hicetnunc2000 / hicetnunc

hicetnunc UI/UX
http://hicetnunc.xyz
800 stars 281 forks source link

The battle against copyminters: a possible solution #433

Open Quasimondo opened 3 years ago

Quasimondo commented 3 years ago

With hic et nunc being an open platform that has no gatekeepers or vetting process we can observe that there is a small minority of people who abuse the trust by minting and trying to sell works that are not theirs. This is annoying and some find it even sheds a negative light on the platform. Personally I think it is a price to pay for the freedom we enjoy and would not like to limit that freedom for everyone because less than 1% of all minters are showing anti-social behavior. But of course we should not make it too easy for them and here is a proposal that I think could prevent or at least further minimize this phenomenon.

One common feature of copyminters is that they usually get caught very quickly already by the volunteers who observe newly minted works and double check those that look suspicious. This means that the offending wallets usually get banned within hours from the platform. This also means that the copyminters have to create a new wallet and start again, with no public "trust" in the form of likes or their works sold showing up in trusted collectors' collections.

This is why I believe that we have to address this problem at the root - which is by preventing those first sales to be successful. A mechanism I have in mind for that is to use an escrow smart contract that acts a proxy for all sales by minters who have no sales history yet and who have not yet built up a network of trust.

All sales by these accounts will go through that contract and the OBJKT and the buyer's payment will be temporarily held by the contract. All these held sales will then be queued in an approval queue where members of the community can approve or flag them. In order for a sale to be approved it needs to pass a certain threshold of trustworthyness which is based on the sum of trust each of the community members contributes. The exact formula for how to measure "trust" is still something to be discussed, but I think it should be a mixture of OBJKTS minted/sold/collected, hDAO and the time the wallet has been active on the site. As a reward for volunteering in the vetting process, all those who take part in it will receive hDAO or tez for their correct judgement but at the same time they will also lose some trust points when their vote is different to the consensus - so it really very similar to the proof-of-stake system that tezos runs on.

Once a sale has been approved by consensus, the OBJKT will be sent to the buyer and the funds will be paid out to the minter and they will also raise their trust level. At the same time sales that are rejected will be reverted and the funds are being paid back to the seller and the OBJKT is send back to the minter (I would not go as far as holding it forever since mistakes happen).

After a new account has won a certain amount of trust by passing a few of those approval rounds it will be able to mint and sell freely without the escrow contract in between.

chilltulpa commented 3 years ago

I am in complete agreement with such a solution on this particular matter. Copyminting is definitely a problem which has the potential to grow as the platform grows, and this seems like a worthwhile solution to the overall future of hic et nunc to implement/regardless of how long it would take or intensive/strenuous it would be.

codewithfeeling commented 3 years ago

This is a brilliant solution if it can be implemented and I support it 100%.

The main problem is that abuse spreads like wildfire on socials so the "1%" thing isn't really relevant. The damage done to the reputation of Hic Et Nunc in the eyes of higher level artists does far more harm than I think is perceived.

I am more than happy to accept some risk as part of early adoption, but I do think even some kind of interim measure - like only allowing ONE piece to be minted on a brand new account in a 24 hour period might help. Of course that doesn't help to identify the copyminter practice of uploading loads of stuff in a short time but it might at least deter them from trying in the first place since the reward will be minimal and it does seem that 24 hours would be long enough for flags to be raised on the socials.

mrgingey commented 3 years ago

I am in total agreement with this! There definitely needs to be some form of verification for accounts used for selling art. Another thing that I think should be put in place to stop this/slow them down is that you must fill in the profile form before you have the ability to sell?

staus commented 3 years ago

Not only is this a great suggestion, I think it could also be one more thing that sets Hisetnunc apart from other platforms, strengthening its brand.

Quasimondo commented 3 years ago

Thanks for adding your thoughts to this!

I think a purely time-based solution can be very easily circumvented by some bot script that just waits long enough to mint the next piece. I really think the only way to establish trust is that it has to be given by those who already earned it.

The issue with the current way profiles work is that it is also not yet 100% safe and by playing it right it can even be used to give people a false sense of trust since right now everyone can still enter any twitter account into that field - there is no double check yet that would require the owner of that twitter account to add a link to a unforgeable "I am verifying that this is my account and my verification id is xyza13123123" tweet.

somaticbits commented 3 years ago

100% agree with that solution, I'd definitely volunteer for that - it's already what I'm doing manually for the copy minting accounts (searching sources and reporting abuse)

SableRaf commented 3 years ago

This sounds like a good solution. I'm trying to think of ways this could be abused. For example, what would stop a small group of motivated hackers from creating a large amount of wallets and run a 51% attack on the approval process? I suppose this would be quickly detected and mitigated but could it be prevented?

Quasimondo commented 3 years ago

@SableRaf Yes, it is good to think about ways how this system could be circumvented. I was hoping that by that by using this formula that defines how much weight a vote has this kind of 51% attack is made harder. Also I could imagine that the amount of "punishment" that is been dealt out for casting false votes is also percentual to the amount of trust an account has. Maybe taking inspriation from Chess scoring sytes like ELO - where if a clear favorite loses against an unknown player they lose much more than if two equally rated players win or lose.

AliaK77 commented 3 years ago

sounds good to me. would it need N number of trusted votes to approve/proceed with (or even disapprove/cancel) the transaction or is a single vote enough. perhaps a note to the approval eg "I know/know of this person" could help also

mattebb commented 3 years ago

This sounds like a good idea - and maybe you could instantly raise your trust level as a new user by doing the tktz verification too, to avoid going in the escrow queue.

One potential issue could be a huge backlog, what happens when there's far too many new works minted for the available volunteer base?

This sounds like a good solution. I'm trying to think of ways this could be abused. For example, what would stop a small group of motivated hackers from creating a large amount of wallets and run a 51% attack on the approval process? I suppose this would be quickly detected and mitigated but could it be prevented?

I think with all of these potential measures it's going to be somewhat of a tradeoff - it's impossible to create a 100% solution but if it at least dissuades a good proportion of copyminters then that's a start.

Rather than something that has to be foolproof it may be good to think of these measures as just one in a long line of things that incrementally reduce some % of bad actors (like the 'swiss cheese covid strategy' that has been shared around.

Quasimondo commented 3 years ago

The way I see it a single vote by a very trusted member of the community could be enough, but maybe having at least 3 votes might be safer since everyone can make mistakes or pass a too-quick judgement. This would be something where the exact mechanism is something that has to be refined in practice.

Also the vetting queue would need some form of comments or accountability log so all decisions can held to public scrutiny and be appealed. I would hate to breed a Kafkaesque bureacracy there.

scalemodal commented 3 years ago

I really like this concept as a liberal form of verification and curating! At some point, we will have to figure out how to sort and display objects on the homepage and other important pages. This idea can be applied in these cases.

I'm thinking, if it's not overdoing for just copyminters? It looks like a global concept of curating, which is good. Time-bases solutions can be quickly integrated now (e.g. 1 work per 24h + money on escrow for 1 week), as a temporary thing to fix for now.

Quasimondo commented 3 years ago

One potential issue could be a huge backlog, what happens when there's far too many new works minted for the available volunteer base?

I believe that this is something that could be sorted out by the "market" - if the rewards for volunteering in the vetting process are attractive enough there will be enough people who will want to do this.

mescalina commented 3 years ago

What about the fees people would need to pay in order to cast their vote? Why should people spend money to do it?

veqtor commented 3 years ago

This is a very good idea, keep them in the contract and we can slash em if they're misbehaving

Quasimondo commented 3 years ago

What about the fees people would need to pay in order to cast their vote? Why should people spend money to do it?

This could be solved by having voters get rewarded for successful votes. I estimate that the transaction cost for a vote would be somewhere in the 0.02 tez range, so if you get 0.08 out I think that would even be an incentive. The funds for this could be taken out of the regular platform fees or - and that is probably a less popular option - could be added as an additional minting fee to the escrow bot mechanism.

In order for this to be economically feasible and save on gas fees, the payout for voting should only happen once every week or maybe when a certain amount has accumulated.

staus commented 3 years ago

and that is probably a less popular option

I think, as long as it's only the first time mint that has this added cost, it should be fine. Might also discourage trixters.

In terms of circumventing this, I guess all it would take is someone to train a GAN or even just simply generate random perlin noise to make unique pieces as their first image. That would assure them approval 100% of the times, right?

Quasimondo commented 3 years ago

In terms of circumventing this, I guess all it would take is someone to train a GAN or even just simply generate random perlin noise to make unique pieces as their first image. That would assure them approval 100% of the times, right?

The way I see it, vetting is not only for a single work but is also to establish trust for a profile and the process of gaining that trust is not by passing just one vote, but it should require multiple. So if someone mints a few GANs on an anonymous account maybe not many people will be willing to invest their trust into that profile. I actually think besides "I trust this" and "I don't trust this" there should also be the "I rather don't vote on this yet" option for vetters.

But yes I also don't think there is any system that is 100% foolproof and can't be gamed.

Beppe commented 3 years ago

This solution may mitigate the problem you care about, but it's systemic effects goodness depends on the axiology involved.

Seen from my values scale there are some concerns:

Said that (I hope I was clear), I repeat: as in any matter of human things all depends on what is more important to get in terms of personal ethical, political (and economic) values.

To be constructive in this discussion, here I see a great big shining opportunity for insurance companies: Do you trust this artist? You buy directly. Do you have doubts? You pay a fee tho the insurance company, and if something is wrong the insurance company gives you the money back. (insurance company should offer me a coffee ;) )

Quasimondo commented 3 years ago

@Beppe As I see it the system we have right now is based on good intentions, volunteering and the assumption of innocence. I am actually fine with how it works so far and see the small percentage of people who abuse that trust as a price to pay for freedom, but it looks like it does not make everybody happy and the copyminter issue seems to be one of the biggest points of discontent with the site that we currently have.

I am a pragmatist and when it comes to the issue you bring up, that this new proposal would disfavor the weakest I have the unpopular opinion that trust is actually something you have to earn and which is not something you can just claim. Trust is a system of meritocracy and only those who already have earned it can pass it on to those who haven't yet, but given the current spirit of the platform and community I have little doubts this is a process that can be handled in a very fair, inclusive and responsible manner.

I believe that we definitely have to be very careful in the exact mechanism of how this system is implemented in practice, observe the patterns that emerge and fine-tune the parameters, but in true hic et nunc spirit it is something that needs to be build first and then be tested over time instead of not trying it at all because of things that could possibly go wrong.

mathMakesArt commented 3 years ago

I actually think besides "I trust this" and "I don't trust this" there should also be the "I rather don't vote on this yet" option for vetters.

Very good distinction, important point so I'm highlighting it in this reply for any potential implementation.

I'd also like to express agreement with the idea, expressed by many people already, that we need to be careful to build this in a way that will prevent it from devolving into a bureaucracy.

In general, I'm in favor of any solution as long as it doesn't impose barriers that make it more difficult for a new artist to join the platform. I don't want us to create an environment that favors those of us who are already present. To me, this escrow solution is highly acceptable because it doesn't impose any extra costs on new users beyond requiring them to be patient.

Quasimondo commented 3 years ago

Since the overall responses seem to be in favor of a solution in that direction, maybe we can start thinking about how a measure of trust could be established and weighted for those who are already on the platform. Ideally we can find a balance there that does not favor the rich or famous overly. Let me start by just re-listing some of the points I mentioned above:

mathMakesArt commented 3 years ago
  • number of OBJKTs collected

  • hDAOs earned

  • diversity of OBJKTs by different artists in collection

The entirety of your list are great points, but these three stand out to me as potentially the most important or most useful in building a quantified trust metric.

The one other distinction I'd like to make, which I think could be valuable for this "measure of trust":

What if "number of OBJKTs collected" and "hDAOs earned" are restricted to "number of OBJKTs collected from trusted artists" and "hDAOs earned through transactions to/from trusted artists"?




Also one additional comment, with regard to your final bullet:

  • participation in community activities (discord/twitter/github/reddit/companion sites) (likely hard to automate, would need an additional layer of vetting)

I agree that this would be hard to automate and would require an additional layer of vetting. From a social standpoint, presence and activity on these "companion sites" is a powerful tool in deciding whether someone should be trusted as a new artist. But I'm not sure it makes as much sense for a system like this; my gut feeling is that we should avoid that level of complexity here unless absolutely necessary.

Quasimondo commented 3 years ago

What I somehow see in my head is a graph structure in which trust flows from one node to another and the stronger a node is connected the more trust it implies - it has some similarities Google's page rank algorithm I think. Trying out some graph-based algorithms that are based on the various transaction types that are available through the APIs might give us a better picture of possible outcomes.

Beppe commented 3 years ago

@Quasimondo I am a pragmatist too. It's only a matter of different values and insights, things that in the right spirit and quantity make a conversation if not useful, at least interesting.

So instead of "insurance companies" I can see there will be business opportunities for optimization consultants, art managers, agencies and guilds :)

Anyway there is no valid reason the world should be the way I'd like it to be, and it can be also much better otherwise, even from my point of view, let's see. It's impossible to make everybody equally happy, or at least equally satisfied.

Social control requires many iterations, for myself I just hope also here existence here won't become too much claustrophobic or time consuming to be enjoyed.

Quasimondo commented 3 years ago

So instead of "insurance companies" I can see there will be business opportunities for optimization consultants, art managers, agencies and guilds :)

You have my full agreement here that I do not want this to happen. Favoritism, corruption or any ways that people can profit from becoming enablers is what I really want to avoid at all means.

Beppe commented 3 years ago

Favoritism, corruption or any ways that people can profit from becoming enablers is what I really want to avoid at all means.

How to disagree? This goes far beyond what I was meaning. I was only enumerating respectable "superstructure" activities (said using dusty Marx terminology). But yes, everywhere there is a lot of money and some rules there is somebody interested in getting it despite the rules - that's the starting problem. Ok that's all I can say to contribute.

skenaja commented 3 years ago

Acting as bad actor, here are my ways to circumvent these (sorry!).

I can see some sort of external trusted KYC partner (like one of the crypto exchanges which make you go through ID verification KYC) offering a "verified" flag for a linked wallet, might be useful - not sure if any of the main exchanges offer this though.

Quasimondo commented 3 years ago

@skenaja very good points! Let me try to counter:

As for external trusted partners: that is something I am personally very skeptical about - it is exactly that kind of "enabler profiteering" that goes against the idea of decentralization.

mathMakesArt commented 3 years ago

I think @Quasimondo covered most of my own thoughts. Regardless @skenaja I think your points are very true and important, no need to apologize!

I do agree that a lot of these "verification methods" are simple to circumvent. I think it mostly comes down to @Quasimondo's point about "if it is possible to track the source" when it comes to things like hDAO and the count of OBJKTS collected.

Whatever the formula being used to compute this trust value, there will ilkely be a lot of conditionals that have to be met, and this could become a sort of complicated thing to track when it comes to the number of API calls necessary to understand each person's "network of interaction" (gaining hDAO, collecting, etc)

Maybe it's entirely too complicated to use a system that takes "context" of the hDAO and collection counts into account. It's certainly not a necessity. But if it can be done, I think it could be a powerful part of this metric.

glitch003 commented 3 years ago

@Quasimondo Look up "Token Curated Registry" aka "TCR". This idea has been around for about 3-4 years and IIRC the hardest part is getting people to participate in the curation. Typically, you reward the curators with DAO tokens. That said, many projects attempted this, and I believe some were successful. I imagine there are many learnings you can pick up from them. Some that I can recall off the top of my head are https://civil.co/ (which failed) and https://kleros.io/ (which I believe is successful).

Quasimondo commented 3 years ago

@glitch003 Thanks, I had not heard of those yet and sounds well thought through. I just read this description which sounds like what you decribe: https://medium.com/@tokencuratedregistry/a-simple-overview-of-token-curated-registries-84e2b7b19a06

The points I find a bit difficult in our context:

idlebit1 commented 3 years ago

@Quasimondo Great idea to use trust networks in this way.

I have a suggestion to avoid huge approval backlogs. Let a transaction be auto-approved if it is not flagged or approved within N days. If a transaction is flagged, it goes to the front of the cue for consensus and possible rejection.

This community is already great at discovering copymint sales after the fact. So put untrusted transactions in escrow; and if copyminting is discovered, the transaction can be flagged by anyone then rejected by consensus. This way volunteers won't feel a burden to carefully vet every transaction. Instead, they can focus scrutiny on items that are flagged by the broader community.

joshyzen commented 3 years ago

Wow we are trying to build a trust algo for trustless technology! The most simple solution is to warn buyers before purchase they are looking at something created by a suspected copyminters. (Makes me think of fake news with warnings from fact checkers) E.g. place a warning label over the purchase button "Anonymous Minter. Proceed at your own risk." This warning puts added responsibility on the purchaser to do some research before acquiring a counterfeit bill of sale. But how do we determine whats 'anonymous'? Sorry its not a technical contribution but i want to see this solved.

fraguada commented 3 years ago

I agree with @joshyzen. Adding a trust component to a trustless system seems to go against the fundamental design of the technology. I believe it is an important problem, but I wonder if there is a trustless way to solve it?

In general, we know of a few trustless mechanisms like PoW, PoS, and PoST, they all require something significant from the potential agent, mostly to offer a significant amount of something in order to establish intent. I'm wondering what could allow anyone with good intent to pass this requirement?

djangobits commented 3 years ago

Great discussion, thanks @Quasimondo. I already thought countless hours how we could establish a good system that keeps the platform as open as possible but still secure and immune to attacks and copyminters. The current system can only be temporary and it's not effective. Also I fear that in the future some people might start to attack the platform by uploading really (and I mean REALLY) bad stuff and we will always be too late to remove that.

So let me just add some quick thoughts to include into the discussion, without proposing a final solution:

It might be necessary to have some sorts of an upload queue, so the incoming content can be checked BEFORE being immortalized onchain and on IPFS, because already that could cause troubles if it comes to really illegal content. I know that collides with the idea of maximum openness, but it's probably the only way to prevent that.

This already causes some major headaches if we want an open and permissionless place. Who should be the gatekeepers? How do we make sure that the gatekeepers do not misuse their position:

  1. to ban just anything they don't like
  2. to have a headstart for buying (as they know when a work passes the verification)

I agree that if we had some sort if community verification for mints from new wallets, the minter should be allowed to mint without further permission after eg. 3 or 5 verified mints.

Gotta run for now, but leets keep up this discussion as we need better solutions.

jagracar commented 3 years ago

The point by @djangobits is even more problematic. How is ipfs controlling the upload of very bad content? It would be great if they already do that kind of work, so the OBJKT cannot be created because if the ipfs upload fails.

@Quasimondo, I have one question about your solution. What happens when you buy something from those accounts. Is the money taken from your wallet and put on a temporal wallet until the minter has passed the selection? I'm always running out of tz and I would not want to overspend because those buys are not reflected in my wallet.

Quasimondo commented 3 years ago

I have one question about your solution. What happens when you buy something from those accounts. Is the money taken from your wallet and put on a temporal wallet until the minter has passed the selection? I'm always running out of tz and I would not want to overspend because those buys are not reflected in my wallet.

The point of using an escrow contract is that it will keep the money for those (yet) untrusted sales until they have been vetted by the community. Which means that if a seller is identified as a copy-minter the buyer will automatically get their money back - something that is impossible with regular sales. The tez will still be "spent" as long as the sale has not been approved, so you will not be able to overspend. It is a bit like swapping a token onto the market - that token is also not in your wallet but in the "hands" of the contract as long as it is for sale.

markknol commented 3 years ago

I personally think it would help to add a small checkbox when minting ☑️ I have the rights to upload this artwork, including the use of any featured company or persons name, branding or face. Then you would also have some more ground to flag stuff. I'm no lawyer so probably needs different wording. It's probably a different but related discussion, but I remember being slightly surprised you can mint anything and there are no legal conditions anyone has to agree on.

joshyzen commented 3 years ago

crap yes there needs to be some guidelines... you could have terrorists post beheadings or pedophiles post inappropriate porn... there's got to be some protection for the platform.

On Fri, Apr 9, 2021 at 11:37 AM Mark Knol @.***> wrote:

I personally think it would help to add a small checkbox when minting ☑️ I have the rights to upload this artwork, including the use of any featured company or persons name, branding or face. Then you would also have some more ground to flag stuff. I'm no lawyer so probably needs different wording. It's probably a different but related discussion, but I remember being slightly surprised you can mint anything and there are no legal conditions anyone has to agree on.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/hicetnunc2000/hicetnunc/issues/433#issuecomment-816769483, or unsubscribe https://github.com/notifications/unsubscribe-auth/ATSTDORGCATBIEXVXU3QVVTTH4NL5ANCNFSM42QLDGKQ .

drewstaylor commented 3 years ago

I don't mean to cast aspersion but this proposal is just glorified gatekeeping without admitting to it. It depends on community involvement and in doing so makes certain assumptions about what the community is and will be like in the future. I find it dangerous especially because it marries human moderation with automated contract controlled escrow.

skenaja commented 3 years ago

Because the platform is taking a fee, it is one of the legal parties to the contract, so could probably be held partially liable in case of breach of law, such as a breach of copyright (assuming judges can work out if they have jurisdiction in a dispute, and which legal entities or natural persons are liable).

If the platform wilfully ignores its responsibilities to the law, it's going to pop up on lawyers' radars, receive cease and desist notices, and could end up being treated as if it's a pariah movie torrent site, or an ISP that fails to stop its users from torrenting (like Cox Communications in the US that was fined $$$)

Having robust, and yes, centralised KYC/verification processes & takedown procedures are going to be key to helping it keep the right side of the law and protect its users' rights. It should be up to the platform to decide how to implement these and also protect itself legally.

I think there is lots of room for the community to be provide input on how they could see this being workable, but it really comes down to how @crzypatchwork wants to proceed.

skenaja commented 3 years ago

The point by @djangobits is even more problematic. How is ipfs controlling the upload of very bad content? It would be great if they already do that kind of work, so the OBJKT cannot be created because if the ipfs upload fails.

djangobits commented 3 years ago

What if we had some upload queue? A new minter would have to mint his work with an escrow contract. The file would be uploaded to a repository where it stays for n days (eg 7). During the waiting time (those n days) community members can downvotes and upvote mints. If at the end of the waiting time a threshold of downvotes have been reached. The piece won't be minted one won't be up for swaps. If someone has minted 3 pieces, he would be able to bypass the queue (and could still be banned the old way if he turns rogue).

This queue could be optimistic (needs downvotes to be rejected) or pessimistic (needs upvotes to be accepted).

These community members could be elected. Eg 50 people elected for a certain time. Or they could be given a guardian token that is valid for n days by a mechanism checking for factors as Quasimondo pointed out.

adamstarlight commented 3 years ago

A good idea overall, but I think that a decision to trust individual or not should be made automatically by some AI or something, and then get validated by semi-random group of users. The reason for this is... psychology) It might be hard to make conscious decisions one a regular basis, also consider how limited is the amount of information to decide. Another important problem is that "human-based" design can be easily overwhelmed by the quantitative factor, significantly lowering decision quality.

And one more thing. Your original consensus idea can make people some-what toxic, as they need to guess the majority opinion rather than judge the work as it is, otherwise they get punished by decreasing trust.

Let me propose a different solution. They key to your problem would be some kind of semi-automatic system for validation, which asks random group of people across platform when it is not sure about what it sees. No one should be punished for making a wrong estimate, it is ok to be wrong. Once enough votes are collected, system will know how to correct it's behaviour.

If the system thinks it found a copyminter, such user, must get a notification, and can appeal against system decision. If he decide not to then after some time a customer will get money back.

What are the main benefits of such system:

kylegrover commented 3 years ago

This is a superb thread with some really strong ideas, are the participants still thinking on this one? This could be an enormous task, and the only way forward either to tackle it as a working group (ie via the hicathon) or to break it down into a smaller MVP. The simplest component of this seems to be starting users with an escrow account, and later lifting that restriction in an automated (not AI) way. Folks have already stated there are ways to work around this (much appreciated, skenaja), but I think a low hurdle is better than no hurdle, as long as the workarounds aren't worse than the copyminting itself.

One concrete example/idea: All accounts sales go into escrow until one month after their first sale. Benefits: one month to catch copyminters (at least the lowest effort ones), buys us a month to develop a better system, could increase trust from larger artists/collectors. Downsides: could deter artists, particularly those without much money, might encourage scammers to post low quality content (ie the mentioned perlin noise or gans)