While the innate security of blockchain transactions is well established, the problem of the source of the transaction is often overlooked. A blockchain could represent a ledger relating to votes in an election, a ledger which, in and of itself, is almost unhackable. Each voter can be accurately counted, and their vote properly ascribed to an incorruptible ledger; but the blockchain has no way of knowing if the voter is a human.
To this end, HUMAN Protocol is working with Metamask and Chainlink to provide a solution.
We have created a secure way to verify human actions on the blockchain. This work allows Ethereum contract developers to use hCaptcha and other HUMAN Protocol services to validate operations in their smart contracts.
The regular means of human verification in off-chain environments, including analyzing browser fingerprints, using complex fraud systems, and so on, do not perfectly map to blockchain semantics; for example, there may be no browser at all used for a transaction, and ensuring privacy can be more challenging when creating a permanent ledger record…
HUMAN Protocol has extended the Metamask API to allow dApp users to call a specific API endpoint in Metamask, which initiates a Metamask page with hCaptcha, one of the apps built on top of the HUMAN Protocol. Metamask functions as a humanity verification proxy for each contract that requires this protection.
Using the dApp, the contract consumer is then prompted to solve an hCaptcha through Metamask. The hCaptcha API subsequently produces an authorization for the successful completion of the captcha. HUMAN Protocol applies the authorization to the blockchain.
There is a gap, however, between a human solving an hCaptcha off-chain and the smart contract ‘knowing’ that the hCaptcha authorization it has been presented with is legitimate.
Oracles provide a reliable two-way line of communication between on-chain and off-chain information. We decided to use Chainlink as an oracle provider because it allows users to set up their own custom oracles, called external adapters, which you can read more about on Chainlink’s developer documentation page.
Chainlink oracles verify the legitimacy of the authorization and send the information back to the blockchain.
This would all be meaningless without a way for the dApp user to receive their verified authorization easily. That’s why we decided to put our efforts into one of the most popular Ethereum browsers: Metamask. The Protocol sends the verified blockchain authorization here.
Because Metamask is one of the most popular portals for all kinds of smart contract, the possibilities for this technology are endless. Of course, the first step is to apply this to existing blockchain technologies; from proving NFT ownership, to compensating a musician according to how many humans listen to their song, to ensuring community engagement from humans rather than bots.
However, such human verification opens the door for non-blockchain systems to develop new potentialities on-chain. In principle, the work could ensure an email has been sent by a human, or that ‘likes’ on social media come from a human.
From the dApp developer perspective, the process is simple and flexible. You have two separate endpoints in the Metamask provider. The first option is to request a captcha authorization, which opens the hCaptcha page to your consumer. The second option is to send an actual transaction, representing a contract interaction, with the call containing the given authorization from hCaptcha. For a full technical rundown, we will be updating our Wiki to give a comprehensive account of how dApp developers can use this technology.
The HUMAN Protocol Foundation makes no representation, warranty, or undertaking, express or implied, as to the accuracy, reliability, completeness, or reasonableness of the information contained here. Any assumptions, opinions, and estimations expressed constitute the HUMAN Protocol Foundation’s judgment as of the time of publishing and are subject to change without notice. Any projection contained within the information presented here is based on a number of assumptions, and there can be no guarantee that any projected outcomes will be achieved.