I've been thinking about distributed markets, and what information to reveal and hide. Just like in Bitcoin, your identity is a pseudonym---so in concept, you can make everything except the link between that pseudonym and your real identity public, and nothing bad happens.
But, also like in Bitcoin, your pattern of activity may suggest that link. So if you're a buyer, then do you want to reveal that you, a single person, placed multiple orders to:
- No one?
- That's most secure, but it makes buyer feedback almost worthless---the seller can create as many fake reviews as she wants, at the cost only of commission on the fake orders.
- Everyone?
- That's good for your reputation, if that shows many successful transactions with trusted sellers.
- It's also good for the reputation of sellers you've reviewed, because it helps build a web of trust.
- It's bad for your anonymity. ("You know, I had a friend once who liked THC gummies, Kyrgyz porn, and Levitra...")
- Only sellers that you buy from and the escrow agent?
- They're the only people whose trust matters to you, so you have nothing to directly gain by revealing your history to anyone else.
- But, that doesn't build up the web of trust ("Are these fifty reviews all from buyers with long history, or all from accounts created yesterday?") that benefits everyone.
- There's also nothing to stop them from leaking the proof you send.
- A trusted third party that aggregates transaction history while trying to preserve the buyers' anonymity?
- That's what centralized markets do now, for good reasons.
- A decentralized market could still do that, but that makes it less decentralized.
- It might be possible to do something analogous without that trusted third party---for example, with ring signatures over groups of similarly-trusted buyers---but the cryptography becomes more difficult.
Of course, a buyer can change pseudonyms whenever she wants. If she needs the escrow agent's help with transaction D, then she can even sign messages proving that she's the same person responsible for transactions C, B, and A, and get the benefit of that reputation, retroactively disclosing as much of that link as she thinks helps her specific situation. That's pretty complicated for the buyer. It's also not as convincing as a single pseudonym, because she can cherry-pick, by not mentioning any past transactions that would hurt her case.
Along the same lines:
- As either a buyer or a seller, do you want to reveal the order total price?
- It helps with your reputation---there's a big difference between five ten-dollar orders and five thousand-dollar orders.
- It also identifies the highest-profile targets.
- The item purchased?
- Most sellers have a limited selection, so that's probably not too different from just revealing the seller.
- The Bitcoin transaction?
- If either party was careless and can be traced through the blockchain, then now anyone in the world can make the attempt.
- That includes Coinbase and friends, which have massive databases mapping Bitcoin addresses to real identities, that even governments (probably) can't access in bulk.
This is basically a tradeoff between anonymity and reputation. The more I think about this, the more I feel a need for some kind of aggregation of transaction history, whether that's a person with incentives not to scam, or code running on trusted hardware, or fancy crypto. That system doesn't have to be perfect---as long as most of the time, it aggregates and destroys, occasional leaks of complete history probably aren't enough to put the pieces together. Without that, either reputation or anonymity (or both) seem likely to be much worse than in existing centralized markets, which barely hold together already...
This is obviously a smaller problem in an open market, where anonymity is less important, and other sources of reputation (like from the person's real identity) are available.
So am I paranoid? Or is this something that would concern most users as much as it does me? What will you feel comfortable disclosing?
As you are starting to realize - only aggregating the feedback and distributing it works well. This is what we are doing with /r/axis_mundi by getting the notaries to perform this function, primarily becasue they are the only party (other than buyer and seller) who have some visibility over a transaction.
This means that every notary is responsible for internally tracking each time a given buyer or seller uses them and tallying up their transaction count and feedback and then making the summaries available. For each rated user the notary also provides a value called key_diversity which shows how many different parties have left the feedback. Later we will extend that concept further with other parameters that indicate how likely the feedback leavers are to be legitimate. At no point will the notary ever show both parties to a transaction (buyer and seller) - one side will always be anonymized.
To get a buyer or sellers feedback you have to query every notary (in fact we have the Looking glass servers which do this for you although any client can request it directly from each notary if they want).
If a notary decides to shutdown or disappear it is still possible to get the signed, aggregated/summarized feedback scores.
We spent months thinking about this - there is no perfect answer of course - but spreading the risk/responsibility is nearly always the best course of action and prevents any one party knowing too much. Over at Openbazaar they seems to be coming around to a similar conclusion.
You certainly don't want a situation where one party knows everything (centralized market style).
Method such as ring signatures do not have any obvious (useful) application to solve this particular problem in our humble opinion.
/u/-el_presidente- posted this to the Hub in July describing our high level feeback structure - it has changed a little since but not too much: