This is a transcription of the talk that Alex Marx gave at ETH Denver on March 4th 2023: Web3 Fraud Defense as a Philosophical Stance: Ban Behaviors, Not Users with Alex Marx

I'll start with a confession: I cheer for the con man in the film noir just as much as the next guy. I don't leave that piece of my personality at the door while working in risk mitigation. Acknowledging the innovation from so-called bad actors and how we're all pushed is essential. Our systems are driven by constant competition, and the Web3 space, more than any, attracts that competition.

Brilliant folks are working to break the things we're building. Some incredibly talented people are looking to capitalize on human nature in some cases and bag a reward that most of us wouldn't even recognize was on the table. In thinking about fraud mitigation, it's imperative to remember the philosophical ideals that brought us all into this space and question whether we are abiding by those ideals and the methods we use to prevent fraud.

I'll pose this question and give you a little background about me: Is our team's risk strategy aligned with the future that we want to create? It is valid for lots of people in Web 2.5 and Web3. We have inherited systems that may not be aligned with our intentions. How can we expect to exit people from this new inclusive financial system if we want to onboard the next billion users or the subsequent 7 billion users? In the past, we have penalized behaviors deemed antisocial or breaking society in some way by excommunicating the person that committed them. We have our prison system, which most people disagree with. So, why would our Internet communities and our web3 spaces expect to ban a user and exit them from our society instead of focusing on how to invite them into our society?

My background was in the silicon startup world at Stitch Fix. The fraud got real when we went public. We became the target of all kinds of new and fun cyber crimes. In defense, we would ban VPNs or stop traffic from a proxy. We would see whether the zip code on file matched the zip code on the credit card. None of these things are relevant in the web3 world. We are all protective of our privacy and don't align with those methods. So, how do we create systems that better mitigate fraud without having reference to broken systems that violate all of our privacy?

After Stitch Fix, I moved to Coinbase. Here, we had the best of the best mitigation tools and the best insights and were still reliant on traditional financial methods of limiting exposure and risk. It's only been since I joined Gitcoin that this all started to fall into place for me, seeing a philosophy that can create a more inclusive future instead of having reference to these practices of penalization.
One inclusive use case that I'm excited about is Quadratic Funding. Quadratic Funding is a formula intended to acknowledge that we are all starting at unequal places in terms of how many tokens are in our wallet and still equalized for that factor so that we can see what real community traction looks like.

Gitcoin Passport is a protocol designed to guard against Sybil attacks and incentivize desired behaviors. The goal is to create inclusive systems that encourage good behaviors and allow those who wish to earn money or contribute to do so within the system. The Allo Protocol, for instance, enables users to launch their quadratic funding mechanisms, which can help fund communities more democratically.

When building an inclusive future, it's essential to consider the unequal starting points and create solutions that accommodate these differences. For example, in many parts of the world, earning just two US dollars per day is considered a good income, which can be enough incentive for someone to spend a few hours working on a project. It's crucial to remember that the future being built is fully global, and avoiding a North America-centric approach is necessary.

While building a fraud-resistant system, some best practices include imagining oneself as a con artist trying to attack the system and examining how users gain value to ensure that these align with desired behaviors. Seeking global perspectives and collaborating with a diverse team can help avoid a biased approach. It's also essential to be prepared for the possibility that the system may be broken or exploited and to encourage white hat hackers to break the system and share their findings. Staying involved, iterating, and monitoring user behavior can help ensure the system remains secure and functional. Open lines of communication with the community are invaluable for receiving feedback and addressing concerns.

In summary, the key takeaway is to focus on banning undesirable behaviors instead of users. By making these behaviors impossible, developers can create more inclusive systems on the Ethereum blockchain. Emphasizing community and inclusivity can help transform former exploiters into valuable contributors.