agreed, what if we think of some sort of chain of trust model i.e each new user should be carrying some sort of referral by few existing users to indicate that the user can be trusted and allowed to be part of membership.
But then again, this would not prevent sybil completely as users can keep generating memberships and then refer to create new users. This makes attackers work little hard.
But chain of trust works in real world where identities are unique and verifiable. In online world especially when privacy is required, identities are not tied to any real world identities. Maybe by tying identity to something like ZkPassport or AnonAadhar this type of sybil can be prevented?
How about we take this kind of an approach for Logos-core+tech stack installations which would in-turn provide RLN memberships for modules that come by default such as Waku/Messaging, mixnet?