On-chain reputation and DIDs: state of play and what lies ahead

Decentralised identification (DID) and on-chain reputation are a vital part of Web3, with numerous projects offering their own visions. Each brings strengths—and notable weaknesses. Today, ForkLog’s Vladimir Menaskop helps readers make sense of them.

Author’s note

In studying the markets for bridges, airdrops, DAOs, DeFi and more, I have repeatedly encountered so‑called on-chain reputation services. Examples include Gitcoin, Civic, Idena, Nomis, iden3, Polygon ID, Web3Auth, Proof of Humanity, RubyScore, Rarimo, ION, FIO App, Ideal Innovations, BrightID, Linea and many more.

All of them, one way or another, deal with transactional reputation. Some do so unwittingly; others say so outright, but focus on a part, not the whole.

So what is reputation, and why does it matter in the world of Web3 and Web 3.0 (WW3)? Let’s unpack it.

Reputation is a complex process

It consists of at least three stages:

1. Identification, which itself may involve simple verification (a wallet signature) of primary inputs—or more complex processes.
2. Accumulation of data: quantitative, temporal and subject-based. These three aspects are always necessary and sufficient, though their weighting may vary.
3. Creating a visualisation system. This usually means a numerical display, which is odd given point two, yet is still treated as a necessary simplification.

In short, reputation is not a rating; it is far more intricate.

Reputation is not a rating

Imagine you are a talented lawyer—but you work for the mafia. You have not lost a single case. You have practised for over a quarter of a century. Your clients are pleased with you.

Are you a good lawyer? Do you have a fine reputation?

For your clients—yes, you are a good lawyer with a stellar reputation. For law-enforcement officers, you are probably one of the best lawyers, but with a so‑so reputation. For the relatives of those harmed by the mafia, you are simply a despicable person—and they do not care how good a lawyer you are.

That is the point about reputation: it cannot be an abstraction. Those who chase one are, at best, being thoughtless and seeking PR for their service.

Reputation is always a composite of three primitives:

• quantitative;
• temporal;
• subject-based.

The longer you have been in the market (temporal), the more transactions you have (quantitative), and the more positive feedback you receive from a given group (subject-based), the higher your reputation. But note: it is higher for that group.

If, as a “black hat”, you crack a DeFi protocol, your reputation rises on the dark web and falls on the clear web. Conversely, as a “white hat”, you are bad news for denizens of the dark web but quite palatable to DeFi protocols you help.

This is the first thing everyone should grasp about reputation.

The second: reputation is a collateral instrument, but a non-transferable one. I first wrote about this more than eight years ago, and today we see concrete implementations in Web 3.0 and Web3. SBTs are one of the main ones.

You can pledge SBT on-chain points, but you cannot sell a soulbound token by definition. You can try to cheat by handing over a private key, but you will still have it (even if you deny it). Such deals rely entirely on trust and have little to do with WW3.

Reputation, unlike ratings, is built over years—and can be lost in a second.

The third important thesis is to distinguish between subjective reputation (SR) and transactional reputation (TR).

Back to the mafia lawyer. He excelled at school, graduated with a gold medal, entered university, was a top student there too, received a red diploma, then numerous professional awards. He also passed a driving test and drives well, and knows three languages, as certified.

That is all subjective reputation, built on attestations and accolades.

There is also transactional reputation, of which on-chain reputation is a subtype.

In short, TR focuses not on your laurels, but on how you apply your knowledge, skills and abilities in practice.

Arthur Hayes writes a lot, but loses money on trades. His reputation as an investor, for me, is low; as a trader, middling; as a marketer, high. Vitalik Buterin writes better, manages to sell Ethereum at the ATH and dreams up many interesting things. For me, his reputation as an investor is excellent, as a researcher—virtuoso; as a trader he is unknown to me, so in that aspect his reputation is near zero.

With that in mind, let’s see what the market offers.

Two broad camps

DID types

The first camp comprises identifiers of various kinds, including:

1. Domains (ENS and the like).
2. NFTs, especially SBTs.
3. Names within chains: first and foremost the BitShares family.

A separate subgroup comprises KYC services and on-chain passports: Galxe Passport, Uber Trips, OKX Passport, Privado.iD, Pado and others.

That, however, is Web 2.5 rather than pure WW3. The same applies to passports issued by “network states” such as Liberland.

Scores and ratings

The second camp comprises quantitative indicators presented as ratings and scores. This camp is closer to TR, though it still rests on the old SR foundations.

Here is a closer look at several projects I find interesting.

Civic: early, but not number one

I never tire of noting that this was one of the most successful ICOs. Launched in 2015, the project is still running, though not always with successful implementation models.

On your page (here is mine as an example) you can obtain identification on four basic vectors. First you pass a CAPTCHA to prove you are not a bot. Then it gets harder: video identification. Then two more types, one of which leads to documents. In short, KYC on maximum settings.

Thus Civic has moved from a pure WW3 service to Web 2.5, settling somewhere between DID and KYC. The methodology mirrors verification at, say, Google or banks, where you record a few seconds of video and, if needed, provide ID photos or other documents.

Does this relate to subjective reputation? Yes. To transactional reputation? Obviously not.

Gitcoin Passport: a TR–SR hybrid

Over recent years Gitcoin Passport has become a default standard for many, but in fact it suffers from a startling number of problems:

1. It periodically glitches and changes ratings at will, which is terrible for TR services: they should formalise reputation, not create it.
2. The distribution of points raises, to put it mildly, doubts about the objectivity of the scoring.
3. And the big one: you can earn more than eight points for staking GTC, which looks like a bribe—albeit in DeFi, not the real world.

In general, verification proceeds via interactions and timestamps across networks and protocols (ZKsync, Lens) and via various applications, including dapps (ENS, Gnosis, Snapshot).

This is closer to TR, though the methodology invites justified scepticism.

No need to dwell on Galxe Passport and a host of similar solutions: they stew in the same technical juice. Better to turn to a project that adds some variety to the recipe for assessing a digital persona.

Nomis: a breakthrough—but of what sort?

The Nomis team does a decent job of implementing on-chain scoring, which the project’s creators, in my view wrongly, call on-chain reputation.

Several notable properties:

1. It works across many networks—both EVM and non‑EVM (eg, TON).
2. It factors in diverse criteria for scoring, but the system is closed. The team claims this fends off attacks, yet in practice it renders all assessments strictly centralised.
3. Lovely visualisation and thoughtful UX/UI (though everyone is now thinking in that direction).

You can read a general description of the protocol in the documentation, but below I explain why I see this approach as, if not wrong, then at least inconsistent with WW3 principles.

Among analogues, RubyScore is worth a look: its pros and cons are on about the same level.

zkPass: the right stuff?

In this implementation there are ZK mechanics that feel natural for the DID and TR segment. The answer, however, lies in the details—the truthfulness of HTTPS data rests on two key aspects:

1. Integrity of encrypted data from trusted sources. During the MPC network protocol in zkPass, random nodes are selected to establish a “client” connection with the user, facilitating communication with the server and effectively forming a three‑party TLS connection. In this set‑up the user holds shares of the encryption key and the MAC key, while the nodes hold only the remaining portion of the MAC key. Any attempt to tamper with data from a trusted source will fail MAC verification. Thus data integrity is ensured in the three‑party TLS connection.
2. Compliance of data claims with the verifier’s requirements. To assess the authenticity of data claims, zkPass uses a hybrid ZK technology to protect client privacy. The protocol can be completed successfully only if the data meet the template’s conditions, for example age over 18 or amount < 10,000. This guarantees the accuracy and truthfulness of the data.

Put simply, the protocol does a good job of formalising known data, but it does not produce the qualitative assessments needed for transactional reputation. Read more here.

Idena: something else altogether

The project styles itself, no less, as a Proof‑of‑Person blockchain. In brief:

“Unlike PoS and PoW blockchains, to become a validator Idena requires you to prove that you are a unique person. Why? Proof of personhood allows you to maximise rewards as an individual miner and prevents the concentration of capital in stabilisation funds.”

This is about primary identification aimed at your unification as a P2P node, not as a distinctive human being. As a niche solution it fits perfectly, but for TR it looks too small—at best a component.

BrightID: more than reputation

BrightID is a privacy‑focused social identification network that lets applications confirm you receive fair access using only a single account.

Look closely at the paths of Lens or Farcaster and you will see they took the same tack—only on their own rake. Broadly, one of TR’s three aspects works here; the other two do not.

Collab

A case where before and after an airdrop we saw two different projects. Before: a promising, multi‑profile, technically savvy start‑up. After: a bundle of ordinary authorisation via Telegram and Discord, a perpetually falling token and development stagnation. Still, it deserves mention: it was one of the sector’s pioneers.

Guild: a different angle

The approach here is sound: complete tasks—get a “badge”; be in Discord with a role—get a “badge”; trade on DeFi—get a “badge”. Recently you can also pin participation via an on‑chain transaction and receive an extra bonus.

This is close to TR, but there is no formalisation whatsoever: everyone does as they please, mainly to pay out the same old drops, more rarely incentives and other rewards.

There are many other services, but let’s pause and generalise.

The lay of the land

Let’s summarise with a visual:

The list, as ever in such cases, is not exhaustive.

One can also distinguish identification and scoring at the level of:

1. Networks (DOT, Linea, Scroll).
2. Inter‑protocol interaction (Gitcoin grants).
3. Protocols (N‑Passport from the above).
4. Applications (inside “tappers”).

The open‑endedness shows TR is still far off: each tills their own plot, and the full breadth of the horizon is clearly missed.

What lies ahead?

My answers, in brief:

1. Proof‑of‑Importance. “Tappers” are another incarnation of mining 4.0, like Play‑to‑Earn, Move‑to‑Earn, and so on.
2. Proof-of-Event. If you are human. If you are active and attend exhibitions, meet‑ups, online conferences, community calls.
3. Proof‑of‑DAO. If you participate in a DAO, make proposals, steward the treasury, you can provide a wealth of proofs of your work.
4. Proof‑of‑App. This already exists on freelance markets in those DAOs. In future, everyone will be able to access such a “CV”, an SBT‑style list of achievements.

As a realist and a lawyer I would add that KYC’s role will not diminish but grow; TR will leave the segment as a WW3 artefact. Whoever resolves the KYC‑versus‑TR dilemma will occupy a great many niches.

The main takeaway

Transactional reputation is a basic element of DeFi 2.0, NFT 2.0 and all programmable assets, so it cannot simply be jettisoned. But nor can the whole be implemented by parts—and that is what all projects are doing. Or rather, trying to do.

In short, everyone is racing to visualise what already lies on the surface, whereas we would finally like to see something deeper and more meaningful than pretty glowing numbers.

Synthetic solutions are emerging too—for example, Etherscope, which tries to combine protocols. Also worth a nod is TristGo with diagram‑level visualisation.

There are also projects that try to integrate everything not by protocol but by specific identifiers: Talent Protocol and SocialScan. There are even services that combine your Web3 biography into a single page.

More often, however, pretty but niche solutions dominate—because they are far easier to implement.

Everything tied to transactional reputation is the near future. So I prefer not only to be an active observer and netstalker, but also a researcher who, every six to twelve months, compiles another roundup.

This is the latest; expect the next one later this year.