Humangram is a social proof of humanity plugin for HUMAN protocol. The idea behind it is "if someone has an active social account for a few years, chances of that account being a bot are less."
Humangram consists of a Telegram bot and an API. The Telegram bot helps users prove their social activity on Telegram messenger. The API helps smart contracts fight bots by providing humanity score with time-based signature as proof of source.
Here is an overall view of how Humangram works:
- User interacts with Telegram bot
- Telegram bot interacts with the database
- Token manager manages API access
- API reads data from the database
- Private key signs API responses to prove the source
- Contract reads signed data and can check authenticity
Telegram bot: @humangram_bot
API base address: https://humangram.ddns.net/
API master key: blahblahblah
API test token: 3w3uiejcv8buvrs8gj4s1qfpvkmkyd2c
API public key (hex):
ee448aee7f08ee746af3bc4463d83e3573fb12f0cd2dcfc5f223df9951eaab8dcb42c6a713d56bf0f6aa6389c775d23d0252ea8e5f9c4dc6f6a5769df07e1e23
API public key (pem):
-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE7kSK7n8I7nRq87xEY9g+NXP7EvDNLc/F
8iPfmVHqq43LQsanE9Vr8PaqY4nHddI9AlLqjl+cTcb2pXad8H4eIw==
-----END PUBLIC KEY-----
Each user can earn humanity proof score by performing several tasks. Currently, there are 4 optional tasks. Scoring for each task can be modified in the config file. Smart contracts and other verifiers may decide the minimum acceptable score by themselves.
By sharing their phone number, users get a one-time
score point set by score_phone_number in config file.
This task can be done only once by each user. Phone
numbers are not shared with verifiers.
Note that if a malicious user deletes his/her Telegram account and signs up again in order to cheat, he/she can't get additional scores via sharing the same phone number.
Any user can forward a message which had been sent by
himself/herself in the past. The time of the original
message is read by the bot, and the user will receive
one score point for each score_point_per_x_days days
(configurable in the config file).
Users can forward as many messages as they want to the bot. Only the oldest message will earn them score points. The time of the oldest message so far is saved, so if another even older message is received in the future, the user will only earn the difference.
If someone owns a popular channel/supergroup, chances of
him/her being a bot is less. Users can earn one score
point for each score_point_per_x_members members
(configurable in the config file). Only the admin of the
channel/supergroup can prove ownership. The minimum
recommended value for score_point_per_x_members is
201, because admins can add the first 200 members from
their contact list or by @usernames.
Note that each channel/supergroup can be used only once and only by a single user. If a user has multiple channels/supergroups, only the one with the highest members count. The maximum members for each user is saved and if a channel/supergroup with higher members is added in the future, the user will only earn the difference.
Users can increase their score by asking other proved
humans to vouch for them. When user A vouches for user
B, user A loses score_voucher score points, and user B
earns the same score_voucher score points. The
amount for score_voucher is configurable in the config
file. This mechanism prevents the creation of vouching
clusters by malicious users.
Note than each user can vouch for each other user only
once and only if he/she can afford losing score_voucher
score points. Vouching requires explicit confirmation
by the voucher to prevent accidental clicks/taps.
Set up your own Humangram bot + API by following these steps:
- Go to My Telegram
and get a pair of
api_idandapi_hash. - Make a bot via @BotFather.
- Make and activate a
venvand install requirements.txt. - Generate a private/public key pair (if you don't have
one already) by issuing the command
python3 crypto.py. - Rename sample_config.py to
config.pyand fill in the values. - Install postgresql and create
humangramdatabase. - Import schema.sql to the database.
- Run
python3 bot.py. - Run
python3 api.pyin parallel (samevenv).
Here is a list of API endpoints with live preview.
/get_score/<token>/<telegram_id>
[view online]
/get_quota/<token>
[view online]
/generate_token/<master_key>/<quota>
[view online]
/add_quota/<master_key>/<token>/<quota>
[view online]
- Run the API behind a reverse proxy such as Nginx using a domain with SSL enabled. Without SSL, URLs will be sent in plain text letting men in the middle steal tokens.
- Double-check permissions for the config file as it contains your signing private key. The authenticity of the whole system directly depends on that private key!