Identity / Names·EVM · Off-chain
BrightID
BrightID is a social-graph-based proof-of-personhood network. Users build a verified identity by attending in-person/online connection parties and getting connected by other verified humans; analysis of the graph yields a 'Meets' or 'Aura' verification. Apps verify uniqueness without learning the user's BrightID by checking a per-app `contextId`, optionally sponsored by the app on behalf of new users.
- 01free / low-friction Sybil resistance for grants and quests
- 021-account-per-human social apps and DAOs
- 03UBI and community-token airdrops
- 04Gitcoin / Snapshot voting weight decisions
- 05anonymous reputation tied to a social graph
- pnpm add brightid_sdk_v6
| Variable | Scope | Description |
|---|---|---|
| NEXT_PUBLIC_BRIGHTID_CONTEXT | Client | BrightID app/context name registered with a BrightID node operator. |
| BRIGHTID_SPONSOR_PRIVATE_KEY | Server | Sponsor private key issued by a node operator; used server-side to sponsor new contextIds via the node API. |
Use BrightID for free, social-graph proof-of-personhood. Generate a per-user `contextId` (a random UUID or a hash of the user's wallet) and present the `brightid://link-verification/http:%2F%2Fnode.brightid.org/<context>/<contextId>` deep-link as a QR code so the user can scan it in the BrightID mobile app. Server-side, sponsor first-time contextIds via `POST /node/v6/operations` signed with `BRIGHTID_SPONSOR_PRIVATE_KEY`, then poll `GET https://app.brightid.org/node/v6/verifications/<context>/<contextId>?signed=eth×tamp=seconds` until `data.unique === true`; the response is signed by the node so you can verify it on-chain via the BrightIDValidatorV6 contract or off-chain with the node's public key. Map (context, contextId) → wallet exactly once and reject reuse.
- ⚑Sponsoring is rate-limited and metered — apps must request sponsorship quota from a node operator; running out silently fails verification for new users with a confusing 'not sponsored' state.
- ⚑The `Meets` algorithm relies on real human connection events; small-graph users (new regions, isolated communities) get false negatives — show users a path to attend a connection party rather than a hard wall.
- ⚑ContextIds are per-app: the same human gets different contextIds in different apps, so you cannot correlate users across contexts (good for privacy, but breaks naive cross-app dedup).
- ⚑Sybil bypass: collusion attacks on the social graph are an ongoing arms race; the Aura tier (subjective trust scoring) is stronger than Meets but has lower coverage. For high-value drops, gate on Aura or combine with another PoP.
- ⚑Verification can be revoked if the graph re-analysis flags a user later — check the signed verification freshly per session, don't cache for days.
- ⚑BrightID's hosted node infra has had partial outages historically; treat it as eventually-consistent and provide retry / fallback UX, especially during sponsor signing.