Clarify requirement "Blockstack Auth"

[friedger]

What is the problem you are seeing? Please describe. Registered apps using Blockstack Auth in different ways:

• Some apps do not work at all when the user is not logged in, some do.
• Some apps place the login dialog at a prominent place, some apps require several steps before the login dialog is seen.
• Some apps require additional steps like configuration or installation of other apps before users can sign in with Blockstack, some don't
• Some apps use Blockstack only in optional modules, some don't

The criteria for entering the app mining program are not defined clearly enough.

How is this problem misaligned with goals of app mining? This could encourage development of apps that do not require blockstack auth at all or only for a small set of features.

What is the explicit recommendation you’re looking to propose? Add the following requirements:

• require the use of authentication in order for the app as a whole to work. This encourages development of apps where identity plays an important role.
• require a description how blockstack is used in the app
  • either on the product page (e.g. used for product hunt) or
  • on the page/screen when logged out

Describe your long term considerations in proposing this change. Please include the ways you can predict this recommendation could go wrong and possible ways mitigate. A more clear definition of the requirement will focus efforts on improving registered apps rather than arguing about eligibility.

Additional context

70

7

[stackatron]

@friedger auth is tested on all apps by NIL. If NIL tester can't login, the app is ineligible for App Mining.

require the use of authentication in order for the app as a whole to work.

My understanding is that this is already covered.

require a description how blockstack is used in the app

Can you be a little more exact. You're suggesting a new reviewer or that NIL should also review these pages? And can you please make this test a bit more binary? How would the tester test this?

[friedger]

@jeffdomke This issue is about clarifying what it means to include blockstack auth, as required by the rules. My understanding is that NIL test whether auth works, not whether auth is used in a sufficient way (because there is no clear definition of what sufficient means)

Possible tests (where numbers are random):

• How many clicks are required to see the blockstack login button? Required: less than 3.
• Percentage of features that work without login? Required: less than 50%

[stackatron]

@larrysalibra please decide if this makes sense and is a relevant change to how you review.

[larrysalibra]

require a description how blockstack is used in the app either on the product page (e.g. used for product hunt) or on the page/screen when logged out

It would actually be helpful for us as a reviewer to have apps submit a statement when they register their apps as to if/how they use blockstack auth and gaia. We end up having to guess how they use gaia and then email to double check if we find that they're not using that we've missed something. This wouldn't need to be public to help us.

Requiring this to be explained on the app's marketing website is interesting. Would like to hear what others think.

Some apps use Blockstack only in optional modules, some don't Some apps require additional steps like configuration or installation of other apps before users can sign in with Blockstack, some don't

Gladys is the only app that I've come across that uses optional modules and our position has been that Blockstack needs to be enabled by default for users.

Some apps do not work at all when the user is not logged in, some do. Not having to sign in seems to be great for users. If some of an app is usable without identity, this seems pro-user privacy/usability to me.

[friedger]

Re optional modules, OI ConvertCSV (and OI Shopping List) follow a similar concept, and the early version of Blockcred as well.

It would be good to give more guidelines around this topic.

On Tue, 21 May 2019, 17:34 Larry Salibra, notifications@github.com wrote:

require a description how blockstack is used in the app either on the product page (e.g. used for product hunt) or on the page/screen when logged out

It would actually be helpful for us as a reviewer to have apps submit a statement when they register their apps as to if/how they use blockstack auth and gaia. We end up having to guess how they use gaia and then email to double check if we find that they're not using that we've missed something. This wouldn't need to be public to help us.

Requiring this to be explained on the app's marketing website is interesting. Would like to hear what others think.

Some apps use Blockstack only in optional modules, some don't Some apps require additional steps like configuration or installation of other apps before users can sign in with Blockstack, some don't

Gladys is the only app that I've come across that uses optional modules and our position has been that Blockstack needs to be enabled by default for users.

Some apps do not work at all when the user is not logged in, some do. Not having to sign in seems to be great for users. If some of an app is usable without identity, this seems pro-user privacy/usability to me.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/blockstack/app-mining/issues/100?email_source=notifications&email_token=AALBYWLDE35P5RSF72STSOLPWQJBFA5CNFSM4HJQDFYKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODV4JUWI#issuecomment-494443097, or mute the thread https://github.com/notifications/unsubscribe-auth/AALBYWNXC2H2GLCWQKTHE4LPWQJBFANCNFSM4HJQDFYA .

[larrysalibra]

@friedger The vast majority of apps use Blockstack Auth without requiring additional screens or steps. I don't think this gives us a lot of benefit at the moment. We can always look at this again in the future.

@jeffdomke can you close this issue?

[friedger]

@larrysalibra I am working on https://github.com/opencollective/opencollective/issues/1749 and there is a discussion about how prominent blockstack login should be. The argument for hiding is that it is an experimental feature...

[friedger]

@hstove This needs more attention as there is a decision on the forum by the team that using simple id is not eligible: https://forum.blockstack.org/t/simple-id-easier-blockstack-feature-survey/8476/22

The reasons for the decision should be reflected in an update of this issue and the rules in general!

[friedger]

There are more apps now that do work in principle without using blockstack auth

• Startup List and other collection bookmark apps (blockstack auth -> bookmark an item)
• Arcane Darkroom (blockstack auth -> share)
• OI Timesheet, Dadroit JSON Viewer (blockstack auth -> sync)

[friedger]

Duplicate to #137