Topic: Working on an idea for simple web-based alternative to bitcoin-otc web of trust - page 2. (Read 2763 times)

And I have already had several people simply *give up* on joining CIYAM Open due to GPG - really!

(perhaps I should refer any future such people to you to get them somehow magically converted?)

I have yet to see that, really. I think a lot of people don't want to learn the "magic" behind it so they can understand what is exactly happening. But as gpg and bitcoin address signing and verifying are becoming more popular for contracts and GPG keys I am pretty sure if you sign it, are legal contracts so yeah, they aren't going anywhere. People better learn or be left in the dust.

I don't think that the GPG software is particularly hard to use myself (compared to say configuring Email apps years ago) - but people just "don't want to bother with it" is the *real* problem (especially non-geeks).

LMAO considering that Android is linux based I would say it is easy, also have you ever installed Ubuntu it is insanely easy. IRC isn't just for the geeky of the geeks, actually most IRC are really user friendly. GPG keys the concept maybe tough, but the software again makes it very easy to use. I really don't see how these things are hard for people now of days.

Sorry, gweedo, but you lost me with that remark. You might as well say that Linux is as easy for a nontechnical customer (like my grandmother) to learn as Windows or Android.

I updated the website with v0.02 of the pitch. Based on CIYAM Open's and dscotese's feedback, the system now requires fewer transactions for scoring, reduces potential fees, and eliminates the need for the one-off "scorecard" address described in v0.01. I also added some initial FAQs (not comprehensive, but it's a start) based on a lot of gweedo's questions and comments.

Thanks for your help so far. I'm hoping to keep improving. I think next I'll write down my thoughts on the specifics of how the outputs might be structured. (Specifically, I'm thinking about what numbers to use to indicate the opening transaction so AudenX knows which of the two score numbers represents the scoring scale and which represents the final score.)

Just to be clear, "addresses you deemed trustworthy" means addresses the user deems trustworthy — not addresses that any centralized entity decided are trustworthy. Deciding how to interpret the data generated using the AudenX pattern is a choice each user gets to make for herself.

And, as I mentioned above, there is always this chicken-and-the-egg problem when you're first starting out, regardless of the network. When you're starting a business, you have to attract that first client somehow, then leverage that client's experience into referrals. When you start your career, you have to land that first job, then use that work history to land future jobs. Any trading network that's worth joining — that has trustworthy trading partners in it — should require some effort on the part of the new user who wants to participate.


The system I'm describing requires two parts, though, and each needs the other in order to be useful. 1.) Users need data about mutually-agreed-upon transactions that actually occurred, and 2.) users also need a way to interpret that data to help them decide whether to trade with someone. The "signaling" concept deals with 1, and the "trust algorithm" concept deals with 2.


Right, that's the goal. And this thread is for collecting feedback and ideas that will help make that specification clearer and better.

This system is so fail, now your making it so hard for people to get trust unless they trade to addresses you deemed trustworthy, so you described two different systems can you choose one, write a clear specification and repost it.

It's up to you to decide if it's worth taking a risk on another user with a 1-week history, especially if that new users hasn't done any verified trades with anyone you trust. So while the signaling pattern itself doesn't stop fraud, your chosen trust algorithm can stop fraud, if that algorithm is chosen intelligently.

This is what I mean when I use the phrase "trust algorithm": it's the criteria you choose to interpret the scoring data on the blockchain. Choosing those criteria wisely — choosing a good trust algorithm — is what makes the system useful to any individual user. Designing intelligent algorithms can be done by users, or by third parties focused on studying the blockchain more methodically.


Perhaps I'm not using a clear enough example. A scammer could spend a decade creating "fake" trust scores between thousands of "fake" identities so that the scammer might seem at first glance to have a lot of trustworthiness. But if I'm looking at that scammer's address through the lens of my trust algorithm and see that zero of that scammer's transactions have been with users that I know and trust, and no users that are 2nd- or 3rd-degree trading partners with people I know and trust, then that's enough information that I could easily choose not to do business with that person. I could even decide that I won't do business with another user unless 10%, 15%, 90% of their transactions have been with people I already trust. That's the power of the social graph.

This is why I don't propose even trying to lock scammers out of participating in the system. I'm describing an open system for rating satisfaction with transactions that anyone is free to use in whatever way they see fit. The power of the system is that each user can decide how to interpret the rating data for the purpose of guiding their own transaction decisions.

Your talking about an extreme case and where those happen, they can't be weeded thru, but your not even attempting to stop scammers take a week build up rep with a few addresses. Then bam your getting scammed. So I am not talking about 100% fraud but 85%-95% fraud stopped. With your system that is like 0% -maybe if lucky 5%. That is horrible! See your trying to create a "easy-to-system" stop with that, create a system that stops fraud and is hard to game, then build an easy to use system on top that is what you should be trying to do. Also you keep saying trying to diminish scam as your history of a transaction grows, that doesn't work, we need a system, that blocks fraud users, from gain any rep and your systems habors that fraud which can't be rolled to any other address the scammer can use. I think you need to re-think this, otherwise it will fail.

Maybe we have a philosophical difference here.

The way I see it, trusting someone inherently requires taking a risk, because even a perfect and complete representation of a party's behavior in previous transactions can never ensure that they will behave the same way in the future.

Even with your hypothetical trust-rating system that's impossible to game, a person who has always behaved honorably in the past can choose to forfeit their reputation by scamming someone. So even if such a system were possible to build, even if that system were perfect from an identity-verification standpoint, it could never eliminate all fraud.

All human interaction entails risk. If humans had waited for a 100% foolproof method to ensure that they'd never get hurt in their interactions with other humans, there would have been no human interaction to date. Instead, humans take the risk of interacting, and the smart humans decide which interactions are worth the risk using a number of indicators that help to predict another person's future behavior.

Therefore, it seems to me that an easy-to-use system that helps build trust, even if it's imperfect, will still be a useful tool for parties who want to conduct honest trade.

I reiterate my point here that my goal is to create a system where the incentive to scam diminishes as your history of honest transactions grows. It's like the hypothesis in Satoshi's white paper about what happens in the event that someone accumulates > 51% hashing power: at that point, the incentive to behave honorably and keep the market functioning would, for someone acting in their financial self-interest, be higher than the potential gain from defrauding the Bitcoin community and driving users away in fear.

I think pirateat40 was an extreme case. I want to meet these people that can't use GPG keys I have taught maybe ~10 to ~15 that have that are not geeks by any means and they caught on quickly so may it was the way you were teaching them. IRC is just as easy as AOL IM today. You can run IRC client inside of chrome so yeah. I think your very wrong about calling it hard, maybe you can't explain it in simple terms.


Right there you have already lost so many people cause we need a system you can't game. I think it is back to the drawing board.

Fair question.

I'm not sure if your phrase "paying you for trust" means that "Alice is paying AudenX for trust" or "Alice is paying Bob for trust". Perhaps you mean both. Either way, the idea is not that people are paying "for trust", but rather to incorporate data into normal blockchain transactions that adds a layer of meaning that indicates trust/satisfaction. The amounts involved in this signaling can be trivially small — far smaller than what would constitute meaningful payment amounts — and you could even incorporate the signal into some part of the transaction that isn't an output value.

The idea is not to create a way for someone to "buy" credibility. Credible trust would have to be built up over the course of many transactions. You can't just pay 1,000 BTC to AudenX to get an awesome trust score.


The difference between using the blockchain and you making a forum thread that says "Alice and Bob had a smooth transaction" is that we can verify that transactions on the blockchain actually occurred between Alice and Bob's addresses, and (most likely, unless their wallets were compromised) that those transactions were voluntarily entered into by Alice and Bob.

You could of course watch the Blockchain for transactions that match the AudenX pattern and then report them on a forum thread, but the transactions would actually have to be created by Alice and Bob before you could report them on the thread.


No, this is incorrect. There are lots of ways we could choose to signal negative experiences. For example, if we standardized around a system where "scoring" values were 1 Satoshi at the low end and 20 Satoshis on the high end, a final rating of 1 from Alice to Bob could indicate that Alice is totally dissatisfied with the transaction.

However, the scale that I was suggesting in my original posting would allow participants to arbitrarily choose the number that means "satisfied". Alice could initiate a transaction with a baseline score of 13, and if she decided to award Bob a final score of 14, that would be like saying "satisfied + 7%" — basically meaning Bob went above and beyond the call of duty. Or she could award a score of 1 to Bob, which basically means he was awful.

I think I've read somewhere that you can have output amounts that are 0, so if that's actually possible I guess Alice could use 0 as a value to indicate that she was totally scammed.

In any event, regardless of the rating scale used, if you pick a standard way to interpret the numbers, then you can have a rating system that's as granular as you want, with both positive and negative ratings possible.


There is nothing to stop a scammer from creating many Bitcoin addresses and using them to build up the appearance of trustworthiness. This is true on bitcoin-otc as well.

Also, just to be clear, you wouldn't be creating "profiles on my site". The "identity" of someone on AudenX is simply a Bitcoin address. You could generate that address however you like.

Similar to bitcoin-otc, you can see that the AudenX scoring system would allow you to create your own sort of personal "trust algorithm" based on your trading network, so that you value apparent trustworthiness in a stranger more highly if they've already received a trust score from someone you trust. The social graph matters. You could choose to ignore the apparent trustworthiness of someone unless they meet a high standard — like maybe they have to have 100 or more satisfactorily concluded transactions with people you already trust before you do business with them. In the future, users might not even want to build their own algorithms for calculating trustworthiness — they could just rely on third-party algorithms created by companies that study the blockchain.

There's of course the chicken-and-the-egg problem of how a new person in the network gets started building trust. Just as in real life, though, you trust someone with a little bit to begin with, and then more over time, rather than trusting a stranger with $1,000,000 of your money right off the bat. This could mean that new people get their first scores by trading with friends, or people whose real-life identities they already know.

I'm not trying to create a system that's impossible to game, and I'm not interested in trying to create a bulletproof identity-verification system. The goal is to create a system where the cumulative value of your trustworthiness is greater than the incentive to scam. Basically, if you spent a year building a history of trustworthiness, there would be a monetary incentive to continue your good behavior, because you have a bigger pool of trading partners interested in trading with you. It's the same reason people strive to keep a high credit score.


I don't see any problem with that. If you're comfortable with bitcoin-otc, you like using it, and you like your trading partners in it, then you're all set. But as CIYAM Open notes, and I think many people would agree, there are really a lot of potential users of Bitcoin for whom using IRC and GPG keys would be a major barrier to entry. Getting a bitcoin wallet and learning to use it is, for people unfamiliar with IRC and GPG keys, much more accessible. And a wallet is all you'd need to get started using AudenX.

I have already had at least half the people interested simply *give up* on signing up to CIYAM Open because it currently requires GPG (hint - it won't be a requirement soon because I actually do *want* people to join up rather than attack them for not knowing how to use GPG).

Add IRC to the mix and you have created a system that only *geeks* can use (seriously some Bitcointalk people ought to get out into the *real* world at least once a year or so).

As for scammers I think you'll find that pirateat40 had a *very* good OTC reputation.

A couple things, I am paying you for trust. Why? What the difference in me making a thread on here saying "Alice and Bob had a smooth transaction". I can't rate someone in the negative that isn't good, now I just had a transaction which I lost money and now I have to send you something to rate this person kinda like salt on the wounds. What about a scammer, how does he not make many profiles on your site to boost up his rating? I mean spending .01 to boost up ratings and sending 50btcs around to make your system think there is transactions happening? I don't like that I am identify and my trustworthy is thru an address, this lets scammers reset every time they are detected. I am sorry but if this the best trustworthy approach then I would stick with GPG keys and bitcoin-otc.



Honestly tell me how hard is IRC and gpg keys? Is it that hard, that your willing to allow a system that basically allows scammers to reset every time detected. This argument that IRC and GPG keys are too hard for new people, is plainly invalid, there are millions of threads on here explaining in great detail how to do it. Also there is many sites explaining it. And if your still that new to not get it, there are youtube videos to follow along. I mean if you actually think this idea is the way to solve this, then you are very wrong, and really need to rethink how you view trust in the bitcoin world.

Agreed!


Also agreed. A near-ish term aspiration for me would be to build something like blockchain.info for viewing trustworthiness of BTC addresses.


Guess I'd better start tracking feature requests

It's good to see someone finally motivated enough to perhaps make this happen (it didn't before and yes the OTC stuff is just way too hard for most people).

For this to work best I would recommend that it be documented in an open way so that hopefully down the track other rating sites will use the same implementation (rather than ending up with multiple incompatible ones) and I see such rating tx's as having far more value than SD tx's do.

If the rating data is view just as being data (which I would recommend) then cram as much as you can into that (and as many different types of things such as id verification level) then the website's success will be in simply and hopefully powerfully being able to let you "view" a buyer/seller without having to understand the low-level stuff (although important for that to be available for other sites to display also so you can be assured that the website isn't misreporting).

Being able to "filter" out buyers/sellers based upon their obscurity (for example) would be a nice feature for the website to contain.

Looks like we're sharing a brain wave! Thanks for posting; it's encouraging to see that others are thinking along these lines.


This comment makes me realize that I've been thinking about symbolizing "trustworthiness" in a slightly different way from bitcoin-otc web of trust.

Rather than allowing users to simply assign a trustworthiness score to other users whenever they please, I'm imagining a system where users' satisfaction scores are only counted when the parties have actually done business together.

The reason I think it's good to require a reciprocal "open" signal from Bob is that this lets AudenX know that Bob has agreed to whatever transaction Alice is trying to initiate. Alice can't just spam Bob with positive or negative scores if he hasn't agreed to do business with her.

My desire here is for AudenX "trustworthiness" to reflect a party's performance in actual, mutually-agreed-upon trades. If I'm truly interested in doing business with Bob, I think "reputation" that's based on unidirectional scores (e.g. iPhone app reviews, reddit upvotes) isn't as useful as knowing the satisfaction of another person who entered into a mutually-agreed-upon trade with Bob.

Requiring reciprocal scoring also helps extend the concept of trustworthiness beyond the seller: not only do sellers have to demonstrate that they're good to do business with, but buyers need to play nice, too. (E.g. If you're a seller, you might want to steer clear of that jerk buyer who always leaves 0% reviews, both to save yourself the headache and to protect your own trustworthiness score from trolls.) This creates an incentive for parties to work together to keep overall satisfaction high, rather than putting all the power in the hand of the buyer-reviewer.

Reciprocal "open" and "close" signals also seemed important to me, so that AudenX can calculate an identity's "completion rate" for trades, and so that users are motivated to finish their business and rate each other in a timely way.

Yeah, that seems better.  Then the blockchain could be analyzed to see how long it takes an AudenX-registered address (Bob's) to receive the satisfaction transaction after collecting bitcoin from another AudenX-registered address (Alice's).  I don't think you need the Open Transaction output that Bob put on his Wordpress payment.  It's up to Alice, when she gets the socks, to register that Bob did a good job, and only if Bob lets her know that his address is registered at AudenX.  And when Alice sends the original bitcoin, does she really have to add those other outputs?  AudenX can recognize the bitcoin destination is Bob's AudenXIdentityAddress.

AudenX vendors would instruct their customers: "Once you've received your purchase, please add two outputs to your next transaction, one for 1OurAudenXIdentityAddress and one for 1AudenXAddressOfRecord, both for 0.00000100 bitcoin to help show everyone that we stick to our promises.  Thanks!"

And of course, AudenX would tell people "If you're not satisfied with a vendor, you can register that publicly by adding two outputs to any transaction, one for 0.00000XXY (AudenX has 3-digit codes for all kinds of Customer Service ScrewUps) to 1AudenXAddressOfRecord, and the other for 0.00000YYY (The "IDENTIFIER" 3-digit code) to 1ThatVendorsAudenXAddress.

Man it's late for me.  I hope I'm not too stupid in this post.

Some further ideas: https://bitcointalk.org/index.php?action=printpage;topic=87339.0

(a bit more complex but would provide a much more powerful system)