Open sdsantos opened 4 years ago
Isn't this just fixing the current app mining process? Also related to https://github.com/blockstack/app-mining/issues/137
@friedger yes, it's about improve the app mining submission process. But it has a broader reach than #137 plus it's a bit more concrete.
I want to add a new condition for entering App Mining: apps must provide an easy-to-find Privacy Policy.
This is a follow-up on the App Mining call of 10th January and some afterwards discussion on Discord.
I believe the apps entering the App Mining program should be held to higher standards. Here's the list of conditions I propose (open for discussion of course):
A - Can't be evil
Apps in the app mining program should showcase the main principal of Blockstack:
Can't be evil
. So, no data to third-parties without user consent. Unfortunately, this is not straightforward to evaluate right now, but progress is being made with the NIL tools.My proposal for apps that we can trust would be: 1) Front-end only apps need to comply with the Can't be evil sandbox by NIL. 2) Native apps and server-side components need to be open source (and a tool for verifying deployments/packages match the source code should be developed as soon as possible).
And since we can't predict all ways apps can be evil, I suggest a community policing mechanism:
Although b) would be a requirement for truly trusting an app, and it's great for building upon the work from others in the community, I can understand it's a contentious change. I open to more suggestions here.
B - Ownership
The owner(s) of an app should be public information (blockstack ids) and a contact method should be provided. I believe public ownership is part of trust.
C - Blockstack is core
The core functionality of the application should rely on Blockstack. A rule of thumb could be: at least half of the app users are expected to authenticate with Blockstack to use the app. This could be loosely evaluated by the App Mining team upon submission, and wouldn't need to be proved. A 40/60 scenario is ok, a 10/90 wouldn't.
D - No Clones
Can't submit app without significant differentiation from another app already in the App Mining program. This condition is already in place, just wanted to make that clear. We just want to avoid clones base upon open source apps.
E - Minimum functionality
This is also already in place. You can't just submit the app you made following the Gaia tutorial.
F - Minimum usage (for multi-player apps)
Multiplayer-apps, since their usage is advertised publicly, should be held to a higher standard. I propose some usage is required beforehand. For example, 100 user installs before applying.
Like I said, this is all open for discussion. I understand that some of the conditions can be gamed and may require community policing. But I believe they would help raise the quality of the apps in App Mining program.