Governor DAO <3 Aavegotchi: Let's Defeat the Bots!

Governor DAO <3 Aavegotchi: Let’s Defeat the Bots!

TL;DR

Governor DAO offers 100% effective sybil resistance to purge bots from Aavegotchi, indefinitely, wherever is needed. Let’s team up and push blockchain gaming to new frontiers.

Enroll here

Mint your non-transferrable token here

Enrollment Walkthrough video

Minting walkthrough video

Proof-of-Existence landing page

Full documentation

Introduction

Hi everyone! I am Green Jeff, co-founder and lead solidity engineer at Governor DAO. I come to formally introduce my project and our production-ready solution to defeat bots in Aavegotchi, today and forever, once and for all.

Governor DAO is a collective built upon the notion that decentralization done right is difficult, and we help projects do it better! We offer projects help with engineering, consulting, community engagement, and proprietary buildouts built to address major problems across the space. Our flagship technology is sybil resistance, more on that below.

Our project was fairly launched, no tokens sold, in Q4 2020. With no initial token sale, we fund ourselves through good work done with clients, grants, and revenue from our products. Our launch is quite unique, but not a story for this thread. This Tweet thread covers the background and inception of our project.

Our team is doxxed and the project is US registered as a Wyoming DAO LLC. My real name is Zane Huffman. I have been in the space for close to a decade. You can click through my Twitter if you’d like to go down that rabbithole.

Problem: Bots.

I come here to formally introduce our project with the intention of partnering with Aavegotchi to utilize our tech to defeat the bot problem.

Governor DAO was initially introduced from our community members who are additionally active in Aavegotchi DAO and active in ongoing discussions on fighting bots. After spending significant time learning about the ecosystem, talking to community members, and meeting several DAO members and core team in Paris for ETHCC, we understand that botting is perhaps the single biggest obstacle Aavegotchi has grappled with since spillage was introduced (and shortly after turned off, due to the botting).

Looking through recent Discord conversation, this video surfaced, allegedly by a major botter in Aavegotchi, at one point responsible for running 1500 accounts simultaneously. Yanik from OrdenGG introduced the video with some translations (paraphrasing): Botter had no difficulty bypassing any reactive defenses the team implemented and mostly spent their time determining cost-effective servers and proxies.

Several potential solutions have been proposed to curb botting in certain instances, but the landscape of options available to Aavegotchi thus far are far from perfect. The team shouldn’t have to spend significant resources building out custom-fit solutions individually for different gameplay mechanics. And moreover, what if these solutions are swiftly circumvented like previous defense mechanisms?

The Solution: Governor DAO Proof-of-Existence (POE)

Aavegotchi needs a “human gate” they can plug in anywhere, seamlessly, and have 100% certainty that they’ve eliminated bots altogether. Today, tomorrow, and forever.

Governor DAO Proof-of-Existence is that 100% effective, universal solution. We offer a universal authentication system that allows every individual to authenticate under one wallet only.

Once a wallet is authenticated, that user can mint a non-transferrable ERC-20 POE token to their wallet address. Aavegotchi appends any smart contract interaction or web3 login with one line of code to “human-gate” the activity to just wallets authenticated (and unique individuals behind each wallet).

Our technology is live on Polygon and battletested with a number of live in production usecases (ex: 1-per-person NFT mints) and roughly 1,000 unique individuals registered.

This video overviews the mechanics of POE authentication, plus an example “UBI” implementation.

You can try out Proof-of-Existence for yourself here.

Implementation Outline

Proof-of-Existence is incredibly versatile. Developers just add one line of code (seriously) to check for balance of the POE erc20 token on Polygon. Our solution is incredibly lightweight, and therefore, easy to incorporate however projects like Aavegotchi see best fit.

Initially, we recommend gradually phasing in POE support as an optionality to users. Perhaps a new, auxiliary feature (like a commemorative NFT) can be introduced for community members who would like to opt-in to try in a manner that does not penalize users who prefer not to participate.

From there, offer POE as an option along other in-house solutions. Users could, for example, be recognized as “human” if they hold POE, they reach a certain level on the Discord, or they somehow otherwise establish themselves as a person in the community.

Ultimately, POE can easily be appended to any existing feature and initiated in any prospective feature. With a POE-gated design, developers and economists in the ecosystem can build new elements from a confidence that the feature can be gated to one-wallet-per-person. This is a phenomenally powerful prospect that unlocks an entire universe of complexity not otherwise possible. We hope that Aavegotchi will find creative and innovative ways to incorporate POE throughout the entire ecosystem!

POE never has to be the only way to authenticate a user as “not a bot”. Understand that POE takes users under a minute to sign up and enrolls them for life, so it is likely the most accessible option for the general user base. Users who prefer not to engage with biometrics (explained below) could still be offered alternative methods by Aavegotchi.

Concerns (Efficacy, Security, Privacy Protection)

Through informal discussion on the forums, in person with community members, and on DAO calls, the universe of concerns addressed in response to Proof-of-Existence appears to fall into three buckets: Efficacy, Security, and Privacy Protection.

Efficacy: How Effective is POE, really?

Proof-of-Existence boasts 100% performance while other sybil resistance competitors are spotty at best due to our integration of real world technology that is actively used in extremely sensitive and high stakes scenarios to do the same things web3 startups are trying to replicate from scratch.

POE utilizes biometrics powered by our partner, Finnovant, through their best-in-class SayTec solution. Finnovant’s clientele primarily spans user-facing products and services that must offer bullet-proof security. For example, SayTec is utilized by banking infrastructure across SEA to offer “step-up authentication” for high networth accounts (basically, you need to speak into your phone to authorize a 7 figure transaction, in case someone has hacked into your account).

SayTec one-way hashes a user’s face and voice biometrics input into an output hash. The hash is a summary of over a thousand indicators from the input material (how your jaw fluctuates, voice inflects, eye markers, etc.) Each person will produce the same hash every time, but no two people have the same hash.

Because it is a summary of thousands of indicators, differences over time like catching a cold or growing out your hair doesn’t affect the output hash. Because the summary is so comprehensive, AI technology like deepfakes and otherwise are not able to replicate human activity to an efficacy that passes as a real person.

We simply take that output hash and compare it across previous signups. New hash? New human. The wallet signed in alongside the authentication is fed through our bots and passes contract updates to whitelist the wallet to mint a non-transferrable POE token.

Because signup requires wallet sign-in, each signup requires the private key associated to the wallet. The system is not readily abused by someone “farming” signups because each individual they leverage has access to the wallet and could drain any assets. If trusted users are collaborating across multiple wallets, this is no different than any other permissible human collaboration.

Security: What if someone Hacked the Code?

In the ~30 seconds after a user signs up, their biometric input is hashed and then discarded. Data collection only spans the output hash, the associated wallet address, and the timestamp at signup.

Any type of “hack” would require some backwards engineering of the hashing mechanism. This technology utilizes industry standard hashing (think of the biometric input ⇒ hashed output as similar to the private key ⇒ public wallet address). There is nothing to do with that hashed output in the same way that you can’t determine my private key by “deconstructing” my public address at greenjeff.eth

If an individual were to ever break cryptographic hashing, you will be grappling with much bigger issues (ie: nuclear fallout).

Privacy Protection: “What if you are lying to us?”

By far the most serious and plausible concern is the notion that we (Governor DAO, Finnovant) are dishonest. This would not be unprecedented, another biometrics-based sybil resistance provider in the space has upheld terrible practices in polling-and-leveraging sensitive user information when recruiting them to sign up. You can probably find more about this with a quick google search.

Of course, nothing I can do or write can or should influence you to be happy with an approach of “just trust us”.

These concerns are also not unique to the individuals that make up the Aavegotchi community. Finnovant and other biometrics providers are held to certifications and industry standards to prevent wrong-doing. Finnovant today is in use in very high stakes settings, such as account security/authentication in banking and insurance infrastructure. Some of this information is found on the Finnovant website.

Users are free to reach out to Finnovant directly and ask questions pertaining to privacy and security. Additionally, we are happy to compile feedback from users and request Finnovant to provide further documentation, to the degree to which it is safe to publish.

Now, the above information applies to the biometric hashing in our application. The other component of concern is the role that Governor DAO plays in our solution built on top of the tech (that our app doesn’t do anything sneaky between user input and passing through the biometrics API). The easiest response is to verify for yourself. Our signup is browser-based. Check the dev console. You can see the size of the load you export – it’s quite small as it only relays output hash + wallet address + time of signup.

If we were covertly hoarding your sensitive info, that load would be much larger, as that is storage-heavy data.

Miscellaneous Concerns

I will never trust biometrics: Virtually everyone in the first world is exposed to biometrics. Do you use fingerprint or face to login to your smart phone or computer? Do you allow Metamask or other apps to sign in through face? Do you ever use self checkout at the grocery store? Do you fly?

I’m okay with biometrics, but I know others aren’t. This will alienate users: Proof-of-Existence doesn’t need to be implemented as an all-or-nothing. Offer users the opt-in of POE alongside alternatives. Or allow users to play as non-authenticated, potentially without access to some privileges that authenticated users have.

This is just too risky. I couldn’t imagine what would happen if my biometrics got leaked: Apples-to-apples, biometric data is not super useful or damaging compared to the types of information that is commonly stolen. In the crypto world, we all are putting ourselves at higher risk of greater harm every time we connect our wallet and sign transactions through a frontend. Phishing is prevalent and exposes its victims to massive, irreversible financial harm.

If your solution works so well, why is your project still so small?: We need our first killer integration! We’ve fought tooth and nail to overcome this chicken-and-egg problem. We hope an Aavegotchi integration can accelerate our growth tremendously.

I’m not comfortable putting my biometrics on the blockchain/connecting biometrics to my wallet: Proof-of-Existence does not actually write any biometric info to the blockchain. We use biometrics to see if a wallet is authenticated by a unique individual and then sign that wallet up. The blockchain only gets information on which wallets to whitelist. Wallets only carry the information that they have signed up (through POE token) but there is no way to use someone’s wallet to get their output hash (and like before, even if someone did get the output hash – you can’t use that to get the sensitive biometric input).

What happens if my wallet gets hacked/private key stolen?: From above, your biometrics are not imprinted or published to your wallet. A hacker has no way to retrieve biometric information if they get access to your wallet. As far as your enrollment, we can burn-and-restart enrollments for individuals who face a compromised wallet (this will ultimately be automated).

Proof-of-Existence Roadmap Information

POE is live today and multi-chain with Polygon support. Understand that the Authentication Portal may require users to switch their network to mainnet, but there is no transaction with signup and signup authenticates users on every supported chain.

Our self-serve minter recently upgraded to the first iteration of Polygon support. However, the UI/UX is still clunky. We will continue to improve the experience over time. This video outlines some of the kinks you may run into and the proper steps to mint your token.

We additionally are iterating over UI/UX improvements to make the process as seamless as possible for users. Some pending upgrades include:

  • Voice meter for users to see their audio input
  • Better feedback on camera lighting
  • Countdown timer to when recording begins
  • Retry button in case of failure to authenticate
  • Revision of application text and formatting to guide user attention

Further upgrades will be slotted and prioritized per the feedback received from new users.

Users today are able to mint their POE token with a simple txn. There is no cost beyond gas associated with this txn today. However, there is a variable in the contract that supports a signup cost. In the future, with many projects supporting POE, we will turn this cost on to pay for our own costs and support our DAO.

Proof-of-Existence supports signups at any scale. We can certainly support the entire Aavegotchi playerbase with no issue.

Decentralization Story

Lastly, as Governor DAO grows and resources become available, we are ultimately looking to create a decentralized system for integrating biometrics APIs. There are several alternatives to Finnovant that are appropriate for Proof-of-Existence, and our vision ultimately is to use some combination of these different providers and advanced users can self-select the API they feel most comfortable with (Finnovant or otherwise).

In Closing – Governor x Aavegotchi: First Ever Bot-Proof Gaming

We would like to offer a helping hand to Aavegotchi. We know, with 100% certainty, that our technology works perfectly for blockchain gaming. We know how important it is for Aavegotchi to determine the best usecase to fight the bots. And we know that our ability to firmly place Aavegotchi in the forefront of web3 gaming as the industry’s first successful “bot killers” will drive a ton of attention back to Governor DAO and help put our small project on the map.

Let’s help each other drive this industry forward.

10 Likes

So… do you need another batch of testers? A little more time to cook it? Or are you just holding off till my birthday, to give us our Godlike Banhammer so we can go back to having first world problems like “server too full, it’s getting laggy”, and countless other things that seem silly now, compared to being all alone in a metaverse for a few months :smiley:

1 Like

Good question!

We’re ready to take on the Aavegotchi community. As outlined above, there are still some quality of life improvements that are slated, but the entire system is live and working as intended.

I think the best next steps (should community and team endorse) is some type of low stakes, opt-in Aavegotchi test. Perhaps a common wearable that can be claimed by a POE holder over some period of time and/or up to X mintage.

From there, community who opts in for the wearable can get a taste for how it works and as a whole we can have a more informed discussion about integration roadmap into ultimately gating the core gameplay elements that have been turned off for so long.

I am looking to speak at the DAO call on Sunday and can chat more then :smiley:

1 Like

I think asking for biometrics is a very hard sell to new gamers joining the Gotchiverse.

It’s a massive invasion of privacy just to play a game. Probably enough of an issue for a decent portion of people to pass on the game altogether.

I can also see this generating bad press for the game; in both the gaming media as well as the crypto media.

And I don’t really trust 3rd parties with my biometric data tied to my wallet address.

1 Like

I think the best option is to have some combination of options. Biometrics is the easiest way in terms of timing and accessibility to prevent sybil. Users who are concerned about privacy/security can have some other ways to access “sybil gated” features (maybe something that looks similar to gitcoin passport).

I don’t think the game should be sybil gated from getgo, only certain features/privileges that aren’t possible without sybil protection

There are a number of mitigations that I outlined in the post to minimize the reliance on a single 3rd party. If we have a multi-provider future, users can opt-in to the same biometric API they are exposed to when they do activities like flying, unlocking their phone, and using self checkout.

Do note that there is no “biometric data tied to wallet address”. Biometrics are hashed then discard. Hashes are compared for the system but not published on-chain. There is no data attached to your wallet besides the erc20 token, which anyone can see as a signal that a wallet has signed up.

IMO any blanket disapproval to biometrics is moreso a messaging issue than tech issue. Biometrics is all over day to day life for anyone in first world country, and in almost all current gen smart devices.

1 Like

I love the idea of introducing a Sybil resistance mechanism, without the typical bureaucratic KYC/AML process. If I can avoid having my national identity documents, name and address stored in (yet another) centralized database, I’m very much in favor.

Still, I’d like to further understand:

  • Am I correct in thinking that this won’t stop a malicious actor to still sign up a bunch of their friends, family or other people?
    E.g. offer people $1 for enrolling (saying a sentence in front of a camera); and registering each of those to a new wallet account. I don’t think it would be that hard to get a whole row of people or kids lined up and process hundred(s) of accounts in a single day.

  • What if a user has multiple Ethereum accounts he uses in Aavegotchi? Would they have to move everything over to a single account?

  • What if a user loses access to the original Ethereum account. How are you thinking of automating the account recovery and the generation of a new PoE token (‘burn-and-restart enrollments’)? I can imagine many people losing access to a specific private key over the years due to theft or a phone breaking or otherwise. Or just wanting to migrate to a new, more secure, wallet.

  • How will this handle voice & video AIs which are only getting better?
    I’m quite sure some of the paying AI voice programs out there could already bypass the voice recognition. Imo it won’t be long until deepfakes are good enough to also fake lypsyncing and generate ‘real-looking’ humans, just like https://thispersondoesnotexist.com/ does for pictures.
    Won’t take long before also deepfake/video is good enough to fool

1 Like

Very good questions! Reacting below:

Am I correct in thinking that this won’t stop a malicious actor to still sign up a bunch of their friends, family or other people?

This is the most likely form of collusion that can take place against our system. There are some inherent limitations, mainly the notion that each sign up is tied to a private key. So this type of collusion is only possible offline, with someone “handling” a device with many wallets on board.

This is certainly a vulnerability, but one that is limited in terms of size and scope. You can only sign up so many people, and those sign ups can still be purged if seen to be moving synchronously with one another. I weigh this as a limited, surveillable attack vector that could be handled reactively should the situation arise.

What if a user has multiple Ethereum accounts he uses in Aavegotchi? Would they have to move everything over to a single account?

The short answer is yes, that’s the idea of sybil resistance. If Aavegotchi wanted to permit a certain number of wallets per individual, we have (currently unused) functionality of a “sign-in” that can be used to link one person across multiple wallets.

What if a user loses access to the original Ethereum account. How are you thinking of automating the account recovery and the generation of a new PoE token (‘burn-and-restart enrollments’)?

This ties into above, we can use a sign-in to verify if someone on is the same person that originally signed up on . The automated process looks like a privilege for the user to authorize an enrollment purge and token burn on their original wallet, from their new wallet, after the verification that links new to old. There would be some cooldown buffer between burn on OG wallet and mint to new wallet to prevent someone from “flash minting” a bunch of enrollments for one-off attacks

How will this handle voice & video AIs which are only getting better?

This is not too much of a concern for the biometrics industry. While AI mimicry may appear compelling to the human eye, the AI powering the biometrics API is much more adept. Both adversaries are growing and improving together in the same fashion.

Another thing to note is that creating a compelling image of a person is (magnitudes) easier than creating a compelling rendition of a living person (meaning a video that passes as a real human in front of the camera, moving and reacting to lighting, that kind of thing). The AI is not only checking “yeah this looks like a person” but rather “yeah this is a living, breathing person moving dynamically and reacting to directions”

Note that this is the same type of technology that secures much higher stakes situations, like banking authorization, so it is quite battle tested in the real world