Fun fact: the original Satoshi bitcoin code included a partially completed distributed market system. Check out the file market.cpp in version 0.1.0.
That said, some major challenges (I've done a bit of thinking about this) - First: Sybil attacks on the reputation system. The author alluded to this but the solution given was vaguely specified and somewhat reminiscent of social network driven overlays like Tonika that a) are inherently problematic for anonymity, and b) hard to grow due to aforementioned invite problem. Another problem is maintaining anonymity while making things efficient - the obvious design would be DHT based but this leads to a whole host of weaknesses (see a paper called 'Hashing it Out In Public' for details), and leads to fragility as DHTs are weakened by high rates of churn, which are quite common in real world p2p networks. Have quite a bit more to say on this topic but I'm on mobile at the moment, may write up an essay at some point.
I would encourage the OP to read up on some of Peter Todd's ideas around fidelity bonds for some ideas on the reputation aspect, also have a look at a (centralized) marketplace called NashX for dispute resolution.
EDIT: also check out the bitcoin-otc web of trust.
> Fun fact: the original Satoshi bitcoin code included a partially completed distributed market system. Check out the file market.cpp in version 0.1.0.
The essay your talking about interest me. To be precise, I'm interested in knowing your point of view regarding the viability of a social network which database is stored in DHT.
edit: in my point of view, marketplace is just another social network.
As far as I can see, the essential problem with decentralized anonymous marketplaces is that reviews need to cost money. Plain and simple. Good reviews have great value, so they need to have a non-zero price. A vendor's review history is the indicator by which you assess whether a vendor is trustworthy or not, and a vendor should have to pay to achieve a trustworthy reputation - if good reviews are free, and you can make money from good reviews, they would have little value.
This is the reason spam emails are so frequent: you can make money from something that costs very little. If reviews were near-free, good reviews would be as plentiful as spam emails.
Free reviews means vendors can make sock-puppet accounts, fake a transaction, and leave a five-star review to themselves. With Silk Road, they take x% of the value of each transaction (or if not, that's at least how it should be), so if a vendor seeks to inflate their review score, they will pay a price for it.
In fact, a good overall review score for a vendor - as far as I can tell - is the sum of all the review "values" (1 to five stars) multiplied by the value of the transaction in question. So a vendor with 10 five-star reviews on 10 orders of a value of 1 BTC each, would have the same score as a vendor with a single five-star review on a single transaction with a value of 10 BTC. Both these vendors would have paid the same amount of money to get this, equal, review score.
I've thought a bit about this, and I don't see how this can be solved in a decentralized market, with no middleman to tax transactions, and make sure that vendors can't get free reviews.
It doesn't help me to know that an anonymous person had tipped an anonymous vendor. That doesn't add much value.
However, it would be sufficient if I could somehow determine that someone that I knew had tipped the vendor.
Of course, I don't want my friends to see that I had tipped someone, or all of those of whom I have tipped. I just want it to be possible that they can see my tip, within an aggregate poll, only if and when dealing with that vendor.
> It's not important for me to know that an anonymous person tipped an anonymous vendor. That doesn't add much value.
Allow me to disagree (with the last sentence). If you can see that a certain vendor has spent a total of, say, 100 BTC on fees, to build up a reputation, then it doesn't make financial sense for that person to try to scam you in a 1 BTC transaction.
Maybe. But, doesn't it make sense for a vendor to spend 100 BTC in fees to build a reputation so that they may scam 1,000 people in 1 BTC transactions?
Yes, it does. Which is why you have to have the trust factor incorporate the transaction volume for each vendor (calculated based on how much they've paid in fees).
Scamming 1,000 people for 1 BTC would require having 1,000 open orders for 1 BTC each at the same time. If a vendor who has paid 100 BTC in fees has over one hundred 1 BTC pending orders, you'd probably be wise to stay away. And the software can guide you in making this decision.
Without having thought about it further, this might work.
All we would need to do would be to "burn" a certain percentage of the transaction, eg. by sending it to an provably unspendable address (a hash160 of all zeros, for example).
So the transaction from the customer to the vendor, paying for the goods, would be a 2-of-3 multi-signature transaction (of which the customer, the vendor and the escrow agent each hold a copy), with an output (let's call it output1) to the vendor (paying them for the product), and an OP_RETURN output which specifies a review value (for example, 1 to 5). output1 will then have to be redeemed in a new transaction (created by the vendor), and this transaction will include an output that burns x% of the amount redeemed from output1, and an OP_RETURN output that specifies the vendor's public key.
To calculate the aforementioned total review score for a vendor, all you do is check every transaction that contains the vendor's public key in the OP_RETURN output, and take the sum of the review value multiplied by the amount of bitcoins burned for each of these transactions.
Might also help if the burn amount could be denoted as positive or negative. If zero is the worst, it might just mean "didn't care." If someone spends a significant sum on a negative rating, you know he was pissed.
There have been some behavioral economics experiments showing that people are quite willing to make sacrifices to punish offenders.
The burn amount shouldn't be proportional to the rating.
I realize now the system described above is faulty, as the vendor must not be able to hide transactions with a low rating. Also, of course the review value shouldn't be specified by the buyer before he has received the goods. But I'm pretty confident this can be worked around with the right protocol.
Yes, it is too simple. If a vendor wants to pose as a buyer and post fakes reviews if there is no cost to the transaction itself then there is no cost for the vendor to post a fake review.
In Silk Road the cost of producing fake reviews was the commission cost of the sale.
When has this ever worked in the real world? I mean, in theory parts of it are nice, but conflating it with the spam problem is probably not accurate; merchants will just pay for positive reviews for themselves and negative ones for competitors. I ask honestly: are there examples where this has worked?
I feel like the much better system is to increase the available information about transaction and/or review volumes associated with a particular account -- that makes it much easier to filter out bullshit, and mimics the way fakes are detected on the rest of the internet.
> When has this ever worked in the real world? I mean, in theory parts of it are nice, but conflating it with the spam problem is probably not accurate; merchants will just pay for positive reviews for themselves and negative ones for competitors. I ask honestly: are there examples where this has worked?
eBay works this way [1], and I believe this is how Silk Road operated as well, although I'm not sure.
Merchants who pay for positive reviews for themselves and negative reviews for others have greater expenses than merchants who refrain from this, and, consequently, are less competitive.
Imagine a market place with hundreds or thousands of vendors (which is the size an established market place will grow to, if not much larger). Let's say the average total sale volume per merchant is $10k (I think that's a low figure). To nudge all your competitors' total review score 10% in the wrong direction you'd have to buy 1,000 * $10,000 * 10% = $1M USD worth of items from them, and leave all of them a 1 star feedback. Does this sound like an economically viable business approach?
Paying for positive reviews for yourself is cheaper than that, but you're still less competitive than the merchants who actually satisfy clients, and don't have to spend funds to increase their own rating score.
I'm not saying you can't combine this approach with something else, that might very well be the best solution. But I do think the best solution will require paying for reviews, in some way or another.
> I feel like the much better system is to increase the available information about transaction and/or review volumes associated with a particular account -- that makes it much easier to filter out bullshit, and mimics the way fakes are detected on the rest of the internet.
I think I would need more details on this approach to understand what you're suggesting. How would you achieve this in a distributed system? And how do you get around the problem of vendors being able to increase their review score for free?
a) ebay does NOT work like this. you leave reviews of merchants when you've done business with them, not for pay.
b) silk road does not work like this.
c) you're now imposing a tax on the market which costs everyone more, disproportionately benefits the wealthiest, and generates confusion. great job.
d) how is this not clear? if you add a gold star to someone's review when they have actually purchased from a merchant through your system, that gold star can be evaluated in any number of ways and help weight reviews properly. like, numerically weighting authenticated reviews more heavily. or whatever. there's obviously a downside, which is that unlike yelp, nobody is using their real personality, and there's some benefit to changing ones' personality if one is worried about the legal consequences of ones' actions. but on silk road this doesn't appear to be a significant barrier -- there are enough persistent personalities that it's pretty easy to discern the credible from the questionable.
e) you didn't positively answer the original question: has this ever worked? it seems nice based on one single argument (tax on lying) but not based on all the ancillary problems...
What about creating some sort of token which allows a user to review a seller? The token itself can only be generated by a successful and verified transaction. One transaction would equal one token which would allow only one review to only that specific seller.
Yeah that makes sense. But I'm not sure the token should only be generated upon a successful transaction. This would make vendors not want to issue the token if something goes wrong.
When the buyer creates the unsigned multisig transaction, he could request the token from the vendor, so the buyer gets a token in exchange for the unsigned transaction. The token could simply be a unique, random number signed with the vendor's public key.
Upon completion of the transaction (multisig transaction is signed by two parties and published to the network), the buyer could publish a special transaction (the "review transaction"), referencing the vendor's ID (his public key), the token, and the review score/value, along with an optional comment.
Hi. I've been working on a system very similar to OPs description for months now -- http://portobello-road.org . Must be an idea who's time has come, eh? Now I know how Newton and Liebniz felt when they discovered they'd simultaneously invented calculus. Aside from a few architectural decisions (hubs and marketplaces instead of DHT for seller data dissemination and indexing) things are much the same. Would love to join forces and do something cool. I've already gotten a whitepaper put together (though very incomplete I've done a lot of the work in getting a build system for LaTeX up and going and a structure in place) and an initial implementation of a downloadable nodewebkit client and some server code. Just starting on documentation of the communications protocol and getting things going, so it's not very far along. Open to all discussions and debate regarding architecture and specifics.
As a market anarchist, I think it's important to point out that the concept of 'reputation' plays a significant role in many justifications of how a market may function without regulation or any other form of state oversight.
Making a market completely anonymous significantly limits the role reputation can play, which leads me to wonder whether some of the standard arguments for the effectiveness of markets don't apply in this case.
>* Allow users to maintain a pseudonymous identity that carries
anonymous trust across transactions.
i.e. anonymous as in it's difficult to establish a real world identity for sellers not anonymous as in no persistent identities at all.
Bootstrapping such a marketplace is obviously difficult, since it's never safe to buy from someone without reputation but everybody starts without reputation - it might be possible to demand some proof-of-work-money to establish a marketplace identity, but I'm not sure where the money would go.
But if the identity is not connected to a real world identity, there is no legal recourse if that identity cheats you. Most who advocate a pure free market still accept the need for a legal system (not necessarily a State-based one), such that for instance people who take your money without delivering the good may be sued.
An anonymous market means that there's no legal recourse if someone cheats you or steals from you.
> An anonymous market means that there's no legal recourse if someone cheats you or steals from you.
Which is why the protocol needs to financially discourage cheating.
Take the Bitcoin protocol, for example. It's not impossible to build a Bitcoin mining ASIC for $10M, get 30% of the network hashrate, and have a reasonable chance of reversing a 6-confirmation transaction. But unless you can find someone who is willing to accept a 6-confirmation $10M-equivalent Bitcoin transaction, it doesn't make financial sense for anyone to do so.
The same should apply for this hypothetical protocol. If you can see a merchant has spent 100 BTC to build up a reputation (eg. through proof-of-burn), he could try to scam you when you buy 0.5 BTC worth of goods from him, but he wouldn't profit from it financially.
In practice it is better to build p2p systems under the stronger assumption that actors need not be economically rational. Otherwise the market could be attacked (say by a nation state that wants to kill it) by repeatedly building up rep, then scamming on a large transaction (even if the accumulated rep is worth more) to destroy faith in the market itself.
Of course. But if this is not possible, we're much better off with a system where at least actors cannot profit from being dishonest.
I think Bitcoin is a great example of a system that is not cryptographically secure per se, but still holds up because actors need to spend money to - temporarily - prevent it from functioning properly.
Interesting. Would this prevent something like some of the Silk Road clones happening, wherein somebody spends months to years acquiring trust, and then makes off with the money for all incoming transactions, which is by then worth more than what they've spent on building the reputation?
Yes, I believe so. I mean, no one can prevent other people from engaging in a large transaction with a vendor that exceeds what the vendor has spent on building up his reputation, but I think we can make sure all the information is available for nodes to make an informed decision, and not make it profitable for the vendor to attempt to cheat.
Eg. in the user interface of the application talking this hypothetical decentralized anonymous marketplace protocol, a warning could pop up if you're trying to place an order with a vendor that has open orders for a value of, say, 50% of what he has burned in total.
If nodes who begin a transaction with a vendor simply publish their unsigned multisig transactions -- signed by the vendor in a way that doesn't make the transaction valid, but enables other nodes to cryptographically prove that the vendor has accepted this transaction and that it is open -- to the network (and I see no reason why they wouldn't want to), we can know the total number of outstanding orders for a vendor, and the their total value. Along with information on how much a vendor has burned in connection with other trades, we can figure out whether we would put the vendor in a position where he could profit financially from running off with the money, were we to place out order.
But remember, an escrow service is involved. The vendor would have to convince the escrow service to sign the unsigned multisig transaction (open order) so the vendor gets the money. Although the vendor can just promise a cutback to the escrow service. But if we make sure that the total value of all open orders doesn't exceed a tempting amount for the vendor, we can at least make the dishonest behavior of a vendor unprofitable.
> Bootstrapping such a marketplace is obviously difficult, since it's never safe to buy from someone without reputation but everybody starts without reputation - it might be possible to demand some proof-of-work-money to establish a marketplace identity, but I'm not sure where the money would go.
I think this is a sensible approach. The money (bitcoins) could simply be destroyed in a transaction associating an identity with the "burn". It would act as the equivalent of a fidelity bond, except the funds would not be recoverable. Perhaps it would make sense to only require this for new vendors, since the cost of a single "burn" for a vendor would be small compared to future revenue, but large for a potential customer, who might not know if they will ever use the service again.
This is interesting; but as a netizen taken part in international transactions outside of ebay/amazon I'm wondering how one can make the whole transaction safe/trusted in the face of complete anonymity for both seller and buyer.
Escrows are mentioned; but I can't shake the feeling that malicious individuals can game the whole system by creating a lot of sockpuppets and pulling up a smokescreen of trust, ultimately ripping somebody off in a high-value transaction, either as a seller or buyer.
It was/is possible on the platforms mentioned above; I don't imagine it more difficult in a anonymous market.
Looking forward to their results and insights to this.
I think they might want to reconsidert using bitmessage for communications, because it has some serious security failures as it stands. At least according to https://bitmessage.org/forum/index.php?topic=1666.0
This was what the internet was supposed to be all along, correct? A place where data can move freely from point to point without oversight or control from a central authority.
Strange that we seem to have to keep trying to get back to where we started.
this is not about data, this is about the transacting of physical goods over the internet. I am not sure you understand a) what the OP is suggesting or b) what you are saying.
Nope, I got it. I conflated "data" and "purchases", mainly because they are both transactional, and the difference between pure data and physical goods is decreasing by the day.
Thanks for pointing out the difference, though. I should have been clearer in my comment.
People are mentioning the need for reviews in such a marketplace. I present one possible solution:
> Users pay some fee to leave reviews. the more they pay the more the review is weighted.
> Buyers can rate the reviews on how helpful they are.
> A small transaction fee is collected from every transaction and distributed to reviewers proportionate to how many votes their each of their reviews has gotten.
I imagine this would prevent review spam, and reward people who post good reviews. In fact it could even support a class of professional reviewers making a living off of reviewing sellers and products.
This is incredibly open to abuse by both vendors and their competitors. A rater's "realness" is probably much better judged by other measures of marketplace activity or simply equal weighting than by their willingness to pay to bias the ranking of a particular review. I'd tend to defer to what's worked in other (semi) anonymous markets -- it's pretty easy to tell when someone is real or not based on their activity patterns.
A better policy is probably to keep raw information available and let people parse it in different ways, rather than baking in a risky and probably fragile system we hope will work.
My 2 cents: The element of trust is primary for any financial transaction. There's a reason why eBay Amazon et al employ thousands for conflict resolution b/w buyers and sellers. I wouldn't mind going on SilkRoad for acquiring something which I otherwise cannot but for items which are available elsewhere, I don't mind giving up tiny bit of control while transacting on a commercial platform like eBay.
I think the relationship is desirable, which is why some people will pay a higher price to have a relationship with a vendor, with the understanding that if s transaction goes wrong, the vendor won't balk at fixing the problem. There might also be an expectation that one party or other will extend credit for a few days.
In contrast, there are touch-and-go relationships all the time, like at convenience stores. You can't have the exchange without being present for the entire transaction, because neither party trusts the other.
Escrow services would have to be an integral part of the architecture.
The buyer pays the vendor via an, initially, unsigned multisig 2-of-3 transaction, and the goods are sent when the buyer, the vendor and the escrow service each hold a copy. When the buyer receives the items, he signs the transaction and sends it to the vendor, who signs it and it's valid.
If a dispute occurs, the escrow service will have to decide the case, and side with whichever party it finds most credible. A reputation system for escrow services will be as important as one for vendors, as far as I can see, and they need to be compensated for their service, of course.
When I read this proposal I immediately thought that Namecoin could be an asset, being a decentralized DNS. Maybe use a variant of Namecoin on individual 'store' nodes to resolve them to a single (non-ICANN) TLD that can be spidered and displayed by several aggregators.
I've written a description for the potential implementation of a decentralized pseudonymous marketplace. I would appreciate any critical analysis of it.
In my humble opinion, after the advent of bitcoin, there is no longer a reason for a client to do proof-of-work. Bitcoin basically outsources proof-of-work to miners, and presents you with a token that represents proof-of-work. As money, bitcoin proves - just as proof-of-work - that you've worked for it, there is no such thing as free money. The price of a unit of proof-of-work varies wildly, depending on what hardware you have. The price of money is the same for everyone, or at least varies much less.
The problem with proof-of-work is that attackers can invest in powerful hardware - as your spec notes - and have an advantage over other nodes. When paying in bitcoin, as a spam prevention mechanism, no one has an advantage over others. Everyone pays the current market price for bitcoins, and even the miners - who generate bitcoins, and so don't pay the market price - can sell their coins at the market price, so it still comes down to "do I want to use these bitcoins to spam this network, or do I want to sell the coins for $575 per piece?".
I agree and don't plan on using PoW other than in the proof of concept. V0.2 should use PoS because proof of burn (as a believe you are suggesting) is bad for the Bitcoin network (large number of unnecessary tx) and expensive (you don't want to pay the tx fee every time you view a listing). PoS doesn't require any tx in the Bitcoin network (ignoring those you used to earn the stake).
Thanks for the comment. Let me know if you have any other concerns.
> V0.2 should use PoS because proof of burn (as a believe you are suggesting) is bad for the Bitcoin network (large number of unnecessary tx) and expensive (you don't want to pay the tx fee every time you view a listing).
My suggestion was related to ratings, not viewing listings. I think that if the network reaches a sufficient size (thousands of nodes), retrieving listings won't be a problem. Hosts can simply throttle connections, and refuse to send out more than a certain number of listing to a single host in a certain time frame.
I don't see proof-of-burn as bad for the Bitcoin network. Proof-of-burn transactions are instantly pruneable, so they don't really put a burden on nodes (other than the 200 bytes they take up in storage space).
Yes, every object, listings, ratings, etc. should be PoS instead of PoW. I suppose the hosts can define their throttling in the contract they make with the seller, so that isn't my decision.
PoB tx usually do require a change output along with it's burn output, and even if we weren't concerned with that, 200 bytes is 1/5000th of a block meaning only 5000 objects can be broadcasted per 10 minute period (assuming everything in the bitcoin block is a PoB tx). In other words, it doesn't scale.
The advantages of the anonymous marketplace only really apply to people who's work is being suppressed (activists/journalists) or who's work is rightfully being persecuted (criminals). Maybe there's a case to be made that a lot of people do want to know who they're dealing with, besides that the system (algorithm etc.) thinks they're thrust worthy.
In countries like Venezuela, where government is enforcing laws for price control and shops are shutting down everywhere, an anonymous marketplace would be a godsend.
Citizens under totalitarian regimes are the ones who benefit most from crypto currencies, crypto messaging and crypto markets.
Yeah, I should have included that example. Just adding that repression on that scale actually merits regime change more than finding a workaround. Although the workaround might be more feasible in most cases. So, it's a good initiative.
SpeakEasy comes to mind. It was very much in its infancy last time I checked, but the ideas behind it seemed profound. I don’t have access to .onion sites right now, and I don’t have the url either, but maybe someone remembers and can post the link (assuming it's still up).
Fully decentralized means everyone has their own autonomous device to act as server and client of the transactions and has a usable decentralized (probably mesh) network. P2P over the standard net is NOT fully decentralized.
I'm not sure with OP doesn't address SilkRoad use cases on top of the ones he mentions, that are clearly a minority if we consider what is likely to happen.
Well, actually, one that he describes ‘journalists sharing secrets’ can be as big as the drug trade, if you read ‘journalist’ as ‘black hat hacker’ and ‘secrets’ as ‘exploits’. Silk Road couldn’t really do that, because of possible meddling from the central host, but without that risk…
That said, some major challenges (I've done a bit of thinking about this) - First: Sybil attacks on the reputation system. The author alluded to this but the solution given was vaguely specified and somewhat reminiscent of social network driven overlays like Tonika that a) are inherently problematic for anonymity, and b) hard to grow due to aforementioned invite problem. Another problem is maintaining anonymity while making things efficient - the obvious design would be DHT based but this leads to a whole host of weaknesses (see a paper called 'Hashing it Out In Public' for details), and leads to fragility as DHTs are weakened by high rates of churn, which are quite common in real world p2p networks. Have quite a bit more to say on this topic but I'm on mobile at the moment, may write up an essay at some point.
I would encourage the OP to read up on some of Peter Todd's ideas around fidelity bonds for some ideas on the reputation aspect, also have a look at a (centralized) marketplace called NashX for dispute resolution.
EDIT: also check out the bitcoin-otc web of trust.