Issuer Responsibility: Verifying Attendance

As mentioned in the Issuer Guidelines, it’s important for issuers to verify participation. This helps to preserve the protocol by ensuring that only those who attended an event received the Proof of Attendance Protocol (POAP) collectible.

Verifying Attendance (1)820×312 63.1 KB

While verification can be difficult, especially for digital events, this responsibility helps promote a healthy POAP ecosystem long term. POAPs are precious digital collectibles and only those eligible should receive them.

The Farming Issue

There is a group of actors, often called “Farmers”, who seek to collect POAPs for events that they do not attend. This creates a problem for issuers as they need to verify attendance but may have a group of actors who seek to claim the POAPs without participating or attending the event.

We will defeat this problem eventually, but it will require deliberate effort from everyone including issuers, collectors and POAP technology builders.

Why Issuers Must Care

As mentioned above, it’s the issuer responsibility to verify participation because not only does it help protect the health of the protocol, but it helps avoid real meaningful harm for your collectors.

1. If you don’t verify attendance, you may run out of POAPs as they will be claimed by those who aren’t participating.

2. If you don’t verify attendance, your POAPs may lose meaning, as those who hold them don’t actually care about your community/event/cause.

3. If you don’t verify attendance, your POAPs are not a meaningful sense of truth. The purpose of this technology is to remember historical moments and who was present for these moments. This must be preserved at all costs.

Attendance Verification and Distribution Methods

While more and more tools are emerging to provide attendance verification for POAP distribution, much more can done.

I would love to hear from the community on how you verify attendance, how you suggest other issuers verify attendance or what tools can be created to help solve this problem.

What are your thoughts?

For Real Life Events

1. What is the best way to distribute POAPs at real life events?
2. What are new tools that can be created to distributing POAPs at real life events?
3. Please provide any other insight or thoughts you have on this topic!

For Digital Events

1. What is the best way to distribute POAPs at digital events?
2. What are new tools that can be created to distributing POAPs at digital events?
3. Provide any other insight or thoughts you have on this topic!
   
   

If you are new to POAP and need some inspiration, please read the Nine Unique POAP Distribution Methods.

I look forward to hearing from everyone

I have never attended an IRL event which distributed a POAP (yet), so I do not have any thoughts regarding that specifically.

As for digital events, my preferred/favorite distribution methods are Discord Bot Distribution via Guild and POAP Checkout. I feel that both methods are the best way to currently deter sybils/bots. With that said, I find that the small fees add up if you attend several digital events.

I think it would be a great idea if POAP created a “POAP Passport,” similar to Gitcoin Passport (or just use Gitcoin Passport?) and allow POAP issuers to waive the fees for POAP Passport users if they choose too. One way POAP Passport could differ from Gitcoin Passport is a forced monthly renewal of the passport and different tiers/levels of the passport based on on-chain/off-chain (GitPOAP) activity.

For example: Project X does a community call #2023. The POAP fee for the community call is $3. “Gold” POAP Passport members can claim for free. “Silver” POAP Passport members can claim for $2. “Bronze” POAP Passport members can claim for $1, etc…

The criteria for the specific POAP Passport tiers/levels could include # of transactions in the previous month, GitPOAP holder, ENS domain holder, etc…; but it would ultimately be up the POAP issuer if they want to use the POAP Passport for their POAP distribution/checkout process and the POAP team to determine the criteria for each month. Since some POAP issuers use the POAP fees as a revenue stream, the POAP Passport could charge a small fee (probably counter-intuitive) and revenue share the fee to the respective POAP issuers based on how many members with a POAP Passport claimed their POAP.

This POAP Passport idea is probably unnecessary, but something I quickly thought of that can help “real” users avoid paying all these POAP fees or at least pay less fees.

Another idea of mine is to allow POAP issuers to prevent addresses on publicly available sybil lists to claim their POAP. As far as I know, both Optimism and Hop have publicly available sybil lists. Gnosis Safe was in the process of making a master list of $SAFE sybils and DeBank may have a private sybil database, but I am unsure. Allowing POAP issuers to have to option to blacklist such addresses could deter additional bots/sybils from claiming.

For Digital events, verification for claiming of POAPs should be strictly by address. The issuer should create a room for submission of addresses while the event is ongoing. After the event, POAP claiming should only be allocated to the submitted addresses. This is my humble opinion.

For Real Life Events

1. I like the QR code distribution method. It’s easy to dispense POAPs using a phone screen QR. Then, as an issuer, you can meet each person and verify they are actually there at the event.
2. The NFC way to distribute POAPs sounds pretty cool, though I’ve never experienced that method myself. Are there any technologies that support a sound code distribution? That would be dope. The phone could listen to the sounds like good ole dial up days.
3. Verifying people IRL is definitely easier to do than digital events. And you can also help them if they are new to Blockchain or NFTs.

For Digital Events

1. I like both the secret word method with a short time window if you’re holding a audio space, or the POAP dispensers in Decentraland.
2. I actually think what Starbucks is doing with their Odyssey program is going to be the next wave of distribution opportunities. There are a lot of email as distribution methods or doing events online that will just have the POAP as part of registration.
   Has anyone invented a time sensitive POAP drop where if you are in a virtual space, the avatar must stay in a certain area for a certain period of time? Or maybe a series of steps like pressing buttons 1-2-3-4 before they receive the POAP. This could raise the bar and make it harder for people to farm.
3. Digital delivery is definitely convenient but the issuers do you have to make sure the claimants are not farmers but actual people.

Could the cost of a certain level of POAPs be sent back to the person who purchased it? Could that be exploited? I wouldn’t mind spending a little bit of crypto to verify that I’m a real person. If then, after the event was completed, you get back some of your crypto you spent as a show of good faith.

I believe Zerion returns the POAP fee to users using Dispatch.xyz. From my experience, it’s limited to a select number or users and I’m sure bots/sybils can abuse this as well.

I would like to see issuers converge upon and dedicate themselves to POAP’s foundational vision:

A POAP collection is hence a digital representation of a human individual that doesn’t rely on any typical personal identifiable information (PII) like names, gender, nationality much less passport numbers. Once a collection overcomes an initial size threshold, it’s non-deterministically safe to assume that a single human cannot be behind of more than one POAP collection.

Further, I would like to see issuers supporting Gitcoin Passport as public good and rallying around Kevin Owocki’s proposed framework — which in part grew out of a conversation he had with Patrick Worthalter — for “getting 1000x more Sybil resistance out of POAP.”

Together, I see these as the North Star for charting POAP’s future and ensuring POAPs remain valued and relevant.

I imagine, further, that Kevin’s notion for getting 1000x more Sybil resistance out of POAP could similarly be applied to Guild.xyz, translating roles in the myriad guilds into Gitcoin Passport stamps that can serve as valuable Sybil resistance signals. Guild.xyz is particularly well suited to this in that it has, perhaps accidentally, become the preeminent aggregator of unique personhood signal across web3 and even into web2. Consider, for example, that Guild.xyz’s integrations/partners include Discord, Telegram, Google Workspace, GitHub, POAP, GitPOAP, Sismo, Krebit, Orange Protocol, Noox, Lens Protocol, Layer3, Galxe, and RabbitHole, to name just a few.

POAP + Guild.xyz + Gitcoin Passport could yield some tremendously potent synergy in the identity and credential space, with all three elevating one another and the broader web3 ecosystem.

Thanks for organizing this. I would have structured the questions completely different. Anyway: I guess for 99% of internal events in organizations, IRL or digital, participants are in a controlled environment, therefore they follow rules, do not share distribution codes, and all existing tools are very useful, including the new Custom GitPOAPs distribution method (pre-determine addresses or eMails that can receive the POAP) for certain use cases like certificates. For external events: Many are like the internal ones above and people assist in a controlled environment. If you are organizing an open-to-everybody external event, then imho the question is, does the issuer accepts or even maybe wants what you call “Farmers”? (What a wrongfully used word. Farmers are very honest, minding their own business and hard working people. Extremely disrespectful) If accepting that people that like collecting POAPs for the sake of it can get them, then the issuer should pay for the amount of requested mints. If definitely not wanting those collectors, then first the max amount of mint links should be limited (that should be regardless imho), and second we need tools like the degen bot for Discord that record participant IDs. Using a kiosk for open IRL venues should be a must then for example. One thing: Onboarding new users is a difficult task, asking them to download apps in a few minutes etc… I believe the POAP app should include the possibility to create a non-custodial account in Ethereum.

In-person: serialized rolling QR codes that update just like event tickets. one gets scanned, it gets marked off the list and the next number gets generated as QR.

Digital only: how hard would it be to implement a 4 way handshake between the host POAP issuer and an event attendee? Wi-fi routers do this every time someone has to use a PSK or PIN or similar WPA credentials when logging on. While not a perfect solution, It will help keep the honest people honest. Sure they can be easily hacked, but so can anything with 0’s and 1’s. How many people put their entire lifes data right behind the brittle WPA security? Are better systems available? Yes. Do POAPses distribution need to be more secure than banking account logon data, Instabook twerts, or PSNhotwaterbox’s game profiles?
We tend to overthink things that are still in the pioneering stage and have yet to come fully assembled with guidelines, instructions, and answers for every situation. That overthinking leads to something that eventually causes cancer in the state of California.
At some point, I believe the community needs start conversation as to what an acceptable farm/hack to attendee ratio would be. 0% loss prevention is impossible.

What are your opinions on this ragged rambling?

Yeah, that’s a good idea @DezyIC!
Do you have any proposal on how to collect the addresses and how to verify that the people actually participated in the event that’s being commemorated?

Hey @yeysus
Thanks for your feedback, we appreciate it. Agree regarding the “Farming” terminology; open to using another one when referring to people who are abusing the protocol.

Regarding this statement:

Yeah, definitely! We need more tools like degen or Guild. We’re supporting builders in creating anti-Sybil tools to verify participation and online or metaverse events are a real challenge.

I’m going to share this comment internally ; it could definitely be a game-changer. Thank you!

Well, submitting of the addresses through Google form might not really be the best. How about sending a unique minting link to each email address that participated…

In my opinion, for face-to-face events, the same old method of barcodes printed on business cards can be ideal, because they belong exactly to the people who are present, and we are sure that someone outside the meeting will not mint it.
But the main challenge is for digital events, which must be very careful for distribution, in my opinion, one of the best methods is to use attendance registration bots in Discord or Twitter, which ensures attendance, but still the possibility of attendance. There are farmers who can also use human verification systems such as Gitcoin Passport and BrightID for this problem.
In my opinion, a large percentage of farmers will be removed by using these items, of course there are weaknesses, for example, the Twitter bot is not able to register the presence of more than 1000 people, and this is a problem.

Hey @Cardenas!
Thanks fot your valuable comments!
They’re both great ideas to prevent farmers and build a healthy POAP ecosystem.

For Real Life Events

1. What is the best way to distribute POAPs at real life events?
   KIOSK is nice, but it cannot be concurrent, as it only shows 1 QR code at a time
   more than one ppl claiming at the same time makes trouble…
   better implement 1 single code for a task queue

2. What are new tools that can be created to distributing POAPs at real life events?
   could be sticker templates

For Digital Events

1. What is the best way to distribute POAPs at digital events?
   secret code with timelimit is the best

2. What are new tools that can be created to distributing POAPs at digital events?
   i dun need new tools

1. What is the best way to distribute POAPs at real life events?

The best way to distribute POAPs of physical events is the barcode method or link distribution among people.

2. What are new tools that can be created to distributing POAPs at real life events?

for physical events is to use the kiosk method by showing it on the projection, which can be effective and only for those present in the physical meeting.

3. Please provide any other insight or thoughts you have on this topic!

My suggestion for physical events is to combine the use of pre-event registration information with people’s attendance information. In such a way that before registration, a code will be allocated with the participant, which will work only in the system that is located for the distribution of POAPs in the physical event.
In this way, the distribution will be targeted and accurate, and any kind of abuse will be prevented.

For Digital Events
For digital events, the best method is the guild method (of course, if the duration of attendance at the meeting is taken into account)

From my point of view, it is a combination of using guild and proof of presence, in such a way that both Discord session and Twitter presence are registered and distribution is started based on that. And additional mechanism like getting a special role in Discord or writing a special comment at a special time in Twitter can be very effective. Because with this method, the farmers will be removed with good accuracy and the attendees will be more interested in hearing and seeing the event.

Great ideas @marzbal!

I particularly like the proposal of getting a unique role in Discord or writing a particular comment at a specific time on Twitter.

Thanks for sharing your thoughts

1. In reality, scan the QR code with your mobile phone

2. Customize a 1:1 poap machine bucket, cooperate with specific physical merchants, and hold online or offline activities from time to time. Participants can obtain poap by scanning the offline dynamic QR code

3. Obtained through a specific password/secret phrase

4. The current tools are very practical, but the ways and channels for users to obtain activities are too limited. Many loyal fans of poap are very keen on collecting poap, so they will actively participate in different activities to satisfy their desire to collect poap . The founder of poap did not collect tens of thousands of traffic cards because of actual travel needs, but actively collected them with a purpose. So I think most of the poap team’s energy should not be on how to prevent poap farmers from collecting a large number of poap, but to fully mobilize the initiative of all users and guide them to actively participate in activities is the focus of work. All that is to be prevented is some bots repeatedly getting poap in large quantities.

Here are my thoughts on Verifying Attendance and Distribution Methods:
So far, I have only participated in POAP Checkout.
Geolocation can be used at real events. Alternatively, each participant downloads the POAP application on their phone and gives it permission to read their geolocation. Thus, you do not need to scan anything - just come. At the entrance, the guest may be greeted and reminded that if he wants POAP, he should download the application and register with the help of mail or wallet.

This most likely falls under the category of new tools, since POAP does not yet work with geolocation. You can record the time of attendance at the event as evidence that the person was there all the time.
Cons: is that the guest’s phone may run out of power or the Internet on the phone will be lost.

Hello @Anthony @Fio glad to participate in the discussion.

1. Real Life Events. Face scanner (Face ID). This is used to unlock the phone, and POAP can apply this at the event: A guest arrives at the event and is asked to look into a camera that is connected to the POAP application to enter. After scanning the face, the POAP application compares the received data with the accounts in its database. If the person who came to the event has his own account with a passed Face ID (by the way, this is a reason to integrate with Apple ID), then it is automatically noted in the application that he was at the event.

2. Digital Events (Twitter Space) - Twitter has an API with which it keeps track of how many minutes you were at the event, so in the POAP application it must request data from twitter as the site https://link3.to does. There is a con that twitter has the limitation of Twitter API, POAP will be able only track up to 1,000 concurrent users on mobile. If user will join the Twitter Space on web or there are too many people in the space, he may not be able to meet the requirement for claiming the POAP.