existing system, not a core requirement.
Getting user adoption will be difficult so the focus should be here, rather than on the technology. I saw this first-hand at Kite — we built a code-autocomplete plugin like Github Copilot, but as a new startup, could only run computation on-device since users and companies didn’t trust us enough to upload their code to the cloud.
Our go-to-market needs to provide enough incentive for users to overcome their trust deficit, and low friction enough such that companies want to use it. Many companies in the space who are starting from lofty goals (universal UBI), nice-to-have’s (web3 identity), or from decentralized technology (ZK IDs that are peer-to-peer). None of these provide enough incentive to jump through what often takes 15+ minutes or an in-person visit. The strongest incentive is financial, so that’s why I want to experiment with signup bonuses.
As a network-based product, once we have verified users in our network, it’ll be easier for users to trust us, and more valuable for companies to use us. It’ll become Shopify Pay’s 1-click checkout for recognized users, but for onboarding. Once a user verifies on our network, they never have to deal with friction or privacy-invasive KYC afterwards. Companies often require users to click an email verification or sign in with a transaction. Afterwards, an API call to us can confirm that that user is verified.
Open questions
- Confirm with crypto companies about their needs, and that a centralized solution with these characteristics meets their needs
- Understand the approaches to build this. Need to learn more about data structures and cryptography
Open Thoughts
Identity verification is expensive, how do we afford this?
- We partner with a company like Stripe, they get equity in return for providing identity services for free, forever.
What is the business model?
- Usage-based API pricing. We are amortizing the cost of identity verification across many apps. This cost is user friction (lengthy KYC process) and money ($0.50 - $1.50 per verification).
Will crypto users and companies use centralized products?
- I think so, if we meet their pain points. For example, users used dydx to trade futures even though it’s offchain and centralized, since it was the best place to do so.
- Many users joined Farcaster knowing that the plan was to decentralize over time. This may be another approach we take.