Author

Topic: Design for pay to social network profile (Read 688 times)

hero member
Activity: 836
Merit: 1030
bits of proof
June 22, 2013, 02:29:47 PM
#2
I am thankful for you firing these ideas here preempting the patent trolls. Keep up the good work.

Did we already mention that a payment could be initiated with a swipe of the fingers, a gesture or the blink of the eye? Wink
legendary
Activity: 1526
Merit: 1134
It'd be convenient if we could send bitcoins to anyone on an arbitrary social network. Doing this in the obvious ways is a pain because social networks normally don't let you associate metadata with your profile, and abusing existing fields has numerous issues (like complicated social ACLs or awkward APIs).

Also we don't want to rely on some trusted third party to hold the {user id} -> {public key} mapping. And we'd like a system that works for any social network with a little bit of simple glue code.

All social networks allow you to upload photos of yourself. We can embed a public key into the profile photo. The bad news is most social networks will recompress and rescale provided photos any time they please, as well as stripping any metadaa, in order to avoid security/privacy holes and save storage space. Thus what comes down from their servers is often different to what was uploaded except for a strong visual resemblance.

To resolve this problem we can take the RIPEMD160 of the compressed pubkey, Reed/Solomon encode it and then embed it into the image's middle-frequency components using a discrete cosine transform. An example of doing this along with a demonstration that it can survive Facebook roundtripping is available here:

https://code.google.com/p/dct-watermark/

A wallet app like Bitcoin Wallet can easily use the (open source) Facebook SDK to open up a friend picker activity, let the user select a friend, download their profile photo, extract the key and then send a payment. The receiving side can likewise use the SDK to authenticate to Facebook, download the current un-watermarked photo, save it, watermark a fresh pubkey into it, and then reupload the photo. The user should see nothing different.

One thing that's unclear is whether a profile photo can be adjusted without losing the comments and likes/+1s that it may have. If that isn't the case then of course embedding a raw pubkey into the image will leak private data. A reasonable alternative may be to introduce/abuse an untrusted third party for hosting small amounts of data, such as pastebin. The data embedded into the image can then be a pastebin reference and that reference would then contain the pubkey itself. Conveniently, pastebin allows you to edit posts after they are made if you've signed in .... which can be done with major social networks.
Jump to: