<100 subscribers
Abstract: OmniSocial is a decentralized social networking protocol built on the Polygon zkEVM network, reimagining how identity, content, and communities operate online. Unlike traditional social media, OmniSocial prioritizes user autonomy by moving identity and social graphs onto smart contracts. Users control identity through smart contract wallets and NFT-based personas, earn reputation on-chain for their contributions, and participate in governance via decentralized autonomous organizations (DAOs). The protocol leverages account abstraction for gasless transactions, zero-knowledge proofs for privacy and integrity, and cross-network bridges for interoperability with platforms like ActivityPub (Mastodon), AT Protocol (Bluesky), Nostr, and more. This document outlines OmniSocial’s architecture, features, and roadmap, updated to reflect the current codebase and development progress on Polygon zkEVM. It is written to be accessible to both developers and general users, emphasizing a professional yet approachable tone.
Modern social media suffers from centralized control and silos. Users cannot freely move their profiles or content between platforms without losing followers. Algorithms that determine what we see are opaque, leading to mistrust and echo chambers. Creators often receive only a small fraction of the value they generate due to rent extraction by platforms. Account security is fragile – it relies on centralized email/SMS recovery which is vulnerable to hacking and unavailable in some regions. Finally, content moderation is opaque and unilateral, with decisions like bans or shadow bans made without community input.
OmniSocial’s vision is to create a user-owned, open social network where identity and reputation live on-chain, and communities govern themselves. Key design principles include:
Identity as Infrastructure: A user’s wallet is their identity. Instead of a platform-owned username, each user manages one or more personas as NFTs with human-readable handles (e.g. @alice.omni), all controlled by their wallet.
Reputation with Integrity: Reputation scores are earned through on-chain actions (like participating in governance or creating content) and decay over time if a user becomes inactive. Scores are cryptographically provable but exact values can be concealed—only tiers like Bronze, Silver, Gold are shown—to preserve privacy and prevent gaming the system.
Creator-First Economics: Monetization is built-in and programmable. OmniSocial supports native tipping, NFT-based edition drops, and automated revenue splits, reducing reliance on ads or centralized monetization schemes. Creators and community builders can directly earn POL (formerly MATIC) or other tokens via smart contracts.
Interoperability by Default: Instead of a walled garden, OmniSocial integrates with other networks. Bridges allow content to flow between OmniSocial and protocols like ActivityPub, AT Protocol, Nostr, Matrix, and more. Users can carry their social identity across platforms, and even import followers or mirror posts cross-platform.
Quantum-Ready Security: Anticipating future threats, OmniSocial is built on Polygon’s zkEVM (zero-knowledge Ethereum Virtual Machine) and uses modern cryptography. It plans to support post-quantum signature schemes (like Dilithium or Falcon) and lattice-based randomness to ensure long-term security.
Privacy Gradient: Users choose how public or anonymous to be. OmniSocial supports pseudonymous personas, wholly anonymous personas, or verified identities. One user can have multiple personas for different contexts (for example, a professional persona and an anonymous persona), and can decide what information to disclose for each.
Overall, OmniSocial aims to empower users to own their identity and data, empower developers to build on an open social protocol, and empower communities to self-govern with transparent rules.
This whitepaper focuses on OmniSocial’s architectural design and features. It consolidates insights from prototype implementations, simulations of the reputation system, and community feedback. For clarity, it excludes certain details:
Exact Performance Metrics: Gas cost and throughput figures will be refined as contracts are optimized and scaled; we provide estimates but not final numbers.
Legal Entity/Jurisdiction: The paper does not commit to a specific legal structure for the project entity; those decisions will be made as needed for compliance.
Front-End UI Designs: We discuss functionality and UX principles but not final UI designs or screenshots.
Fiat Integration: Support for fiat on-ramps or stablecoins is noted as future work and not detailed here.
The aim is to present a living design of OmniSocial as it stands today (2025), knowing that some specifics will evolve. All aspects are subject to change through community feedback and further research.
OmniSocial is structured as a modular stack of components that work together to provide a fully decentralized social platform. Below, we describe each layer/component of the stack and highlight how they interoperate. This architecture is designed for separability and upgradeability – each piece can evolve without breaking the others, enabling rapid iteration and community-driven improvements.
This is the presentation and client layer, responsible for the user-facing experience (web or mobile app) and related tooling:
Reference Client: The OmniSocial web application is built with Next.js (React) leveraging server-side rendering and static generation for performance and SEO. This means pages (such as profiles or DAO pages) can load quickly and be indexed by search engines, while still providing a snappy single-page app experience.
Feature-Based Modular UI: The front-end codebase is organized by features (e.g. persona management, DAO governance, tipping) to keep it maintainable. Each feature’s components, hooks, and styles live together, making it easy for developers to navigate.
Dynamic Loading: To keep initial load fast, heavy components (like large modals or data-dense dashboards) are lazy-loaded. Using Next.js dynamic imports, OmniSocial splits the code so users only download what they need when they need it.
Wallet Connectivity: The app integrates with Ethereum wallet connectors via libraries like Wagmi and RainbowKit, so users can easily connect with MetaMask, WalletConnect, or other wallets. The wallet connection flow is streamlined for both desktop and mobile (via WalletConnect deep links or similar) and supports the Polygon zkEVM network.
Persona Selector: A PersonaSwitcher UI element allows users to toggle between different on-chain personas (identities) they own, without needing separate accounts. This means a user can post or interact as @alice.personal and then switch to @alice.professional seamlessly.
Accessibility & i18n: The interface adheres to accessibility standards (WCAG 2.1 AA) with proper contrast, ARIA labels, and full keyboard navigation support. It’s also internationalized; translations are managed via next-i18next with JSON files for each language. Users can switch languages and layouts adjust for right-to-left languages when needed.
Developer Tools (SDK): An optional GraphQL/React SDK (@omni/query) is planned to auto-generate data-fetching hooks from the subgraph schema. This will make it easier for third-party developers to build custom front-ends or bots that interact with OmniSocial data. The SDK ensures type-safe queries and subscriptions to real-time updates.
Experiment: As a forward-looking idea, the team has considered a plugin system where third-party features run in sandboxed WebAssembly modules within the app. This could allow community-developed extensions (for example, custom content filters or analytics dashboards) to run safely, with limited access to user data.
Identity is the cornerstone of OmniSocial. Rather than a single username on a single platform, identity in OmniSocial is wallet-based and multi-persona:
OmniWallet (Smart Contract Wallet): Every user interacts with OmniSocial via an OmniWallet, which is a smart contract that the user owns/control. Rather than using an Externally Owned Account (EOA) directly, the OmniWallet (deployed via OmniWalletFactory) acts as a programmable account. It supports account abstraction: users can execute actions through the OmniWallet, and those actions can be paid by a relayer or sponsor, enabling gasless transactions for the end user. The OmniWallet is compatible with ERC-2771 (meta-transactions) and designed with future ERC-4337 features in mind for full account abstraction suppor.
Key features of OmniWallet include:
Meta-Transactions: Users sign a message to authorize actions, and a trusted relayer can submit the transaction on-chain with gas. The OmniWallet’s contract verifies the signature and executes the desired call (this uses a standard like OpenZeppelin’s MinimalForwarder for ERC-2771)..
Persona Management: Each OmniWallet can link to multiple PersonaNFTs (see below). The wallet contract has functions like addPersona(personaId) and removePersona(personaId) to attach or detach a persona NFT. Only one persona may be “active” for interactions at a time (handled by the front-end PersonaSwitcher). Linking personas to the wallet allows the contract to assert which persona is performing an action.
Secure Funds Custody: The OmniWallet can hold crypto assets (like MATIC/POL, ERC-20 tokens, NFTs). It supports a withdraw(amount, to) function that only the owner can call to withdraw funds. This way, users have a built-in wallet that can store their tokens and NFTs used in the social network (for example, holding edition drop tokens or accumulated tips).
Programmable Execution: OmniWallet provides an execute(target, value, data) function that the owner (or authorized session key, see below) can call to perform arbitrary contract calls or transfers. This is a powerful feature: it means the user’s smart wallet can directly interact with other contracts (like voting in a DAO, tipping a creator, minting an NFT) under pre-defined rules. It emits an event for off-chain tracking of actions.
OmniWalletFactory: This factory contract is used to create new OmniWallets in a gas-efficient way. It uses the EIP-1167 minimal proxy pattern for deployment, meaning all user wallets are lightweight proxies pointing to a master implementation. This saves gas and makes it easier to upgrade wallet logic if needed (via a new implementation contract). When a new user signs up, OmniWalletFactory.createWallet() is called to deploy a wallet for them. The factory keeps a registry of all wallets and emits a WalletCreated(address wallet, address owner, uint256 timestamp) event for indexing.
PersonaNFT: Personas are represented as ERC-721 non-fungible tokens that embody a user’s identity or role within OmniSocial. A single user (wallet) can own multiple PersonaNFTs, each representing a different persona (for example, Alice might have Persona #1 = @alice (personal) and Persona #2 = @alice_art (her artist persona)). Key points:
Minting: Personas are minted through a function like createPersona(address recipient, string username, string label, string tokenURI). Only authorized callers (the user’s OmniWallet or an admin) can mint a persona NFT, ensuring people can’t impersonate others by just minting a well-known username. When minted, the persona NFT is assigned a unique handle/username (like @alice), a label (a description or role, e.g. “Content Creator” or “DAO Moderator”), and a tokenURI pointing to its metadata JSON.
Metadata: The PersonaNFT’s metadata (stored on IPFS/Arweave) contains fields like name (username), description, image (avatar), and attributes such as roles, reputation level, visibility, badges, etc.. This metadata can be read by front-ends to display profiles. Because it’s on decentralized storage, it’s tamper-proof and user-controlled to a large extent. For example, a persona’s avatar image is stored via IPFS and referenced in the tokenURI, so it can be updated by updating the IPFS hash if needed.
Linking to Wallet: Once a persona NFT is minted to a user’s address, the user can link it to their OmniWallet with OmniWallet.addPersona(personaId). This effectively tells the system that “this wallet is now operating as this persona.” Only personas owned by the wallet’s owner can be linked. The user can switch the active persona by choosing which personaId to act as in the UI; the underlying smart contracts and subgraph will record which persona was involved in actions.
Transferability: Personas are technically ERC-721 tokens and thus transferable. However, OmniSocial treats identity with care. While nothing prevents a persona NFT from being transferred to another user, such an event would be akin to transferring an account – it’s expected to be rare and might be restricted for certain verified personas. Additionally, some personas could be non-transferable (soulbound) in the future if they represent verified identities. For now, personas are transferable NFTs to allow flexibility (e.g. a user migrating identities between wallets), but the front-end will likely warn or restrict casual trading of personas.
.omni Domain Aliases: To improve human readability, every OmniWallet can have a .omni username associated with it, much like an ENS (Ethereum Name Service) domain. For example, if Alice’s primary persona is @alice, her wallet might be reachable at alice.omni. The system automatically issues a primary alias when a wallet is created. These aliases are stored on-chain in an AliasRegistry contract mapping alias -> wallet address. Resolving an alias can be done via GraphQL or contract calls (e.g., asking “what address is alice.omni mapped to?”).
Users can also create subdomains under their alias. For example, if Alice has alice.omni, she could create dao.alice.omni for a specific DAO persona or project. This functions similarly to domain name subdomains and helps namespace content or roles.
The alias system ties into Decentralized Identifiers (DIDs). Each alias can correspond to a DID document (did:omni:alice) that includes the wallet’s public keys and services. This DID can be used for identity verification across platforms.
By using .omni aliases, OmniSocial provides a user-friendly identity layer, so users don’t have to share long wallet addresses. It’s all on-chain, meaning any dApp or service could integrate .omni resolution to fetch profile info.
Guardian & Recovery (Social Recovery): To mitigate the risk of losing access to one’s wallet (since losing keys would otherwise mean losing identity and assets), OmniSocial plans a social recovery mechanism:
Guardian Signers: Users will be able to designate “guardian” addresses (which could belong to trusted friends or even their own other devices). Using a threshold scheme (e.g., 2-of-3 guardians), these guardians can collectively authorize a wallet recovery or key change if the owner loses access. This might use BLS threshold signatures or smart contract logic requiring multiple signatures.
Hardware 2FA: OmniSocial wallets support WebAuthn-based two-factor authentication. This means a user can register a hardware security key or biometric device as a second factor. Certain sensitive actions (e.g. executing a high-value transaction, or initiating recovery) will require a WebAuthn signature in addition to the normal wallet signature. For example, if Alice tries to transfer a large sum or change her guardians, her YubiKey might prompt for confirmation. This two-factor flow is integrated via the front-end and a module in the wallet contract that can verify a signature from a known 2FA public key.
Recovery Soulbound Token (SBT): An alternative or complementary approach uses Recovery SBTs. A soulbound token is a non-transferable NFT that could be issued to a user’s guardian or to a separate backup wallet the user controls. If the user loses their main wallet, the presence of this SBT (held by a guardian or secondary account) can trigger a recovery process on-chain. The recovery process would likely require a DAO or multi-sig approval (to prevent malicious takeovers) and could transfer the control of the personas and assets to a new wallet controlled by the user. Essentially, the SBT acts as an on-chain “recovery voucher” that can’t be stolen or traded.
Session Keys (Ephemeral Delegation): To improve usability, OmniSocial is exploring the concept of session keys – short-lived keys with limited permissions. Instead of prompting the user’s wallet for every single action (which can be a bad UX on social media where interactions are frequent), a user could delegate certain actions to an ephemeral key that lives in their browser or device memory. For example, Alice could delegate a key that is allowed to post content and like posts for the next 24 hours, but nothing else. That key can then sign post submissions quickly without needing a hardware wallet every time. The OmniWallet would have a mechanism to register and honor these delegated keys and scopes.
Delegated Scopes: Each session key is associated with a scope, which defines what it can do. Examples of scopes include post:global (post to global feed), post:dao:42 (post within DAO #42’s community), tip:* (send tips up to a certain amount), or dao:vote:* (vote in any DAO the user is a member of). Each scope can have a TTL (time-to-live, e.g. 24h) and can be revoked by the user at any time. The table below illustrates examples:
Scope | Allowed Action | TTL (Duration) | Revocable? |
|---|---|---|---|
| Post to global feed | 24 hours | Yes |
| Post in DAO #42’s forum | 12 hours | Yes |
| Send tips up to 5 POL (or OMNI) | 1 hour | Auto-revoked after use |
| Vote in any DAO (member-only) | 2 hours | Yes |
These delegated capabilities are implemented by having the session key sign a meta-transaction which the OmniWallet contract recognizes under the specified scope. If the meta-transaction tries to do something outside its scope, the OmniWallet rejects it. This approach significantly enhances UX for frequent actions while still maintaining security.
In summary, the Identity Layer gives users full control and flexibility over how they present themselves and secure their account. It combines the power of smart contract wallets (programmable accounts) with the expressiveness of NFTs for personas, all underpinned by robust security options for key management. Users can be confident that they truly own their identity on OmniSocial and can recover it even in worst-case scenarios.
OmniSocial introduces an on-chain Reputation Ontology – a framework for tracking and using reputation scores in various domains. Unlike the simplistic “followers” or “likes” metrics of Web2, OmniSocial’s reputation system is multi-faceted, programmable, and decays over time to remain reflective of current activity.
Domain-Specific Reputation: Reputation is not a single number. Instead, OmniSocial defines multiple domains of reputation, each measuring a different kind of contribution:
Creation: measures contributions in content creation and curation (posts made, content shared, etc.).
Moderation: measures efforts in moderating content or helping maintain community standards (flagging spam, resolving disputes).
Governance: measures participation in governance (voting on proposals, initiating proposals, participating in DAO discussions).
Community (or Participation): measures general community participation such as onboarding new users, helping others, or being active in discussions.
(Additional domains can be added via governance) – e.g., “development” if tracking code contributions, etc.
By separating reputation into domains, OmniSocial ensures users get credit in the areas they contribute. For example, someone who doesn’t post much content but is very active in governance will have a high Governance rep but maybe a lower Creation rep. This avoids the trap of one-dimensional “scores” and encourages diverse contributions.
RepModule (Smart Contract): The reputation logic is implemented in the RepModule smart contract. It keeps mappings of reputation scores for each wallet (or persona) and domain. For example, reputation[alice][“governance”] = 50 might indicate Alice has 50 points in governance rep. Key aspects:
Granting & Revoking: Only authorized contracts or addresses (like a DAO contract or the OmniSocial core contract) can call functions to grant reputation or revoke reputation. For instance, when Alice casts a vote in a DAO, the DAO’s contract (or a reputation oracle) might call grantReputation(alice, "governance", 5) to give her 5 governance points. If Alice breaks rules or is penalized, revokeReputation(alice, "moderation", 10) might remove 10 points. These changes emit events that are indexed for transparency.
Decay Mechanism: The contract implements a decay function so that reputation values naturally decline over time if not maintained. Each domain has a configurable decay rate and interval (e.g., 1% per day, evaluated every 6500 blocks ~ roughly daily). When querying a user’s current reputation (getReputation(user, domain)), the contract calculates how much their stored rep should have decayed since last update and returns an adjusted score. This ensures that only recent active contributions keep one’s rep high, while inactivity will cause scores to slip gradually.
Reputation as Collateral: The design allows certain actions to be tied to reputation thresholds or even require “staking” reputation. For example, posting content might require a minimum reputation or else a small token fee, to prevent brand-new accounts from spamming (more in Tokenomics). The anti-Sybil concept is that attackers would need to build up or acquire reputation in many domains to have influence, which is costly especially with decay and oversight.
Reputation Weights and Use Cases: Reputation is composable – it can be used in various parts of the system:
Governance Voting Power: DAOs can choose to use reputation instead of tokens for voting power. For instance, rather than 1 token = 1 vote, OmniSocial DAOs can say 1 governance rep point = 1 vote weight, or use a combination. This encourages meritocratic governance where active contributors have more say than passive token holders.
Access Control: Communities can gate access to certain content or privileges based on reputation. For example, a private group might only allow users with community rep > 100 to join, or a content creator might restrict commenting to users with some reputation to reduce trolling. Smart contracts and the front-end will check rep scores to enforce these rules.
Profile Badges: The front-end displays badges or tiers on user profiles based on their rep in each domain. For example, if Alice’s creation rep is in the top 10% of all users, she might have a “Gold Creator” badge. If her governance rep is modest, maybe a “Bronze Citizen” badge for that domain. These badges give quick social signals of a user’s involvement and status. They are derived from rep values via thresholds (configured by governance).
Fee Discounts or Rewards: Users with high reputation might receive discounts or rebates on certain fees. Conversely, low-rep users might have to put up a small bond to use certain features (to deter spam) – see Tokenomics section for details. This creates a feedback loop where behaving well in the system (earning rep) reduces your costs and increases your influence, further incentivizing positive contributions.
Privacy Considerations: While reputation is on-chain, OmniSocial is exploring ways to keep exact scores private if desired. One approach is using zero-knowledge proofs to allow a user to prove their reputation is above a threshold without revealing the exact number. For example, a ZK proof could show “I have at least 500 rep in governance” to let someone into a meeting, without revealing if they have 500 or 5000. This is an advanced feature and may be implemented later as ZK technology in smart contracts matures (especially on zkEVM). In the interim, showing only tiers (Bronze/Silver/Gold) already provides some privacy by abstraction, and the raw scores can be hidden on the UI unless the user chooses to reveal them.
Examples:
When Alice posts a well-received article and other users upvote or tip it, the system (through either an automated oracle or community moderators) grants Alice, say, +10 in “creation” reputation. Over the next months, if Alice doesn’t post much, that score will slowly decay, maybe down to 7.
Bob spams a link in many communities as a new user. Moderators revoke some of Bob’s “community” rep or mark him with negative points. Bob finds he can’t spam anymore because he is below the required rep threshold to post frequently, and future posts may require him to pay a fee or wait. This discourages Bob’s behavior unless he changes and contributes positively.
Carol is very active in a DAO’s governance, earning her significant “governance” rep. When a new proposal is up for vote, Carol’s vote has more weight due to her reputation. Meanwhile, another member who holds a lot of tokens but never participates has less influence because their reputation is low. This balances power away from pure capital and towards participation.
The Reputation Layer thus provides social trust metrics that are earned, non-transferable, and meaningful within context. It’s a flexible primitive that communities can tweak (e.g., adjusting decay rates or weights via governance) to best represent and reward valued behavior. By making reputation on-chain, OmniSocial brings transparency to “influence” – you can inspect why someone has a high reputation (via their on-chain actions) – and also allows other dApps or platforms to build on this data (for example, a job marketplace could prefer candidates with high “contributor” rep on OmniSocial, etc.).
Social networks are nothing without content – posts, comments, media, profiles. OmniSocial treats content with the same decentralization ethos: content is stored off-chain in decentralized storage networks, with on-chain references for integrity. This ensures that users truly own their content, and it can’t be silently altered or deleted by a central authority. At the same time, using off-chain storage avoids bloating the blockchain and keeps costs low.
Decentralized Storage Solutions: OmniSocial uses a combination of IPFS and Arweave to handle content:
IPFS (InterPlanetary File System): IPFS is used for content that might be updated or doesn’t need permanent immutability – for example, user profile pictures, or posts that can be edited shortly after publishing. IPFS provides content-addressed storage (by hash) and OmniSocial uses pinning services (like web3.storage, Pinata, or Lighthouse) to ensure the files remain available. When a user creates a post, the text and any media might be packaged into a JSON and pinned to IPFS; the resulting content hash (CID) is stored or linked on-chain. IPFS is good for quick retrieval and globally distributed access, especially when combined with caching.
Arweave: For content that requires permanence, OmniSocial leverages Arweave’s permaweb. This includes things like important governance documents, proposals, or any content that users demand to be undeletable and permanent. Arweave allows a “pay once, store forever” model. For example, a formal DAO proposal text could be stored on Arweave and the transaction ID recorded on-chain, guaranteeing that decades later the original proposal text is still retrievable and verifiable. Arweave complements IPFS by ensuring critical data is archived for the long term, whereas IPFS handles more dynamic or user-generated content efficiently.
Hybrid Approach: OmniSocial may initially use IPFS for most content with backups to Arweave for specific cases, balancing cost and permanence.
Content Addressing On-Chain: Instead of storing large text or images on-chain (which would be prohibitively expensive), OmniSocial stores content references (hashes) on-chain. For example, when a new post is created, a smart contract might emit an event PostCreated(postId, author, ipfsHash) or similar, or store the IPFS hash in a mapping. This way, anyone can retrieve the content from IPFS and verify it matches the hash recorded on-chain (ensuring it wasn’t tampered). This approach provides tamper-evidence: if someone tries to serve a different content under that hash, the hash won’t match the on-chain reference. It also allows updating content by posting a new event or pointer (for instance, an edit could create a new IPFS hash and mark the old one as superseded, while still keeping a history).
Media and CDN Integration: Serving images, videos, and other media at scale can be slow if only using IPFS gateways. To enhance user experience, OmniSocial employs CDN caching for public content. Services like Cloudflare’s IPFS gateway or other content delivery networks will cache popular content at edge locations. For example, if Alice’s profile picture is requested often, the CDN will keep a copy so subsequent loads are very fast. The system includes cache invalidation strategies: if a user updates their profile picture (changing the IPFS hash), the front-end knows to request the new hash and the CDN will naturally shift to the new content (or explicitly purge the old one if needed).
Content Types and Size Optimizations: OmniSocial encourages efficient content formats:
Images may be converted to modern formats like AVIF/HEIC for smaller size without quality loss.
Thumbnails and previews are generated for larger media to lazy-load content and only load full data when necessary.
Text content is mostly plain or markdown, which is tiny to store. Rich media (videos) might not be directly stored through OmniSocial initially (possibly just linked from other decentralized video platforms or stored via separate protocols), to keep things manageable.
Anchoring and Integrity: Every piece of important content is anchored to the blockchain via hashes. This not only includes user posts, but also things like:
Persona metadata (the IPFS hash of the persona’s JSON profile is stored in the PersonaNFT tokenURI).
Proposal and vote content (a proposal might have an Arweave TX id for the proposal text, recorded on-chain in the DAO contract).
Edition Drop metadata (each edition NFT’s metadata hash is stored to ensure the content of the drop is fixed).
By anchoring hashes on-chain, OmniSocial achieves strong auditability. At any time, the community can verify that the content they are seeing is exactly what was agreed upon or signed by the author.
Moderation and Content Removal: An important aspect is how undesirable content (spam, illegal content, etc.) is handled since it’s stored on decentralized networks. OmniSocial’s philosophy is to allow communities to decide moderation policies (see Governance), but from a technical standpoint:
Content that violates rules may still exist on IPFS/Arweave (since those are censorship-resistant by design), but the index or references to it on OmniSocial can be flagged or filtered. For instance, a post could be marked as removed (with a reason) via an on-chain flag or a subgraph update, so regular front-ends will not display it by default. Think of it as a tombstone that says “this content was removed for X reason” without actually needing to erase the data from the network (which might be impossible on Arweave).
Storage nodes or pinning services can choose not to continue serving certain content if it’s universally deemed harmful (similar to how certain IPFS nodes may refuse to host known illegal content). This is an area where decentralized moderation and external data sources may come in, and OmniSocial plans to integrate community moderation signals that can propagate to these services in a decentralized way.
In essence, the Content & Storage layer balances decentralization with performance. Users own their content (they have the IPFS hash and can always retrieve it even outside OmniSocial’s UI), and the network ensures availability through redundancy and pinning. By not placing content directly on-chain, OmniSocial remains scalable and affordable, while by not relying on centralized servers, it remains resilient and censorship-resistant.
OmniSocial is built to interoperate with other social networks and protocols from day one, avoiding the isolation that plagues many new social apps. The Bridge & Federation layer consists of adapters and protocols that connect OmniSocial with the broader ecosystem of decentralized social platforms and even legacy web feeds. The goal is a two-way flow: OmniSocial users can publish to and fetch from external networks, all while maintaining their on-chain identity and reputation.
Key integration targets and their status/plan:
ActivityPub (Fediverse e.g. Mastodon): ActivityPub is a widely used protocol for federated social networks. OmniSocial’s bridge to ActivityPub is in progress. A proof-of-concept has been done for pushing content (e.g., an OmniSocial post can appear on Mastodon as if it came from a user’s account there). The next steps include mapping the follower graphs (so if Alice’s OmniSocial persona has followers on Mastodon, we import/export those) and handling replies/threads across the boundary. The KPI target is to keep the added latency low (e.g., <400ms overhead for cross-posts). Maintainer: @fediverse-core team.
AT Protocol (Bluesky): The AT Protocol (used by Bluesky) is another decentralized social network spec focusing on portability of identity and moderation. For OmniSocial, a draft schema mapping is being worked on to translate between OmniSocial’s data structures and AT Protocol’s lexicon (feed format). The main technical hurdle is implementing signed posts in a way Bluesky servers will accept and syncing content labels (Bluesky has a labeling system for moderation). Once achieved, an OmniSocial user could, for example, mirror a post to Bluesky seamlessly. Target latency <450ms for operations. Maintainer: @social-specs group.
Nostr: Nostr is a very minimal, censorship-resistant protocol for distributing messages (used by some Bitcoin enthusiasts and others). OmniSocial has an early prototype bridge for Nostr. It can already cross-post simple notes. The focus now is on selecting which Nostr relays to use and running latency tests for reliability. Nostr doesn’t support edits or deletes natively (once a note is out, it’s out), so OmniSocial’s bridging has to consider that (e.g., maybe only post finalized content or handle deletions by special notes). Target latency ~350ms for broadcast to Nostr relays. Maintainer: @nostr-squad volunteers.
Matrix: Matrix is an open protocol mainly for real-time chat (but can be used for social messaging). Integration here is at an exploratory phase (“Not started” as of now). Potential use-case is enabling OmniSocial DMs or private group chats via Matrix, which supports end-to-end encryption. The challenges include mapping OmniSocial identities to Matrix IDs and preserving encryption. A possible milestone is an encrypted DM relay using Matrix where OmniSocial DIDs are used for authentication. If implemented, a user could use their OmniSocial persona to join a Matrix room or send a DM, proving their identity via a DID. Maintainer: open (seeking contributors). KPI: maybe DM roundtrip P95 <800ms.
Farcaster: Farcaster is another decentralized social protocol with an Ethereum-rooted identity (user IDs are on Ethereum). A feasibility research is ongoing to see how OmniSocial could interface. One idea is to use Warpcast (Farcaster’s API) to pull Farcaster content into OmniSocial or vice versa. Possibly, an OmniSocial persona could be linked to a Farcaster ID and cast posts across. KPI target <500ms for publishing a cast via OmniSocial. Maintainer: @eth-bridge-lab exploring this.
RSS/Atom Feeds: These are traditional web feeds. A concept being considered is to auto-generate RSS feeds for OmniSocial personas or communities. That way, even users on the open web could subscribe to OmniSocial content without any special app. Also, ingesting external RSS feeds into OmniSocial could allow, say, a popular blog or news site to automatically post into OmniSocial communities. WebSub (a webhook for feeds) might be used for real-time push updates. Maintainer: @content-hub. KPI: feed update latency <5s.
Webfinger: Webfinger is used to discover identities (like username@domain) on the fediverse. OmniSocial’s domain names (alice.omni) could be tied into Webfinger so that other sites can resolve alice@omni as an identity pointing to OmniSocial’s DID or services. A proof-of-concept for an OmniSocial Webfinger resolver exists, next is to integrate DID lookups so that when Mastodon or others ask for alice@omnisocial.dev, they get a valid profile. Maintainer: @interop-team. KPI: lookup <300ms.
Other Bridges (Bluesky, Misskey, etc.):
Bluesky is covered under AT Protocol since Bluesky uses ATProto.
Misskey is another fediverse platform; waiting for some upgrades to align better, likely will follow the ActivityPub bridge path.
OStatus (old Twitter-style federation) is considered legacy and likely won’t be actively integrated (maybe read-only or deprecated).
New protocols will be assessed as they emerge.
This bridging is ambitious and not without open questions:
Edits & Deletes: How do we propagate an edit made on OmniSocial to networks that don’t support editing (like Nostr)? One idea is not to propagate edits at all, or to treat them as new posts with references. Similarly, if OmniSocial allows deleting a post, external networks might not honor that, creating inconsistency.
Identity collisions: If someone on Mastodon is also @alice, and on OmniSocial we have @alice, these might not be the same person. Name collisions across networks will be resolved by using DIDs or profile links to ensure if you bridge, you prove control of both identities.
Moderation conflicts: Each network has its own moderation rules. How do we sync things like content warnings, reports, or bans across the bridge? Possibly certain extreme cases (spam or illegal content) we propagate reports so the content doesn’t just bounce between networks endlessly.
Rate limiting: OmniSocial might post quickly, but if an external server (say a Mastodon instance) rate-limits how often we can post or fetch, the bridge needs to handle backoff and queueing.
Security of Adapters: Each bridge adapter might need its own security audit, especially if they run as somewhat centralized services initially. Eventually, formal verification or on-chain verification of cross-post proofs might be desirable.
Milestones envisioned for the Bridge layer include:
M-01 Cross-Post MVP: Basic one-way posting from OmniSocial to ActivityPub and Nostr (achieved in prototypes).
M-02 Follow Graph Import: Bringing in follower/following relationships from external networks, e.g., if 100 Mastodon users follow Alice, letting Alice’s OmniSocial persona be aware of that.
M-03 Encrypted DM Relay: Using Matrix or another method to enable DMs via OmniSocial with encryption, possibly with a prototype DID-based Matrix integration.
M-04 Moderation Signal Sync: A system to exchange moderation signals (reports, spam flags) between OmniSocial and other networks to help each other maintain healthy communities.
M-05 Performance Benchmarks: Public dashboards measuring how fast and reliable each bridge is (e.g., average time to propagate a post to Mastodon, success rate, etc.).
M-06 Full Duplex Integration: Achieve full two-way sync with at least one platform (likely ActivityPub first), meaning edits, deletes, reactions all flow both directions cleanly.
Through these bridges, OmniSocial doesn’t seek to replace other networks but to connect and augment them. An OmniSocial user could be at the center of their social presence, with their on-chain identity, and have that presence extend outwards to many communities and platforms. Similarly, users of other networks can interact with OmniSocial communities without necessarily leaving their home platforms. This fosters a more unified decentralized social Web, where data and identity silos are broken down.
Security is woven into every part of OmniSocial, from the cryptography in the blockchain to the processes around upgrades and monitoring. The Security layer ensures that OmniSocial is resilient against attacks, future-proof, and transparent in its operations. Observability refers to the monitoring and analysis tools that keep the system reliable and help maintain trust.
Cryptographic Security:
Polygon zkEVM – zk Rollup Security: OmniSocial is deployed on Polygon’s zkEVM chain, which inherits security from Ethereum while using zero-knowledge proofs to validate state transitions. Each block on zkEVM has a succinct zkSNARK proof attesting that all the transactions in that block were executed correctly according to Ethereum rules. This means OmniSocial benefits from strong guarantees that state cannot be tampered with or forged – any invalid transaction would break the proof and be rejected. For users, this means the blockchain layer is as secure as Ethereum but with lower fees, and the finality of transactions can be trusted.
Post-Quantum Readiness: Current cryptography (like ECDSA signatures, used in Ethereum wallets) could be broken by future quantum computers. OmniSocial takes this threat seriously from the start. The system primarily uses BLS12-381 curve cryptography for zkSNARKs (as part of zkEVM), which is not quantum-safe, but it is designed to be upgradable to PQC algorithms when standardized. The OmniWallet is built to support pluggable signature schemes. In the future, users might opt to use post-quantum signatures (like Dilithium or Falcon) for their account abstraction, which could be integrated via a new OmniWallet implementation or an adapter contract. Additionally, random values (like any used in games or sortition in governance) could use a lattice-based VRF for quantum safety. In short, OmniSocial is keeping an eye on PQC developments and will ensure a smooth transition so that user identities and assets remain secure even in the quantum era.
Verifiability and Auditability: All actions in OmniSocial produce verifiable records. Transactions are signed by users (or their session keys) and can be independently verified off-chain by anyone. Furthermore, the zero-knowledge proofs in zkEVM allow even light clients to be sure of the chain’s correctness without replaying every transaction. OmniSocial will likely provide tools or a block explorer specialized for its contracts so users can audit things like “show me all reputation changes for @alice” or “verify that my post’s content hash matches what’s on IPFS”. This transparency builds trust: nothing is hidden or only on a centralized server.
Operational Security:
Continuous Monitoring (Observability): The OmniSocial backend stack includes monitoring of various components:
Prometheus collects metrics from the subgraph indexer, the relayer service, and possibly the smart contract events throughput. For example, it watches the number of new posts per minute, number of failed relayed transactions, block lag of the subgraph, etc.
Grafana Dashboards visualize these metrics in real-time. The team and community can see at a glance the health of the system: e.g., “DAO votes in the last hour”, “Average tip amount per day”, “Reputation grants per domain per day”, “Subgraph sync status”, etc.. This helps quickly identify anomalies (like a sudden spike in failed transactions might indicate an attack or bug).
Alertmanager is configured to send alerts if certain conditions are met. For instance, if the subgraph falls more than 30 blocks behind the chain head, an alert triggers (meaning indexing might be stuck). If the relayer service’s error rate goes above a threshold, or if no new proposals have been indexed in a long time (possibly indicating an event processing failure), alerts will notify maintainers to investigate. This proactive monitoring ensures issues are caught early, ideally before users even notice a problem.
Health Checks: There are dedicated health check endpoints like /subgraphs/name/omnisocial/health that can be polled. If any component goes down or becomes unhealthy, it’s detected swiftly. The OmniSocial front-end might also use these health endpoints to show a warning to users (like “data is currently syncing, some info may be delayed”).
Anomaly Detection: Beyond basic monitoring, OmniSocial envisions using more advanced techniques (potentially off-chain machine learning) to detect abnormal patterns. For example, if a set of wallets start posting at an inhuman rate or all with very similar content (indicative of bots or Sybil attack), an anomaly detector could flag this for admins or trigger automated mitigations (like temporarily requiring captcha or higher fees for those wallets). Another example: monitoring gas usage patterns of wallets – if a normally low-activity wallet suddenly starts executing complex high-gas transactions at odd hours, this might indicate a key compromise, and the system could alert the user or guardians.
Smart Contract Audits and Formal Verification: All core smart contracts (OmniWallet, PersonaNFT, RepModule, DAO, etc.) undergo rigorous testing and audits:
The team uses unit tests and integration tests extensively (with Hardhat/Foundry) to ensure expected behavior for all functions (these are run in CI on every code push).
Static analysis tools like Solhint, Slither, and MythX are run to catch common vulnerabilities (reentrancy, overflows, unchecked external calls, etc.) automatically.
Formal Verification: For critical logic, formal methods are applied. For instance, properties like “reputation can only be changed by authorized addresses” or “a persona’s username is unique” can be specified and verified using tools like Certora or Scribble. This adds mathematical assurance on top of testing.
External Audits: Before deploying to mainnet or major upgrades, OmniSocial contracts are audited by third-party experts (firms such as OpenZeppelin, Trail of Bits, or CertiK). These audits check for things the team might miss, including edge-case exploits, economic attacks, and more. Particular focus is given to the upgradeability (UUPS proxies) to ensure no storage layout issues or upgradability gaps, and to the reputation system to prevent exploits like quickly accumulating rep by self-interaction or looping.
The results of audits are published to the community for transparency, and any critical issues found are fixed prior to deployment.
Upgrade and Governance Security: OmniSocial’s contracts are mostly upgradeable via UUPS proxy pattern. However, to prevent centralized control or rogue upgrades, all upgrades are governed by the community DAO. The process is:
Developers propose a new implementation (with the code published and ideally audited).
A DAO proposal is created to approve the upgrade, specifying the contract to upgrade and the new implementation address.
Voting occurs (with reputation-weighted voting, likely).
If passed, a timelock (e.g., 48 hours) kicks in before execution. During this time, if the community discovers an issue or changes their mind, they might cancel or modify via governance. This delay ensures transparency and a window for community audit.
After the timelock, the upgrade executes on-chain via the DAO’s executor contract calling upgradeTo() on the proxy. If anything goes wrong, a rollback plan is in place (e.g., re-point to previous implementation, which is still compatible, because state is kept).
Throughout, multi-sig or admin powers are minimal – mostly just emergency pause powers if something critical is happening (like a severe bug being exploited). A multi-sig controlled by core contributors or elected DAO guardians can temporarily pause certain contract functions (like stop new posts or transfers) in an emergency. This is a circuit breaker to contain damage, but even this power is subject to oversight and meant to be a last resort.
Emergency Response and Bounty: OmniSocial will maintain a robust bug bounty program, encouraging security researchers to report vulnerabilities. Rewards can be significant (tiered up to hundreds of thousands of dollars worth in tokens for critical issues). The project intends to foster a culture of proactive security, including forming a Security Working Group that continuously reviews code and monitors emerging threats.
In summary, the Security & Observability layer ensures that OmniSocial remains trustworthy and robust. By leveraging cutting-edge cryptography (and staying ready for future advances), strict security practices in development, and community-driven oversight of critical changes, OmniSocial mitigates many risks inherent in decentralized platforms. Furthermore, by being transparent (publishing proofs, events, monitoring stats), it invites the community to be part of security – everyone can observe the health of the network and contribute to its safety. Censorship-resistance, user control, and reliability are balanced with pragmatic mechanisms to handle emergencies, making OmniSocial a secure foundation for social networking.
(Note: This section highlights tools and processes that make it easier for developers – both core and external – to work with OmniSocial. It overlaps with some content in the documentation site and is summarized here for completeness.)
OmniSocial takes an open-source, community-driven approach to development. A priority is making sure developers can easily set up, test, and contribute to the project, as well as build their own applications on top of OmniSocial. Key elements of the developer experience:
Local Development Tooling: Setting up OmniSocial locally is made straightforward with tools like Hardhat (for spinning up a local Ethereum node and deploying contracts). Developers can clone the repository, run npx hardhat node to simulate a blockchain, and deploy the entire OmniSocial contract suite to their local node using provided scripts. There’s also a local subgraph setup using Docker to run The Graph’s indexer locally, so developers can see the subgraph updating in real time as they interact with the contracts.
CLI and Scripts: A command-line interface or scripts (like scripts/deploy.ts) are available to quickly deploy contracts to testnets or perform common tasks. Future improvements may include an omni CLI tool to automate environment setup (could set up a local node + subgraph + front-end in one go).
Testing Framework: The project includes a comprehensive test suite (using Mocha/Chai with Hardhat). Developers writing new features are expected to write tests, and continuous integration will run these. Gas usage is tracked via a gas reporter to ensure changes don’t blow up transaction costs.
Continuous Integration (CI/CD): GitHub Actions automate the build and test process on each commit:
Install dependencies, compile contracts and front-end.
Lint and static analysis to enforce code style and catch obvious issues.
Run all tests, output coverage reports.
Deploy contracts to a temporary testnet (or Hardhat in-memory chain) and deploy the subgraph to a test Graph node.
Check subgraph health endpoints.
If all passes, changes can be merged. This gives contributors confidence that their PR doesn’t break anything critical.
Documentation and Examples: The developer documentation (separate from this whitepaper) provides step-by-step guides, as outlined later in this document’s second part. There are examples for how to integrate OmniSocial:
e.g., a sample code snippet showing how to use useContractWrite hook to call OmniWallet.execute() from a React component, or how to query the GraphQL API for a list of proposals.
A Storybook could be provided for UI components (the design system’s components can be viewed and tested in isolation, e.g., PersonaBadge component).
Versioning and Release Workflow: The project uses semantic versioning for contracts and subgraph. For example, if a contract changes in a backward-incompatible way, the subgraph gets a new version (like PersonaV2 entity) to not break existing queries. Release notes accompany each upgrade so developers know how to adapt. Deployments to testnet happen regularly (after major features) to gather feedback before mainnet.
VS Code Extension (Planned): A vision for improving DX is a VS Code extension that assists in OmniSocial development. This could include:
Inline autocompletion of contract ABIs (when writing code that interacts with OmniSocial contracts, it suggests function names/params).
Gas cost estimation hints as you write solidity or calls (to be mindful of cost).
Linting rules specific to OmniSocial patterns (like warning if you forget to emit an event on a state change in a module).
Snippets for common use cases (e.g., a snippet to quickly scaffold a new subgraph handler function).
By focusing on a strong developer experience, OmniSocial not only accelerates its own development but also lowers the barrier to entry for external developers to contribute and extend the ecosystem. This might include community contributions like new persona types, new modules (for example, someone might build a “BadgeModule” contract to issue achievement badges, and the architecture would allow plugging that in). The OmniSocial repo also invites collaboration in shaping the standard – remembering the principle of Community Co-Design, the project holds weekly open calls and has an RFC process on the GitHub for major changes. Everyone is encouraged to participate, from cryptographers reviewing our PQC approach to UX designers sharing feedback on wallet onboarding flows.
In summary, developers are first-class citizens in OmniSocial’s world, because a thriving social network protocol depends on a thriving community of builders and contributors. The tooling and processes aim to make contributing as smooth as possible, and the open architecture invites creativity on top of the core protocol.
Building a decentralized social network is a complex, multi-disciplinary endeavor. OmniSocial’s team recognizes that it cannot be a “big bang” launch where everything is perfect on day one. Instead, the project follows a phased deployment strategy with progressive hardening, testing in the wild, and community feedback loops at each stage. Below is the high-level roadmap of how OmniSocial moves from prototype to a fully decentralized mainnet product, along with strategies for managing fees and off-chain services during the rollout.
The development and deployment are organized into phases, each with specific goals and success criteria.
Phase 0: DevNet-Alpha
Target: Internal Developer Network (DevNet) – a local or private test environment.
Window: TBD (e.g., Q4 2024) – This phase has been ongoing as of this writing.
Success Criteria:
80% smart contract feature completion, with core modules deployed and working in dev environment.
Unit test coverage above 70-80%.
Basic end-to-end functionality: e.g., a user can create a wallet, mint a persona, send a tip, create a DAO proposal, and all these actions flow through the system (contracts -> subgraph -> front-end) successfully.
Rollback Trigger: If core functionality can’t be achieved or tests reveal fundamental design issues (e.g., account abstraction not working as intended, or rep system causing chain bloat), then reconsider architecture before moving on.
Phase 1: Polygon zkEVM Testnet
Target: Public Testnet deployment on Polygon zkEVM Testnet.
Window: TBD (e.g., Q1 2025).
Objectives:
Get real user testing and feedback. Aim for ~5,000 wallets created and ~1,000 daily active personas using the testnet app to gather data on usage.
Measure performance: target average post confirmation time under 2 seconds and cost per post < $0.01 in gas (on testnet, gas is free, but we simulate costs).
Integrate with testnet bridging (maybe bridging to a test Mastodon server or Nostr test relay).
The testnet phase allows experimenting with parameters like reputation decay rates and fee mechanisms in a low-stakes environment.
Success Criteria:
Achieve usage metrics (user onboarding and activity) showing interest.
No High/Critical severity bugs remain (any found are fixed). At least one external audit is completed on the contracts.
The community DAO is set up in testnet to start practicing governance (even if just symbolic voting on parameters).
User feedback is positive on core concepts (like persona switching and tipping).
Rollback Trigger: A major security issue (like a contract exploit on testnet) or usability issue (users completely confused by multi-persona concept) that cannot be quickly fixed might trigger extending testnet phase or significant changes before beta.
Phase 2: Beta Cohort (Testnet or Sidechain Beta)
Target: A controlled Beta on either an isolated network or zkEVM testnet with a focus group.
Window: TBD (e.g., mid-2025).
Objectives:
Expand to ~50,000 wallets, possibly via invite or gradual queue, to stress test scalability.
Test social recovery flows: aim that 95th percentile of recovery (for those who try it) completes in <4 minutes with guardian help.
Refine spam prevention: ensure spam accounts remain <2% of total content (through reputation thresholds, fee mechanisms).
Perhaps introduce a test token to simulate OMNI in economy without real value, to test tokenomics in practice (people staking it, spending it for posts, etc.).
Run community events (like a hackathon) to build third-party clients or bots using OmniSocial beta.
Success Criteria:
The system handles the increased load (subgraph remains in sync, UI remains responsive).
Social features prove out: content creation is active, and moderation is handled by communities with the tools available.
Economic loops tested: for example, if requiring a small deposit to create a DAO, see if it deters spam DAOs appropriately without stopping legit users.
All intended features are now implemented and working: identity, reputation, governance, tipping, bridging, etc., maybe except advanced ZK privacy which could be optional later.
Rollback Trigger: If any component does not scale (e.g., subgraph cannot handle load or certain on-chain processes are too slow), or if users find a way to abuse the system economically (like some way to artificially inflate reputation), then refine and possibly run another beta iteration.
Phase 3: Open Mainnet Launch
Target: Full launch on Polygon zkEVM Mainnet (and possibly Ethereum mainnet for token depending on strategy, but likely zkEVM mainnet with cross-chain bridges if needed).
Window: TBD (once Beta criteria satisfied, possibly late 2025).
Milestones before launch: Community-led OmniSocial DAO officially takes control of key governance parameters and maybe the treasury; audits completed; token generation event if a token is to be launched.
Success Metrics Post-Launch:
Within first quarter: a thriving community DAO governing the protocol, >$10M total value locked in bridging or ecosystem (e.g. in DAO treasuries, staked reputation tokens, etc.).
Active daily users > 10k, across at least 3 integrated platforms (some on OmniSocial web, some via Mastodon, etc.).
The protocol should sustain itself and grow through network effects, partnerships, and continuous improvements via governance proposals.
Rollback/Intervention:
If a critical Layer 1 exploit or vulnerability is discovered that affects user funds or the core contracts, there may be contingency to pause the protocol via the emergency circuit breaker, patch, and redeploy (subject to DAO approval). This is truly last resort.
This phased approach embodies progressive decentralization: early on, the core team might directly manage upgrades and fixes on testnets. By mainnet, the goal is that the OmniSocial governance (community DAO) is in charge, the code is robust and audited, and the protocol is ready to operate without “training wheels”.
In the early stages especially, user experience is paramount. Meta-transactions and gas sponsorship are used to reduce friction. During the testnet and initial mainnet launch, OmniSocial will operate a relayer network that helps users by covering gas fees for certain actions, funded by the protocol or an allocation of tokens.
Community-Run Relayer Pool: Instead of a single relayer, OmniSocial encourages a pool of relayers (anyone can run one, after registering and perhaps staking some tokens as collateral). These relayers listen for users’ signed meta-transactions (for example, when a user posts, the OmniWallet may emit an event or call an API that relayers watch) and then submit them on-chain covering the gas.
To allocate who gets to relay, slot allocation may be done via a staking auction. Relayers stake OMNI tokens; the more they stake (or some combination of stake and performance), the more transactions they get assigned to relay. This mechanism also allows slashing: if a relayer misbehaves (censors transactions or fails to submit them), a portion of their stake can be slashed. This incentivizes honest and timely relaying.
At first, the core team might run one or two relayers to ensure service, but over time this should be decentralized.
Fee Sponsorship Strategy: In the beginning, OmniSocial might sponsor the first N transactions per user to make onboarding easy. For example, a new user might get their first 20 actions (posts, profile edits, etc.) done for free via the relayer. This introduces people to the app without the immediate need to buy crypto. The number of sponsored transactions or amount of gas can be adjusted, possibly based on reputation (a user with higher reputation might have earned more free actions).
The protocol may have a fee rebate pool funded by a portion of tokens or fees that reimburses relayers or subsidizes user actions.
Over time, OmniSocial will explore EIP-4337 style Paymasters on Polygon for decentralized gas sponsorship, and even reputation-weighted rebates (i.e., users with good standing get a portion of their gas fees “refunded” in tokens, effectively making it cheaper for valuable contributors to use the network).
Pricing Model: OmniSocial’s approach to fees is experimental. The aim is to minimize spam without pricing out genuine users. Some techniques:
A hybrid fee model: small fixed fees or deposits for actions that could be spammed (like creating many personas or posting very frequently) unless the user has sufficient reputation or holds a certain amount of OMNI token. For instance, posting content might be free for most, but if a user’s reputation is below Bronze level, we might require a nominal fee or collateral (this was described as 0.005 OMNI if below Bronze in earlier plans). This way new users or low-rep users have some skin in the game, while established users can post freely (having earned their trust).
Fee Burns and Refunds: A portion of fees might be burned (to reduce token supply and counter inflation) or put into a community treasury. Some fees are refundable if the action is proven non-malicious—like the DAO proposal deposit that is refunded if the proposal isn’t spam.
Token vs Alternative Fees: If someone doesn’t have OMNI tokens, could they pay in MATIC/POL or stablecoins? Possibly yes: the system could accept alternate tokens for fees which are then converted or swapped into the protocol’s treasury. But OMNI may be given some utility boost (like cheaper if using OMNI).
During testnet, these models will be trialed. The hypothesis is to keep spam below 1% of total posts while not excluding users from low-GDP regions. If the fee is as low as fractions of a cent or if it's offloaded to attention or reputation, most users should be fine and spammers find it expensive to flood the network.
While core functionality is on-chain or decentralized, OmniSocial relies on some off-chain or supporting services to enhance performance and usability. As the project grows, it will move more of these to decentralized or community-run solutions, but initially, they may be centrally run for expedience.
Key off-chain components and their status:
Indexers (The Graph Node): As detailed in the data indexing section, OmniSocial uses The Graph for querying on-chain data efficiently. During development, a Graph node is run by the team (or a hosted service) for quick iterations. There is also a local Graph node setup for developers. As the project matures, the subgraph will be published to the decentralized Graph network so that many indexers can serve queries in a redundant way. Indexers essentially follow the chain and maintain the database of OmniSocial entities (profiles, posts, etc.) that the front-end queries.
Media Relay & CDN: To ensure fast content delivery, OmniSocial uses caching layers and possibly its own small “media relay” service. This service might pin content on IPFS, coordinate with Cloudflare’s IPFS gateway, and serve as an origin for CDN caching. It might also do things like image resizing for thumbnails on the fly. In the long term, even media serving could be decentralized (via IPFS gateways run by the community or via new decentralized CDN projects), but at start, a simple server might do some heavy lifting for user-uploaded images or videos with caching.
Key Management Service (Optional): For users who absolutely don’t want to manage a crypto wallet, OmniSocial considers providing an MPC-based custodial option. MPC (Multi-Party Computation) wallets split keys among multiple parties. A key management service could hold a shard of the key, the user holds another (maybe via email login or similar), and only together they can perform actions. This is akin to how some wallets like Argent or services like MagicLink work. It’s optional because it introduces some centralization risk, but it can help onboard users who are not comfortable with seed phrases. This would be treated as a transitional step – ideally, users migrate to full self-custody, but the service can be there to catch those who might otherwise bounce off.
Analytics and Telemetry: While respecting privacy, OmniSocial may run analytics to understand usage patterns (the docs mention Prometheus/Grafana which is more ops, but here I mean user analytics like which features are used, drop-off points in onboarding). If done, it would likely be open analytics that anyone can see, and using on-chain data as much as possible rather than tracking users off-chain.
All these off-chain services are intended to augment the on-chain protocol, not define it. In case any off-chain component fails, the core social functions should still be recoverable from the chain (for instance, if the Graph indexer is down, one could still read events directly from the blockchain, albeit painfully; if the media server is down, users with the IPFS hash can fetch content from any IPFS node, etc.). Redundancy and eventual decentralization of these services are part of the roadmap.
For instance, the project might incentivize multiple community members to run archive nodes that pin all OmniSocial content and serve it (like a cooperative dataswarm). Or use upcoming decentralized indexing protocols (like Substrate-based indexers, etc.) as alternatives or backups to The Graph.
By following this deployment strategy, OmniSocial balances innovation with caution. Each phase de-risks the next: internal testing catches obvious bugs, testnet gets real-world usage and community feedback, beta tests scale and economics, and only then is mainnet launch undertaken with confidence. The approach is transparent and invites community at each step, in line with OmniSocial’s ethos of radical transparency and community co-design. Users and developers are encouraged to join the journey early – by the time mainnet arrives, OmniSocial will truly be built by and for its community.
(Note: Some aspects of the smart wallet design have been covered in the Identity section above. This section focuses on the technical design considerations and flows specifically related to how transactions are handled through the account abstraction mechanism.)
OmniSocial’s use of smart contract wallets is a defining feature. In this section, we walk through the typical transaction flow involving an OmniWallet, and highlight design decisions that enable features like gasless usage and session scopes. We also address some open UX questions related to this wallet design.
To illustrate, let’s follow the lifecycle of a user action – say Alice likes a post or sends a tip to Bob – through the OmniWallet system:
User Intention: Alice clicks "Tip 5 POL" to Bob on the front-end. Alice currently has persona NFT #1 (@alice) active on her OmniWallet. She’s using her browser which holds a session key authorized for tip:* scope (max 5 POL) for the next hour.
Meta-Transaction Signing: Instead of prompting MetaMask or hardware wallet (assuming Alice set up a session key), the front-end uses the session key to sign an intent message. This message might say: “From OmniWallet X, call function execute(OmniWallet.execute(target=BobWallet, value=5 POL, data=encode(TipModule.tip("Great post!")))”. Essentially, it’s a structured payload that includes what contract to call, what function/data, and how much value (tokens) to send. Because the OmniWallet supports meta-transactions, Alice’s signature on this message is enough to authorize it. The signature could be a simple ECDSA (if session key is an EOA) or even a WebAuthn signature if using her YubiKey via a special flow.
Relayer Submission: This signed meta-tx is sent to an OmniSocial Relayer service (either via a decentralized mempool or an API). Alice might broadcast it to a relayer endpoint that’s part of the relayer pool.
Paymaster/Sponsor Logic: The relayer, upon receiving Alice’s request, wraps it into an Ethereum transaction. If OmniSocial uses the ERC-4337 architecture, there might be a Paymaster contract on-chain that will pay for this gas on behalf of Alice (likely funded by the protocol). The relayer might call the Paymaster and EntryPoint contracts of ERC-4337. However, since Polygon zkEVM doesn’t natively have ERC-4337 as of now, the current approach might simply be: relayer calls OmniWallet.execute(...) on-chain directly, including Alice’s signature as part of the call data, and the OmniWallet contract verifies the signature (like how Gnosis Safe or OpenZeppelin MinimalForwarder work). The sponsor in this case is implicit – the relayer uses their own gas, and expects to be reimbursed from protocol’s funds or future rewards.
On-chain Validation (EntryPoint/Wallet): The OmniWallet contract (or an ERC-4337 EntryPoint if used) will validate Alice’s meta-transaction. This involves checking that the signature is indeed from a key authorized by Alice’s wallet (her session key or her main key). If we had different signature schemes (e.g. Alice using a Falcon PQC key), here the modular signature adapter would come into play, but it’s technical detail. After validation, any pre-condition like nonce checking or scope checking is done – e.g., ensure that calling tip is within the tip:* scope’s limits (the contract could track how much has been tipped under that session key so far).
Execution of Action: Once validated, the OmniWallet’s execute function will call the target contract. In our example, the target is likely the TipModule or a function on Bob’s wallet. If tipping is implemented as just a direct transfer, the target might simply be Bob’s wallet address (to send him 5 POL). If there’s a specific TipModule (which logs a message and emits an event TipSent), then OmniWallet calls that module’s function. The call is made with value = 5 POL (denominated in the chain’s currency, since POL is native on Polygon). The result might be that Bob’s OmniWallet receives 5 POL and an event is emitted logging “Alice tipped Bob 5 POL with message 'Great post!'”.
Result and Confirmation: The transaction is included in a block, and thanks to the zkEVM’s fast finality and low latency, within a couple seconds the front-end receives confirmation (perhaps via a WebSocket or GraphQL subscription) that the tip went through. Bob’s profile now shows +5 POL in earnings, Alice’s interface might show the tip in her history (via subgraph data).
Post-Transaction Hooks: Observers (like the subgraph) see the events:
Executed event from Alice’s OmniWallet (recording that it executed something).
TipSent event from the TipModule or OmniWallet.
These get indexed. Also, any anomaly detection system observes that Alice’s wallet did a value transfer within expected patterns (no flags).
If the tip qualifies for any reputation effect, perhaps the RepModule is triggered: e.g., tipping might give Alice a small +1 in “community” rep for supporting someone, and Bob maybe +1 in “creation” rep for getting a tip (indicating valued content). The RepModule would update accordingly and those events too go on-chain.
Throughout this flow:
The user experience was that Alice just clicked a button and maybe tapped a security key fingerprint, and it “just worked”, no gas, no switching networks (assuming she’s on the Polygon network already). The complexity of meta-tx and relays is hidden under the hood.
The design ensures security by scoping what the relayer can do. The relayer cannot arbitrarily take Alice’s funds because it only can execute what Alice signed. At worst, a malicious relayer could refuse to send Alice’s tx (censorship), but then another relayer could do it. They cannot alter it without invalidating her signature.
Use of a Paymaster or gas tank means the relayer will get compensated. If OmniSocial had a Paymaster, it might reimburse the relayer from a communal fund and possibly charge Alice in a different way (or not at all for first N uses). This mechanism is still being fine-tuned as part of the fee sponsorship strategy.
The above is a simplified example; more complex flows (like creating a DAO proposal) might involve multiple contract calls (for instance, locking tokens, then calling DAOFactory). Those could either be batched into one meta-transaction (if the wallet supports multi-call sequences) or handled stepwise.
As described in section 2.2, OmniWallet supports delegated session keys with limited scopes. Here we list a few example scopes (some already tabulated) and what they allow, to clarify how powerful and granular this can be:
Global Posting (post:global): Allows the session key to post content to the main global feed of OmniSocial. TTL might be 24h. If Alice grants this to her mobile device, she can post from her phone easily for a day without hardware prompts.
DAO-specific Posting (post:dao:<ID>): e.g., post:dao:42 for DAO #42’s discussion forum. If Bob is a member of DAO 42 and he’s moderating their forum, he might have a key on his tablet that’s only for that DAO’s posts and maybe shorter lived (12h).
Tipping (tip:*): As per example, allows sending tips up to a certain amount (and possibly only to whitelisted addresses or any address). Once the user has tipped the cumulative allowed amount, the scope either auto-revokes or requires re-auth.
Voting (dao:vote:*): Allows casting votes in any DAO where the user is eligible. This is handy if Carol is in many DAOs and wants to vote from her phone; she can activate a voting key that can’t steal funds, only cast votes. TTL might be a few hours, or maybe longer if considered low risk.
Follow/Like (social:* perhaps): For actions like liking a post or following a user, which are low-impact, a scope could allow unlimited likes/follows since at worst a hacker could spam likes (which is not catastrophic beyond annoyance).
Each scope is revocable. The OmniSocial interface will likely have a “Security” dashboard where a user can see all active session keys and their scopes, and click “Revoke” on any that look suspicious or that they no longer need. Under the hood, revoking might simply mark the session key as invalid in the OmniWallet’s storage (the wallet can keep a mapping of valid session keys and their expirations, which the owner can update).
Security considerations: The delegated keys feature is powerful but must be carefully implemented to not open attack vectors. For instance, the scope definitions must be comprehensive – you don’t want a key that’s supposed to only post to somehow be tricked into transferring funds. The implementation will likely treat any call that doesn’t match an allowed function signature as invalid. Formal verification can help ensure “a session key with X scope cannot do Y action”.
Even with the engineering in place, some user experience questions remain open for research:
Managing Multiple Keys: Will users understand and manage potentially several active session keys? There’s a risk of confusion if, say, a user has 3 devices each with different scopes and durations. We might need to simplify it (perhaps one session key per device with broad scopes but low amounts).
QR-code Pairing: If a user wants to use OmniSocial on a new device, we could let them scan a QR code while logged in on their main device to approve a session key for the new one (similar to WhatsApp Web pairing). Should this automatically grant an ephemeral session key? Likely yes, to improve onboarding on second devices, but how ephemeral (maybe valid for a week unless extended)? It’s to be refined.
Choice of PQC Signature Scheme: If offering quantum-safe keys, we have to pick one (Dilithium vs Falcon, etc.). Dilithium is standardized (CRYSTALS-Dilithium by NIST) but has larger signatures. Falcon is smaller but more complex. The decision might affect performance and compatibility. The team leans to whichever the Ethereum community might adopt for L2s, to maintain interoperability.
Social Recovery UX: Not covered above but important: guiding a non-technical user through recovering a wallet via guardians or an SBT. That process ideally looks like: “Click ‘Recover’, get your 3 friends to each click approve on their end, wait 1 day, and your account is back.” Achieving that simplicity needs careful design and testing (phase Beta will focus on that).
Fee Display: If the protocol is paying fees, do we show users “$0.00” cost always? Might hide appreciation of underlying costs. Perhaps show “covered by OmniSocial” as a note. Also if using reputation as collateral, how to visualize that (e.g., “this action will use 0.1 of your rep as collateral for 1 hour”) without confusing people? Possibly not surface at first until users are advanced.
These questions will be addressed through user testing and community input as the project progresses. OmniSocial aims to make advanced crypto tech (like account abstraction, ZK, etc.) invisible to the end-user to the extent possible, but we also need to educate power users and give feedback so users feel in control.
(This section builds on 2.3 but goes into more detail on the computation pipeline and research behind the reputation system.)
The OmniSocial reputation model combines on-chain tracking with off-chain computation for certain parts (like normalization) and optional zero-knowledge proof generation for privacy. The design of the pipeline is as follows:
Computation Pipeline:
mathematicaCopyEditOn‑chain Events → Subgraph → Normalizer Service → Decay Engine → Aggregator → (optional) ZK Proofs → Client Display
On-chain Events: Whenever relevant user actions happen (post created, tip sent, vote cast, content moderated, etc.), events are emitted by contracts. For example, ReputationGranted or ReputationRevoked events in the RepModule, or even raw events like TipSent which imply a positive contribution.
Subgraph: The Graph node ingests these events and maintains running totals in its schema (like a Reputation entity per user/domain). The subgraph might not apply decay (that is done on-chain or by a formula at query time), but it stores last updated block and base values.
Normalizer: Optionally, an off-chain service might periodically “normalize” rep scores. For instance, convert raw counts into a percentile or a score capped at certain ranges (maybe via a sigmoid function as hypothesized). This could also adjust for differences between domains (like if governance actions are rarer than posts, ensure the scores are comparable or balanced if needed).
Decay Engine: The rep decay is currently handled on-chain whenever getReputation is called (calculating the exponential decay since last update). Alternatively, a scheduled process could update rep values on-chain by applying decay increments (though that would be transaction-heavy, so likely on-the-fly calculation is better).
Aggregator: If we ever want an aggregate reputation (like a single number summarizing all domains for “leaderboard” purposes), that would be computed by weighting domain scores. For example, OmniSocial might say overall rep = 1x Creation + 2x Governance + ... as per a weight
In practice, updating reputation involves both automatic and governance-driven actions:
Most increases in rep are automatic: smart contracts or oracles grant rep points when a user does something valuable (posting, voting, receiving tips, etc.】.
Decreases can be automatic (the decay over time, or if a user’s content is flagged enough to trigger an on-chain penalty) and can also be manual via governance (a community could vote to strip someone’s rep if they were found cheating, for instance, by calling revokeReputation】.
The parameters (decay rates, what actions give how much rep, thresholds for tiers) are configurable by the OmniSocial DAO. A table of sample default parameters might be:
Domain | Purpose of Rep Tracking | Weight in Overall Influence | Decay Rate | Decay Interval (blocks) |
|---|---|---|---|---|
creation | Original content creation & curation | 1× (baseline) | 1% per day | ~6,500 (≈1 day) |
governance | DAO participation (proposals, votes) | 2× (more emphasis) | 0.5% per day | ~6,500 |
moderation | Moderating content, reporting abuse | 3× (high emphasis) | 2% per day | ~6,500 |
community | Onboarding, discussions, help | 1× | 0.75% per day | ~6,500 |
】
In this hypothetical scheme, moderation rep decays fastest (to ensure constant vigilance) and carries a high weight when aggregating influence (since good moderators are vital, but they must stay active to keep that influence). Governance rep decays slower (so your voting history holds weight longer) but is weighted 2× since it’s crucial for protocol decisions.
Use Cases Recap:
Reputation-weighted Quadratic Voting: Instead of one-token-one-vote, OmniSocial can use quadratic voting where a user’s voting power is a function of their rep. This prevents whales from dominating and showed in simulations to increase unique voter turnout 4× compared to token votin】.
Content Visibility: High-creation rep users might have their posts boosted or more trusted by algorithms (if any algorithmic feed exists). Low-rep new users might get a “newcomer” label that encourages others to guide them.
Access Gating: A community forum could require, say, moderation rep > 50 to join a moderators channe】, ensuring only experienced users partake.
Gamification: Reputation essentially gamifies contributions. Leaderboards can be created for each domain (who has the highest governance rep this month, etc.) to spur healthy competition. The decay-aware design means leaders must keep contributing to stay on to】.
OmniSocial’s reputation model is a work in progress, intended to evolve through data and community input. It’s conservative in that reputation is not easily gained (and cannot be bought or transferred, one must earn it) and can fade away, reducing long-term accumulation of power by inactive early adopters. At the same time, it’s innovative in tying together social capital and economic actions (like requiring rep or token as collateral for actions, see Tokenomics). The combination of on-chain enforcement and off-chain analysis (like using the subgraph to quickly query rep rankings or to run periodic normalization jobs) gives a flexible yet verifiable system.
OmniSocial’s governance framework empowers the community to steer the development, parameters, and even the evolution of the protocol. This occurs both on-chain and off-chain in a progressively decentralized manner. The backbone is a DAO (Decentralized Autonomous Organization) smart contract system, composed of a DAOFactory and individual DAO contracts for managing proposals and votes.
DAO Creation: Using the DAOFactory contract, users can create new DAOs easil】. Each DAO can represent a community or sub-project. For example, there could be the OmniSocial Protocol DAO (for global decisions), and separate DAOs for large communities or even individual creators who want to involve their followers in decisions (like a “Creator DAO” for deciding content direction or fund usage).
When creating a DAO via the factory, parameters are set:
Governance Token or Reputation: The DAO can specify what gives voting power. Some DAOs might use a governance token (ERC-20) distributed to members. OmniSocial encourages using reputation-weighted voting by default (perhaps the DAO ties into the RepModule’s “governance” domain scores). It’s also possible to do hybrid (e.g., each member has 1 vote plus extra weight from rep).
Voting Mechanism: OmniSocial supports Quadratic Voting and standard 1-token-1-vote. Quadratic voting (where cost of votes is square of votes gained) is recommended for community fairnes】. The DAO template can implement either.
Proposal Threshold and Quorum: These are set to prevent spam proposals. For instance, maybe you need at least 100 rep or 100 tokens delegated to you to create a proposal. Quorum (minimum participation) might be say 10% of total voting power must vote for it to be valid.
Timelocks: By default, any passed proposal goes into a time-lock period (e.g., 2 days) before executio】. This is handled by an associated Timelock contract that queues the execution, allowing time for objections or cancellation if something malicious was found.
Executable Actions: Proposals in OmniSocial DAOs can be binding on-chain actions. For example, a proposal could upgrade a contract (as described earlier), transfer funds from a treasury, or change a parameter (by calling a setter on a parameter contract). The DAO contract thus holds the ability to call certain functions (with timelock) once proposals pass.
Proposal Lifecycle:
A member drafts a proposal (often off-chain discussion first on forums to refine ideas, then formalize on-chain).
They call createProposal(title, descriptionHash, callData...) on the DAO contract. The descriptionHash might point to an IPFS/Arweave document with full details of the proposal (ensuring content is stored permanently】.
The proposal is now active for voting. OmniSocial’s front-end will show it in the DAO’s dashboard. Voting typically lasts a set period (e.g., 7 days).
Members vote by calling castVote(proposalId, support) or similar. If rep-weighted, the contract looks up the voter’s rep. Votes could have options like For/Against/Abstain.
Votes are tallied (the subgraph also indexes them for real-time display】. If quadratic, the contract does the math to apply sqrt to votes.
After the voting period, if the proposal meets quorum and has more For than Against (or whatever threshold), it is Queued in the Timelock.
After the timelock delay, the proposal can be Executed: the queued transactions in the proposal (like “call upgradeTo on OmniWallet proxy”) are executed by the timelock contract on behalf of the DA】. If the proposal was just advisory (no specific on-chain action), then execution might simply mark it as executed (or it could trigger a state change like updating a config).
If the proposal fails or expires, it can be cancelled or dropped from queue.
Treasury and Funds: Each DAO can have its own treasury (could simply be the DAO contract address holding funds or a separate Treasury contract controlled by the DAO). For example, the OmniSocial Protocol DAO treasury might hold some OMNI tokens allocated for community grants, and only DAO proposals can spend from it.
Moderation DAO: There might also be special-purpose DAOs, such as a Moderation Council. This could be a DAO with members having higher moderation rep or elected by communities, empowered to make decisions about global content policy or to resolve disputes that algorithms cannot. They could vote on things like adjusting global moderation parameters, or in extreme cases, vote to ban a user from OmniSocial if absolutely necessary (though design leans on algorithmic and community moderation first).
Off-Chain Governance (RFCs and Social Coordination): Not everything will be decided on-chain. OmniSocial will use off-chain discussion platforms (like a Discord, a Discourse forum, Twitter, etc.) for Request for Comments (RFC) processes where ideas are floated and refined before an on-chain vote. Snapshot (off-chain voting) might be used for quick sentiment checks that aren’t binding. The whitepaper itself is published early to invite feedback and will likely see revisions via community input before any on-chain ratification.
Hybrid On/Off-Chain: Some governance might use signaling votes on-chain that have off-chain effects. For instance, a poll about a user interface change might be done on-chain just to record preferences, and the actual implementation is off-chain by developers. Conversely, certain off-chain events (like a security incident) might trigger on-chain emergency votes.
Governance of Upgrades: As noted in Security, upgrades to core contracts must go through governance. The governance framework ensures transparency here. The code for a new version is shared, an upgrade proposal is made, and the community has time to review. Only after a successful vote and timelock does the upgrade happe】. This greatly reduces the risk of insider hijacking and aligns with decentralization.
Meta-Governance: OmniSocial’s own governance can itself be adjusted. For example, the community could vote to change how voting power is calculated (maybe incorporate a new “reputation” domain or switch to a soulbound governance token). They could even decide to launch a Layer 1 chain in future (though currently it’s on Polygon L2) – essentially, nothing is off the table if consensus is reached. Of course, practical and legal constraints apply for radical changes, but the framework allows self-amendment.
In summary, OmniSocial’s governance framework is designed to empower active contributors (through rep or token-based voting) while keeping the process open and transparent. Early on, the core team will guide governance (with community input) to avoid chaos, but they plan to hand over the reins to the community DAO as soon as it’s viable. This framework ensures that the users and builders of OmniSocial are the ones governing it, rather than any centralized company or foundation.
OmniSocial’s economic model revolves around a native utility token (tentatively called OMNI), which fuels network operations, governance, and incentive mechanisms. The token is not a traditional Layer-1 coin (since OmniSocial runs on Polygon’s network, it uses POL/MATIC for gas), but OMNI serves specific purposes within the OmniSocial protocol. Below we outline the token’s envisioned distribution, utility, and economic levers, updated to reflect the current direction:
(Note: Final details are to be determined by community and subject to change; placeholder percentages given as an example.)
The OMNI token is planned to have a fixed supply or a capped supply with minimal inflation. The initial allocation might look like:
Community Airdrop – 20%: To bootstrap the network effect, a portion of tokens may be airdropped to users of decentralized social platforms (Lens, Mastodon, etc.) or early OmniSocial beta testers. This widens distribution and puts tokens in the hands of potential active users. (No vesting; these are liquid at launch to encourage usage.)
Ecosystem Fund – 25%: Managed by the OmniSocial DAO, used for grants, partnerships, liquidity provision, and ongoing development funding. This might vest over, say, 2 years linearl】 to ensure long-term support.
Relayer/Node Incentives – 15%: Reserved to incentivize relayers, indexers, or validators of any sort (though OmniSocial doesn’t have its own validators, this chunk would encourage those running infrastructure for the network, like content pinning nodes or bridge operators). These could be released over time according to network growth (like a reward pool).
Core Contributors – 15%: Allocated to founders, developers, and early contributors. Typically locked with a 1-year cliff and 3-year linear vesting afte】 to align with continued contribution.
Treasury Reserve – 25%: Held by the DAO for unforeseen needs, future fundraising, or burned if not needed. Could also backstop any staking/slashing mechanisms. How this is used is up to governance (could be slowly released via community proposals or kept for extreme events】.
(The above sums to 100%; these figures are illustrative. The actual tokenomics will be determined with community input, especially given regulatory considerations.)
There may or may not be inflation after the initial distribution. One idea is a mild inflation to continually fund the DAO treasury (tail emissions), balanced by token burns from fees, achieving near equilibrium. Or a fixed supply with a portion of fees recycled.
The OMNI token is multi-functional within OmniSocial:
Governance: OMNI is the voting token for the OmniSocial Protocol DAO. Holding OMNI (and possibly staking it in the governance contract) gives you the right to propose and vote on change】. However, OmniSocial is novel in integrating reputation-weighted voting alongside tokens, so pure token voting is augmented by rep (for example, a user’s voting power might be a function of their OMNI stake and their governance rep). In any case, OMNI economically aligns holders with the network’s success.
Fee Medium: Certain actions might require OMNI as a fee or collateral:
Posting Content: Perhaps normally free, but if a user’s reputation is below a threshold, they must put up a small OMNI stake or pay a tiny OMNI fee (e.g., 0.005 OMNI) to pos】. This stake might be returned after some time if the post wasn’t spam (so effectively a deposit). The idea is to make spammers expend OMNI, which is costly, while regular users with good rep don’t have to.
Minting Personas: There could be a one-time fee of, say, 0.5 OMNI to create a new person】. This could be burned to prevent unlimited persona farming (Sybil attack) and signal commitment to that identity. Or it might be waived for early users or certain verified accounts.
Tipping and Payments: Tips can be in POL or any token, not necessarily OMN】. The protocol doesn’t force using OMNI for P2P payments because that would limit usability. However, optionally, creators might choose to accept tips in OMNI or offer perks for tipping in OMNI.
DAO Proposal Deposit: To discourage spam proposals, creating a proposal might require depositing say 10 OMN】. If your proposal passes or is genuine, you get it back; if it’s spam and fails miserably or is out of order, it might be forfeited (burned or moved to treasury). This ensures proposers are serious.
Staking for Services: Participants providing services (content pinning, relaying, etc.) might need to stake OMNI and can earn OMNI for their work. For example, relayers stake OMNI to get into the rotation (and are slashed if they misbehave】. Similarly, someone running a popular community’s moderation AI might stake OMNI as a bond and earn rewards from the DAO for good performance.
Reputation Boost (Collaterization): There were ideas of requiring a micro-stake in OMNI to unlock higher reputation influence – e.g., to reach Gold tier in governance rep, you must hold at least X OMNI as a bond. This hasn’t been solidified and might be seen as plutocratic, so it may not be implemented. But a mild form could be requiring some OMNI to create or lead a large community, etc., just to show commitment.
Yield and Incentives: The ecosystem fund may institute incentives like liquidity mining if OMNI is listed in DeFi, or rewards for early adopters (like an OMNI reward for your first 100 contributions to encourage usage). These have to be balanced to not just attract mercenaries. More preferable are retroactive rewards (like once a quarter, the DAO could reward top contributors in each rep domain with some OMNI from the ecosystem fund, effectively “mining by contributing” rather than by providing liquidity).
Burn Mechanism: Certain fees or penalties result in burning OMNI to reduce supply and create value for holders. For example, the persona mint fee or a portion of every spam deposit that gets slashed could be burned. If usage is high, this could counteract any token inflation and potentially make OMNI deflationary, benefiting holders and aligning incentives (the more spam that’s fought, the more deflation; the more the network is used, the more governance tokens gain in scarcity).
Overall, OMNI is intended to incentivize positive behavior and disincentivize negative behavior. It’s a utility token, not primarily a payment currency or store of value, though if the network succeeds, it could accrue value as the key to participating in governance and earning elevated status in the ecosystem. This utility focus and the avoidance of pure speculative narratives aim to position OMNI in a way that might meet regulatory guidelines for a utility token (see Compliance section).
Economic Sustainability: The OmniSocial economy blends free participation with stake-based accountability. Unlike Web2 where everything is free but users are the product, here basic usage can be free (especially if you build reputation), but abusing the system quickly incurs costs in OMNI or loss of rep. The token model should thus scale with usage: more users and more communities mean more OMNI deposits and burns in various places, which in turn feeds the treasury or reduces supply. The DAO treasury (funded via allocation and possibly some fees) can further reinvest into growth (grants, hackathons, tipping matching programs, etc.).
One challenge will be to avoid making OMNI too central for regular users (who might not care about tokens). OmniSocial can abstract most token stuff away for those who just want to use the social features (they might never see OMNI if they behave well and just use POL for tipping). But power users and contributors will interact with OMNI when they step into governance or if they want to help run the network.
Initial Distribution and Launch: There may be no public ICO (sale) for OMNI to avoid regulatory issues. Instead, it could be distributed through airdrops and maybe a small private sale to strategic partners. When it launches, liquidity could be provided on Polygon DEXes for trading. However, OmniSocial can thrive even before OMNI is widely traded because POL can be used for economic activities meanwhile. The token launch might even happen after the mainnet social features are live (so that the token’s introduction is about decentralizing control and adding incentives, rather than raising funds to build the thing – since ideally it’s largely built by then).
(All tokenomics plans will be presented to and decided by the community; the above is a snapshot of the thinking and is subject to change.)
Security is critical for OmniSocial given it manages user identities, reputations, and potentially valuable tokens. We have touched on many security aspects (cryptography, 2FA, recovery, audits) earlier. This section summarizes the threat landscape and OmniSocial’s mitigation strategies, highlighting any additional considerations not yet mentioned.
Below is a non-exhaustive list of potential threats, their likelihood/impact as estimated, and mitigations:
Key Compromise (User Wallet Hacked): Likelihood: Medium (users are targets of phishing/malware). Impact: High (loss of identity and assets). Mitigation: Encourage WebAuthn 2FA and guardian social recovery for all user】. Even if private key is stolen, the thief cannot execute sensitive actions without the second factor, and the user can recover via guardians. Ongoing user education on security (don’t sign strange transactions, etc.).
Relayer Censorship or Cartel: Likelihood: Low to Medium (if few relayers, could collude or censor). Impact: Medium (could deny service to some users, undermining neutrality). Mitigation: Open relayer participation with staking (hard to cartelize if many participants】. Users can always fall back to sending transactions directly if needed (with gas). In worst case, community could slash and replace censoring relayers. Long-term, trustless meta-tx networks or multiple entry points (4337) will alleviate reliance on specific relayers.
Smart Contract Bugs: Likelihood: Low (with thorough audits & formal verification). Impact: High (if core contract is buggy, funds or data could be at risk). Mitigation: Extensive testing, audits, bug bountie】. Use battle-tested libraries (OpenZeppelin) where possible. Proxy upgradeability with DAO control means if a bug is found, it can be patched via governance (with urgency procedures if needed). In worst case, halt certain functionality (pause) and fork state to new contracts (social recovery at system level, only with community consensus).
Signature Downgrade Attack: (e.g., forcing a user to use a weaker signature scheme) Likelihood: Low. Impact: High if it happened (if someone made a user use insecure keys). Mitigation: OmniWallet adapters will whitelist acceptable signature schemes and enforce check】. Also, any introduction of new cryptography (like PQC) will be carefully reviewed to not introduce weaker assumptions inadvertently.
Sybil Attack (Mass Identity Creation): Likelihood: Medium (anyone can create personas theoretically). Impact: Medium (could dilute reputation systems, spam communities). Mitigation: Imposing a small OMNI cost or requiring some initial verification to create many personas (or rate-limiting creation】. Also using anomaly detection to catch if one user controls many accounts (patterns in usage】. The reputation system inherently limits Sybils because each persona would have to earn rep independently, and decay means you can’t just park them. The whitepaper earlier mentions micro-staking per persona as an anti-Sybil measure, which is implemented by persona mint fee and possibly needing to maintain some token balance on each active persona.
Reputation Exploits: e.g., collusion to inflate rep, or exploits to steal rep points. Likelihood: Medium (social attacks or unforeseen gaming). Impact: Medium. Mitigation: Use decay and caps on rep to limit how quickly one can gain influenc】. Also, multi-domain approach prevents someone from faking all aspects (they might game one metric, but not all). The DAO can adjust weights or slash fraudulent rep if detected. Off-chain machine learning can help spot unnatural rep growth.
Bridge Replay/Impersonation: When bridging content across platforms, someone might try to replay a message to claim it as theirs or impersonate an OmniSocial user on another platform. Mitigation: Use hash commitments and signatures on conten】 – e.g., each cross-post includes a proof it came from a certain OmniSocial persona (like including the DID or signature in the post). That way relays can verify authenticity. Nonces or timestamps prevent replay. This was noted as a risk (“Bridge Replay”) and addressed with hash and nonce check】.
Privacy Leaks: Even with ZK proofs, there could be side-channel leaks of info (like timing analysis on how often someone’s rep decays might hint at their score). Mitigation: Work with privacy experts (perhaps academic partnerships) to audit the system for unintended data leakag】. Offer users choices on how much to reveal. Over time, incorporate more robust ZK solutions as they become feasible on-chain.
Economic Attacks (Fee Sabotage or Bribe): Attackers might try to spam proposals by eating the refundable deposits (they don’t care about losing OMNI if their goal is chaos, or they got it cheaply). Or bribe users to vote a certain way. Mitigation: If someone is spamming proposals and willing to lose money, at least that money goes to the treasury or is burned, strengthening the system (a self-correcting aspect: it becomes expensive to sustain). Bribes in voting can be mitigated by using reputation which is not directly transferable or by mechanisms like committing votes secretly and revealing later (preventing guaranteed enforcement of a bribe).
Frontend/Phishing Attacks: Users might be tricked by fake OmniSocial websites or browser extensions. Mitigation: Encourage using official links (DNSSEC, verified social media announcing them). Possibly create a community verification for frontends (like a list of trusted frontends or a browser plugin that indicates if a site is a verified OmniSocial interface). Ultimately, as a protocol, OmniSocial can be accessed by various UIs, which is a strength but also means user education is needed to avoid scams. The official DAO might maintain a registry of approved apps.
This threat matrix is continuously revisited. Working Groups (WGs) in the community focus on specific areas (Legal WG, Security WG, Econ WG as mentioned in the Risks section】. They own finding and mitigating issues in their domain. For instance, the Research WG might handle looking into ZK side-channel】, the Ops WG handles relayer issue】, etc.
OmniSocial adopts a “defense in depth” strategy – multiple layers of security:
Preventive: Code audits, formal verification, up-front design choices (like using proxies to allow patching).
Deterrent: Bug bounties (would-be attackers might choose a reward instead of exploiting), slashing for misbehavior (deterring relayer misconduct).
Detective: Monitoring via Prometheus, on-chain tracking, community whistleblowing (everything is transparent on-chain, so suspicious actions can be noticed).
Reactive: Upgradeable contracts with DAO control for fixes, pause switches for emergencies, guardian social recovery for users, insurance funds or reserves if something goes wrong (the DAO might set aside some treasury to compensate users in case of a hack – a form of self-insurance).
Redundancy: Even if one part fails, others keep things going. E.g., if the subgraph fails, there’s the raw chain data; if one relayer fails, others pick up; if a key is lost, guardians recover.
By layering these measures, OmniSocial aims to achieve a high level of security and trust without sacrificing decentralization. It’s an ongoing process – the project will remain vigilant and adaptable, learning from both its own test phases and the wider blockchain/security research to strengthen the system over time.
(This section outlines OmniSocial’s alignment with broader standards in decentralized identity and credentials, and recaps its interoperability approach.)
Beyond bridging to other social networks, OmniSocial contributes to the evolving standards for decentralized identity and data:
OmniSocial defines a DID method did:omni: for its on-chain identitie】. Every OmniSocial persona can be represented as a DID, for example: did:omni:alice#persona-1. The DID document for an OmniSocial identity would include:
Public Keys: The verification keys (e.g., the persona’s associated wallet public key, or the DID could also include the user’s other keys like their encryption key, etc.).
Services: Endpoints or descriptions of where the identity can be used (for instance, a service entry might point to the OmniSocial GraphQL API where you can fetch this persona’s profile, or a Matrix homeserver for messaging).
Controllers: The DID might be controlled by the user’s OmniWallet address, and potentially by guardians (multi-controller DID) if using social recovery.
The DID document can be constructed on the fly by querying the blockchain and the .omni alias registry. OmniSocial will likely publish a method spec so others can resolve did:omni DIDs. This integrates OmniSocial identities into the larger decentralized identity ecosystem (with DID being a W3C standard). For example, you could use your OmniSocial DID to login to other apps that support DIDs, proving who you are with your persona NFT’s keys.
Verification of DIDs can use linked data proofs (like signing a message with your OmniWallet to prove control of the DID) and even ZK proofs for certain claims (e.g., proving two DIDs belong to the same person without revealing which, if needed】.
OmniSocial can both issue and consume Verifiable Credentials, which are cryptographically signed attestations about an identity. Some examples of VCs relevant to OmniSocial:
Proof-of-Creator Credential: This could link a piece of content (like a blog post or artwork) to the creator’s DID, forming a chain of provenanc】. For instance, Alice can have a VC that says “Alice created content with hash X at time Y” signed by Alice’s key or a platform. This is useful when content is shared outside OmniSocial – the credential travels with it to prove origin.
Membership Credential: If Alice is a member of the “Photographers DAO” with certain reputation percentile (top 10%), the DAO could issue her a credential stating “Alice is a member of Photographers DAO, rep percentile 90】. This could be used outside OmniSocial to prove status (maybe to get access to an event).
Age Verification Credential: A privacy-preserving approach where a trusted issuer (or a zkKYC provider) issues a VC that says “Persona X is over 18” without revealing actual birthdat】. OmniSocial can use this to gate adult content or comply with regulations without storing personal data on chain.
Professional Credential: Perhaps an employer or organization can issue a VC to attach to your persona that says “This user is a certified ZK Developer” or “Employee of Company Y】. Using DIDs, these can be verified on-chain or in-app.
OmniSocial will provide ways to attach VCs to personas (perhaps via metadata links or an on-chain reference). Viewing someone’s profile could then show badges or verification derived from VCs (like a blue check mark if they have a VC from a known verifier). Storage of VCs might be off-chain but referenced by hash.
(This recaps section 2.5 in brief standard-centric terms.)
OmniSocial’s bridges align with or extend standard protocols:
ActivityPub: Using the ActivityStreams vocabulary for content so that posts, comments, likes can map 1:1 between OmniSocial and fediverse servers.
AT Protocol: Embracing their Lexicon schema definitions to ensure data fields (like user profile info or posts) translate well. If AT Protocol’s PLC (Personal Data servers) system matures, OmniSocial might hook into it for identity lookups.
Nostr: Sticking to NIP (Nostr Implementation Possibilities) standards for formatting events. For example, including NIP-05 (which is basically like a username mapping in Nostr) linking to .omni alias.
Matrix: If bridging to Matrix for chat, using Matrix’s event schema and perhaps adopting MSC (Matrix Spec Changes) that allow external identity proofs.
OmniSocial will contribute back to these communities. For example, if we figure out a good way to handle edits on Nostr (which lacks native edits), we might propose a NIP for “edit hint” events. Or for ActivityPub, if we come up with a way to express zero-knowledge credentials in a profile, that could be an extension others adopt.
Interop Roadmap: We enumerated in section 2.5 various protocols and their integration status, along with latency KPIs. The approach is incremental and community-driven:
Start with simpler cross-posting (one-way).
Move to two-way sync for certain data (like follows, which requires careful merging).
Achieve full federation where OmniSocial users can follow and interact with external users as if all on one network, and vice versa. That is the ultimate goal: OmniSocial becomes a glue that doesn’t lock anyone in, but rather binds multiple networks together while empowering the user.
Standards Compliance: OmniSocial uses and supports established standards like:
EVM Compatibility: (Solidity, ERC-20, ERC-721, ERC-1155, ERC-2771, ERC-4337 draft) – to be compatible with wallets and tooling.
W3C DID and VC: as discussed.
ZKP Standards: (when using SNARKs, following emerging standards for proof formats, maybe integrating with identity standards like W3C ZKPs).
Legal standards for data: e.g., following GDPR’s guidelines for data deletion by ensuring personal data is user-controlled (so if they “delete” by removing references or content, that’s respected – see Compliance).
By playing nicely with both technical and regulatory standards, OmniSocial aims for maximum interoperability and minimum friction in adoption. It’s not about creating a new silo – it’s about building a hub that connects identities, data, and communities across the decentralized web, while adhering to open standards so that it remains extensible and future-proof.
Building a social network protocol faces legal considerations across multiple domains: financial (token), data privacy, and content regulation. OmniSocial integrates compliance as an “engineering constraint” from the star】, aiming to be proactive rather than reactive in this area.
The OMNI token is intended as a utility and governance token, not a speculative investment contract. Preliminary legal counsel suggests it likely can be classified as a utility token, but this depends on jurisdictio】. To navigate the regulatory maze:
The team is analyzing frameworks like EU’s MiCA, US SEC/FinCEN guidance, UK FCA crypto regulations, MAS (Singapore), etc., to ensure token design and distribution won’t run afoul of securities or money transmission law】.
The launch will avoid a public sale that looks like an ICO to steer clear of securities offering implications. Instead, airdrops and usage rewards emphasize its role in-network.
OmniSocial might seek a no-action letter or similar regulatory comfort in key jurisdictions (a no-action letter from the SEC, for instance, stating they won’t enforce action against the token given its utility nature】.
The DAO and governance aspects also raise questions: in some places, governance tokens could imply being a collective investment. OmniSocial’s stance is that the token holders govern a utility (like voting on protocol parameters) and the token is consumed in the platform, which leans it toward utility category.
Tax considerations: The DAO will also consider tax implications for users (like are airdrops taxable? likely yes in some places) and try to structure things in a user-friendly way (maybe allow opting out of airdrop or delaying receipt, etc., though this is largely on the user’s side to manage).
Privacy laws (GDPR, CCPA, etc.) are a big factor since OmniSocial deals with user-generated content and personal data:
User Control (GDPR “Right to be forgotten”): On OmniSocial, users truly own their data (it’s in their own wallet or on decentralized storage they control). If a user wants to delete data, since content is on IPFS/Arweave, it can’t be removed from the network entirely, but what we can do is allow a user to “erase” it from the accessible index and stop pinning i】. In effect, the content might still exist on some nodes, but OmniSocial interfaces will treat it as deleted (tombstone or remove from feeds). This approach attempts to respect the spirit of GDPR – we can show that upon user request, we ceased processing their personal data and took steps to remove it from our systems (with the caveat of blockchain’s append-only nature, which is a known tension with GDPR).
Data Minimization: OmniSocial tries to keep personally identifying information off-chain. For instance, there’s no need to store real names, emails, or birthdays on-chain – those can be in optional VCs or off-chain and only disclosed selectively. The less personal data on-chain, the less risk.
Consent: Posting content or making it public is a form of consent to process that data in the network. OmniSocial will likely have a user agreement (open source, community-reviewed) that clarifies what using the protocol means in terms of consent for data processing, so users are informed.
eIDAS compliance: In EU, eIDAS v2 considers certain blockchain identity solutions. If PersonaNFTs or .omni domains start being used as verified identities, OmniSocial might explore qualifying as a Trust Service provider or integrating with national eID scheme】, ensuring high standards for those who opt in (this is more speculative future if OmniSocial identities gain official recognition).
Children’s Privacy: OmniSocial is 13+ (or 16+ in some jurisdictions) by likely default. If underage users join, we need to ensure any legal requirements (like COPPA in US) are addressed. Probably by not knowingly storing data about sub-13 minors and maybe restricting certain features if age isn’t verified above a threshold.
While not explicitly in the provided text, an important compliance aspect is how OmniSocial handles illegal content (CSAM, hate speech in certain countries, etc.). This is tricky for a decentralized network:
OmniSocial will have community guidelines and help communities abide by them. Since there’s no central “OmniSocial Inc.” controlling content, it shifts to users and DAOs. But from a legal perspective, some jurisdictions might try to hold developers or node operators accountable. The protocol may incorporate hash blocking lists for known illegal content (like integrating with organizations that maintain hashes of illicit media to automatically flag them). This doesn’t solve new content, but it helps with known bad content.
Jurisdiction and Governance: The OmniSocial DAO might establish a legal entity (like a foundation) in a crypto-friendly jurisdiction to interface with regulators if needed, and to hold trademarks, etc. This entity could possibly be part of self-regulating the network (e.g., responding to legitimate takedown requests by issuing “please remove” signals to front-ends or nodes – though it can’t force on-chain removal).
Censorship resistance vs. law: OmniSocial leans on being censorship-resistant by design, but acknowledges certain legal obligations. The approach might be: illegal content gets universally flagged and access to it is suppressed via all official channels. It’s not “deleted from the world” (impossible on Arweave), but it’s effectively made invisible on OmniSocial UIs and discouraged strongly.
Software License: The OmniSocial code is open source. Core libraries and smart contracts likely MIT license】. The front-end might use an GPL or AGPL license to ensure modifications are shared back (though currently likely MIT as well, but this is an ongoing consideration – balancing permissiveness with preventing proprietary forks that don’t contribute improvements).
Content License: By default, content users post could be under Creative Commons (e.g., CC BY-SA】. This encourages sharing and remixing while giving credit. Users/creators might choose different licenses for their content – perhaps indicate in metadata if something is All Rights Reserved or CC0, etc. OmniSocial can’t enforce content license technically, but providing a norm and field for it can help. A creator could NFT their content under specific terms as well.
Trademark: The names “OmniSocial” and any logos will be trademarked to prevent scams or imposters using the name. These trademarks might be held by the foundation or a legal entity on behalf of the communit】. Community guidelines on using the brand will be published (similar to how Mozilla or Ethereum Foundation handle their marks).
Financial Transactions: Tipping and payments could raise money transmitter concerns or tax reporting issues. However, OmniSocial itself is just software – peer-to-peer tips in crypto are generally the users’ responsibility to handle taxes. OmniSocial doesn’t custody funds (the smart wallet is non-custodial), so the network likely isn’t a money transmitter. But as precaution, if volumes grow, the DAO might implement features to help users (like an opt-in year-end report of your tips for tax purposes).
Moderation and Liability: Decentralized moderation is uncharted territory legally. OmniSocial might benefit from Section 230-like principles in the US (which protect platforms from liability for user content, and also for good faith moderation). If the OmniSocial DAO does any coordination on moderation, they would want those protections. Engaging legal experts to interpret how those apply to a protocol vs a platform is something on the roadmap.
In essence, compliance is an ongoing effort: OmniSocial’s approach is to keep abreast of laws (perhaps with a legal advisory group) and build flexibility into the system to adapt. For example, if a certain regulation requires content retention for X months, the communities can decide how to simulate that (maybe keep flags or logs off-chain). If another law forbids some anonymity feature, the project might fight it or find a compromise that doesn’t break core principles.
The ideal outcome is a network that respects users’ rights (privacy, free expression) while minimizing illegal abuse and satisfying regulators that it’s not a Wild West. It’s a delicate balance, but by thinking ahead and engaging with regulators proactively, OmniSocial hopes to avoid severe legal challenges that have hampered some crypto projects.
Despite careful planning, OmniSocial faces uncertainties. Here we list some categories of risks and unknown challenges, along with possible paths to address them:
Regulatory Risk: Description: Regulators may still interpret OMNI as a security or find aspects of OmniSocial (like privacy features) objectionable. Mitigation: Establish a legal defense fund or coalition to advocate for favorable regulatio】. The community’s Legal Working Group monitors laws and can propose changes (e.g., disabling a feature in a jurisdiction via geofencing by frontends as a last resort).
Technical Risk: Description: The cryptography (e.g., zkSNARK circuits, PQC) might have undiscovered flaws, or scaling issues might arise with Polygon zkEVM or The Graph. Mitigation: Maintain ECDSA and conventional crypto fallback for PQC until prove】. If zkEVM proves too slow, have plan to migrate to another chain or L2 (even an optimistic rollup) as backup. Keep code modular to swap out dependencies (Graph can be replaced by another indexer if needed).
Economic Risk: Description: The fee/reward model might under-charge spammy behavior or over-subsidize usage (draining the treasury】. Or conversely, fees could deter users. Mitigation: Start with conservative limits (generous sponsorship but with bounds) and adjust via governance. If spam gets high, increase rep requirements or fees dynamically (a kind of surge pricing for transactions if spam attack detected). Economic Working Group to simulate and model different scenarios continually.
Governance Risk: Description: Low participation or voter apathy could lead to centralization of power (a few whales or active members making all decisions】. Also risk of governance attacks if someone acquires lots of tokens quickly. Mitigation: Encourage delegation of votes to active community members (so if many are lazy, at least they delegate to someone rather than not vote】. Possibly use quadratic voting to reduce whale influence. Set up community multi-sigs for critical roles as interim if DAO is not reaching quorum, etc., but aim to improve tooling and incentives for voting (like make voting easy in app, send notifications, maybe small rep reward for voting to nudge people).
Privacy Risk: Description: The use of zero-knowledge proofs or encrypted data could still leak info or have bugs. E.g., an implementation bug might reveal someone’s exact rep or connections. Mitigation: Sponsor academic audits (maybe university cryptography departments) to evaluate our privacy mechanism】. Keep sensitive computations simple and well-tested. If an issue, be ready to disable a feature (better no ZK proof than a broken one).
Operational Risk: Description: A group of relayers could collude (cartel) to extract high fees or halt servic】. Also, if a critical devops person leaves, monitoring might falter. Mitigation: Decentralize infrastructure – recruit more community members to run relayers, indexers, etc. Use incentives (some token rewards) to encourage a robust, diverse operator set. Also implement slashing for collusion as noted. Document devops runbooks publicly so community can take over if core team steps back.
Adoption Risk: Description: “If we build it, will they come?” Possibly low user adoption due to complexity, network effects of incumbent platforms, or poor UX. Mitigation: Focus on excellent onboarding UX (abstract crypto jargon, fast performance). Seed content and communities by bringing over existing groups (hence bridging strategy). Use treasury for growth hacking – e.g., tipping campaigns, contests, partnering with influencers from web2 to try the platform. Ultimately, being genuinely useful (especially to niche communities that value ownership, like DAO contributors, activists, etc.) will drive organic growth.
These risks point to open questions the project continues to explore:
Should moderation actions (like content flags) be incentivized on-chain? (If we pay people to report, do we encourage abuse of that vs if we don’t, do we get enough moderation?】
How to handle dormant high-rep accounts? (Should their rep decay to zero or flatten out? If someone was great 2 years ago and left, when they come back, should they be basically new again or still somewhat trusted?】.
Optimal decay & quadratic parameters: (Finding the right “half-life” for reputation so that it’s fair but not too punishing is still an experiment】.
Fee rebates in what currency? (If we rebate fees to good actors, should it be in OMNI, or in stablecoins equivalent? OMNI rebate could affect token value volatility perceptions】.
The approach is trial, measure, and iterate. OmniSocial will be launched as an evolving beta in many respects – the community should expect tweaks and even occasional breaking changes as we optimize the balance between openness, security, and usability. By clearly communicating risks and involving the community in decisions (true to “radical transparency” principl】), OmniSocial can adapt and improve through collective intelligence.
OmniSocial aims to demonstrate that a decentralized social network can be secure, user-owned, and inclusive by design. We’ve outlined a vision of a platform where identity is self-sovereign, reputation is earned, and communities govern themselves. Achieving this is a massive interdisciplinary effort – touching cryptography, economics, sociology, and law.
This document is a snapshot of a work in progress. Many details will evolve as we prototype, test, and learn. We publish our plans early not as a final blueprint, but as an invitation. We welcome critique, ideas, and contributions from all quarters:
Developers: Dive into our repo. Help us improve contracts (write tests, find gas optimizations), or build new modules. Join our weekly dev calls or open an issue with your suggestions.
Researchers: Challenge our assumptions. Is our use of ZK proofs optimal? Could our reputation decay model be better (maybe a different curve)? Propose alternatives and help simulate them. If you’re a security researcher, poke holes in our design – better you find them than an attacker.
Creators & Community Builders: Try out the app on the Polygon zkEVM testnet (when available). Give feedback on the user experience. Does multi-persona feel empowering or confusing? Are the tipping and content tools meeting your needs? Your input will shape the features and policies.
End Users: Even if you’re not tech-savvy, your perspective matters most. Join as an early user, and let us know where you encounter friction or what you’d love to see. If something doesn’t make sense, that’s on us to fix – tell us!
Bridge Builders: If you’re maintaining another decentralized social project or protocol, let’s collaborate. Help us integrate with your network so our communities can interact. This is not a zero-sum game; we want the whole decentralized social web to flourish together.
Community Organizers: Join our Discord, participate in governance discussions. Help define the culture and norms of OmniSocial. For example, help draft moderation guidelines, propose community initiatives, or run an OmniSocial meetup in your city to spread the word.
Together, we can reshape online social interaction around self-sovereign identity, privacy-preserving reputation, and creator-first economics.
This is a call to all who have been dissatisfied with the status quo of Web2 platforms: instead of complaining, let’s build and iterate on something better, out in the open. Expect debate, expect challenges – that’s a feature, not a bug, of community-driven development. Every critique is a chance to improve.
OmniSocial’s promise lies not just in the technology, but in the people who rally to make it their own. We have set the stage with concepts and code; now we invite the community to carry it forward. Comments, critiques, and collaborators are not only welcome – they are essential.
If you’ve read this far, we hope you’ll join us in bringing OmniSocial to life.
Michael J Burgess
