XMRfamily
commented
6 months ago very useful
Open nihilist001 opened 6 months ago
XMRfamily
commented
6 months ago very useful
monerobull
commented
6 months ago it could also be optional, as its potentially easy to give yourself a ton of positive reputation points
this kills any form of decentralized reputation imo. there is no point in a score when i can give myself a lot of score for a lot less than i could gain by scamming with the help of the fake reputation.
shortwavesurfer2009
commented
6 months ago So, at least cash by mail and other accounts similar will show you the age since the account was created and payment accounts like Zell can be signed which requires at least 30 days. So what you could do is require the other party to have a signed account, which means that they've had the account for at least 30 days and made one good trade with another signed peer. Or for cash by mail or other offers be at least 30 days old. From what I understand an arbitrator can force, delete, and account, which would then wipe out that account's age and signature status. And therefore, you would not trade with them because the new account was too young. You could also potentially use the peer .onion address, and make a list of known good onion addresses. This list could be hosted on GET somewhere so that people could submit issues to it for people they wanted added to the list or subtracted from the list. So this would take a trusted community member to run that repository.
nihilist001
commented
6 months ago So, at least cash by mail and other accounts similar will show you the age since the account was created and payment accounts like Zell can be signed which requires at least 30 days. So what you could do is require the other party to have a signed account, which means that they've had the account for at least 30 days and made one good trade with another signed peer. Or for cash by mail or other offers be at least 30 days old. From what I understand an arbitrator can force, delete, and account, which would then wipe out that account's age and signature status. And therefore, you would not trade with them because the new account was too young. You could also potentially use the peer .onion address, and make a list of known good onion addresses. This list could be hosted on GET somewhere so that people could submit issues to it for people they wanted added to the list or subtracted from the list. So this would take a trusted community member to run that repository.
Ok, that changes things up. So that could also be an incentive to not scam other users, if an arbitrator can actually revoke one of your accounts (lets say an account you created for cash by mail), the reputation can just be based on the following:
-longevity of the account (let's say 30 days) -amount of transactions completed (lets say 1000)
-user1: Alice (30 days / 1000 transactions) : trustworthy as the account completed 1000 transactions successfully, and is older than 30 days -user2: Bob (7 days / 10 transactions) : not trustworthy because he didnt pass the minimum 30 days period -user3: Charlie (30 days / 1 transaction) : not trustworthy because he didnt complete enough trades even though the 30 days period is over
so here the limiting factor for a scammer is that they have to wait 30 days between scams, assuming they fail their scam attempt each time and they only use 1 haveno dex instance.
but yea its still a bit flawed, supposing Bob has 2 Haveno DEX instances and makes many trades with himself, hes making himself trustworthy
shortwavesurfer2009
commented
6 months ago Well, it's really hard to completely beat anything, but you can reduce the risk massively by taking precautions like these.
nihilist001
commented
6 months ago Other idea, for each account: -how old the account is (ex: 30 days) -number of completed trades: (ex: 1000) -number of different peers with whom those trades have been completed (ex: 500) -number of trades completed with peers that you previously transacted with (ex: 20)
this would mean that the longer you are around, and the more you transact with random people, the more likely you are to spot bob the scammer that has been doing 1000 trades with noone other than himself.
(not sure if this is easily doable though)
privacyOG
commented
6 months ago Other idea, for each account: -how old the account is (ex: 30 days) -number of completed trades: (ex: 1000) -number of different peers with whom those trades have been completed (ex: 500) -number of trades completed with peers that you previously transacted with (ex: 20)
this would mean that the longer you are around, and the more you transact with random people, the more likely you are to spot bob the scammer that has been doing 1000 trades with noone other than himself.
(not sure if this is easily doable though)
This mean that system is tracking and keeping a record of all our different trades, even if they alias or encrypted its still a point of vulnerabilty for our anomymity and privacy. That for me could be troubling
privacyOG
commented
6 months ago Also I would like to add, you dont believe the security bond that buyer and seller must put is enough to deter scammers?
The problem I see is when we onboard new users to Monero and they join Haveno they will always be at a huge disadvantage as they got no or very little trading history. That might just push someone away from using monero. The whole point of haveno is to grow Monero users etc... I know this as people who I introduced to monero during LocalMonero era found it very hard to trade due having no history or little trading history and they ended leaving the monero totally.
We want more new users of Monero becauses that adds more liquidity in the ecosystem.
phytohydra
commented
6 months ago I agree that something is needed, because if people don't know who they're dealing with, they don't trade.
In principle, it was as easy to create fake reputation on Localmonero as it would be on Bisq/Haveno. You could sign up via tor browser, so there was no way to identify sock accounts by IP address or browser fingerprint. Most traders didn't require a verified email address, and most trades never went to arbitration, so in theory you could make a set of sock accounts, trade with yourself, and leave yourself feedback. But the reputation system was still considered a success and gave people the confidence to trade with you. Maybe it was more a matter of seeing the other person there every day and having traded with them before. You could make your numbers go up by trading with yourself, but in a way it was just easier to trade with other people.
This is why I just proposed a readable username system in another issue here, because I think we need something to help break the ice.
monerobull
commented
6 months ago Im very much against adding some esoteric, easily manipulated score that means nothing. The current, slim system is imo enough and if there is no other proper, un-fakeable metric, it would only do harm to add anything else. At best this would be security theater with the only goal of making people feel better. At worst it would make Haveno a swamp full of scammers with fake reputation with it being near impossible to find legit offers. I personally don't care about your feelings, not on a DEX that is supposed to be running on solid facts and nothing else.
phytohydra
commented
6 months ago It's not about feelings. It's about human psychology and how to get people to actually use the platform.
monerobull
commented
6 months ago They won't ever use it again if they think "oh this guy has 500 completed trades, must be legit" and then get scammed. Fake reputation can also heavily influence the decisions of arbitrators and shifts the balance between "new user" and "scammer with 500 fake trades" towards the scammers. That's human psychology as well.
You guys don't get just how dangerous a fakeable reputation system is to the entirety of Haveno, do you?
nihilist001
commented
6 months ago They won't ever use it again if they think "oh this guy has 500 completed trades, must be legit" and then get scammed. Fake reputation can also heavily influence the decisions of arbitrators and shifts the balance between "new user" and "scammer with 500 fake trades" towards the scammers. That's human psychology as well.
You guys don't get just how dangerous a fakeable reputation system is to the entirety of Haveno, do you?
yea now that i see it that way, a reputation system could lead to biases and not necessarily in favor of the honest peers. I understand your way of seeing it too, above all it should be technology and strict trade protocols to be respected by both peers that should secure the trades, rather than something that can be manipulated.
hence i think we should focus on making sure every payment option is documented, along with their risks https://github.com/haveno-dex/haveno/issues/944
privacyOG
commented
6 months ago They won't ever use it again if they think "oh this guy has 500 completed trades, must be legit" and then get scammed. Fake reputation can also heavily influence the decisions of arbitrators and shifts the balance between "new user" and "scammer with 500 fake trades" towards the scammers. That's human psychology as well.
You guys don't get just how dangerous a fakeable reputation system is to the entirety of Haveno, do you?
Not just that we dont want haveno dominated by the whale type traders because they had 1000 traders but a new user to Monero and haveno has no hope of making a sell trade as they got no or little history. This turn people away from Haveno and or even worse Monero. The whole point of Haveno is to bring liquidity in that can only happen with new users
shortwavesurfer2009
commented
6 months ago I just had a brainwave of something that might work.
What if we changed the signing system so that every time you traded with somebody who was also signed, you got signed after 30 days and then in your offer terms, you could say that you will not work with an account that has been signed less than X number of times.
Each signature is delayed by 30 days so if somebody tries a charge back that seller can just cancel their sign and an arbitrator can also force delete an account which would wipe out all their signature history and nobody would want to work with them or charge high premiums to do so.
Edit: After several hours of arguing with Monerobull, here are some modifications to my thought.
Edit 2: Apparently, I have been mistakenly operating under the idea that an arbitrator could force delete an account when apparently they can only block the account, so this may not work.
nihilist001
commented
6 months ago quick recap / mash of today's brainstorming: bob creates his haveno dex account, by default (like how it is now) every offer is the same. bob transacts with alice successfully, he now trusts her offers. (appears in green for bob) and the offers that alice trusts appear for bob too (appear in yellow for bob) rest of the offers remain the same (they appear in red for bob)
though as pointed out by monerobull, this may incentivize to spam the network
for further brainstorming in this suggestion, take into account the following : -bob the scammer can spin up 20 haveno DEX instances to gain reputation points as fast as possible, and then he attempts to scam as many people as possible with multiple trade offers
boldsuck
commented
5 months ago We should definitely respect the privacy & security of users, developers and Haveno operators. If so, reputation should only be P2P and not centralized. An interesting link was shared in the Reto SimpleX chat yesterday: https://bitcoin-vps.com/ The Gov. wants to restrict the free cryptocurrency more and more and at a European CEX I read some harsh statements about how much they are after Monero. We should try to leave as little trace as possible.
I read an old Bisq blog where it said something about will support an optional GPG key which can be used for reputation.
I can agree with @monerobull The current, slim system in bisq has been working for many years.
KewbitXMR
commented
4 months ago What about a ~12 hour RandomX proof of work mechanism for creating new accounts and require flat deposit of 0.1 XMR, also you have to been invited by an existing member which will start with the developers inviting people on Reddit and Matrix’s, this way we can discredit accounts (beyond a tree recursion of about 5) accounts who’ve invited confirmed network spammers. This way we can visualise in a graph through what account invites spammers and attackers are entering the network and either blacklist or penalise. This might make people just invite who they trust / or wish to safely trade with which is ideal.
The first 2 suggestions create a bit of a barrier to entry but perhaps not so bad?
there could be a reputation system: -number of completed trades (ex:1000 -score of won arbitrations ( if -10 it means he lost 10 disputes, if +10 it means he won 10 disuputes) (ex:-3) -number of completed trades with you (ex:0)
user: bob (1000 / -3 / 0) wouldnt seem trustworthy as he has many trades but lost disputes user: alice (1000 / +10 / 0) would be more trustworthy as she won disputes
I think this could add up to the incentive to not scam (like it was on localmonero, if you fail a trade, you no longer have a clean 100% record), let me know your thoughts if this is a good idea or not
it could also be optional, as its potentially easy to give yourself a ton of positive reputation points
EDIT: so If there is a reputation system later down the road (because i think we should first focus on the payments methods documentation + trade protocols), it should be:
-as hard/costly to manipulate as possible (where bob spins up 20 haveno dex instances to trade with himself kind of example)
-easy as possible to loose everything in one scam attempt (1 failed transaction) = need to start the grind all over again