Open stackatron opened 5 years ago
@jeffdomke with Digital Rights Reviewer on-boarded this can be closed.
Tagging @larrysalibra // @jeffdomke // @pstan26 on this one.
Is there a scoring criteria for Digital Rights Gaia?
I just browsed a top 5 app who got full marks on the gaia storage. I spent about 20 minutes updating my info, editing information, etc and NONE of it makes a gaia requests.
Can I just build a centralized app, enable gaia auth, and have < 1% of my features implement gaia storage? If so, this is very concerning. The Blockstack team is selling this notion of #cantbeevil but if a majority of an application is centralized, what are we actually promoting?
I believe that we need to be a bit more stringent on this review process and really narrow down which apps are truly Blockstack apps vs. apps that kinda use Blockstack.
@kkomaz
The scoring criteria during the March pilot run was 4 points for using only gaia, 2 points for using gaia plus some other server, 0 points for not using gaia and -1 if the app was broken.
We got a lot of pushback on that scoring mechanism because it meant that apps that use indexers got penalized in addition to penalizing apps that used traditional centralized databases. As a result, in April we changed the scoring algorithm so that it doesn't differentiate between apps using gaia alone and apps that use gaia plus some sort of other server. (see https://github.com/blockstack/app-mining/issues/58#issuecomment-477451480)
The challenge we face is that when an app makes calls to servers that aren't the user's gaia hub, without having knowledge of the inner functioning of the app, we have no easy way to tell if data is being stored by those servers and if that data is critical to the functioning of the app.
I am in favor of more strict approach that awards apps that figure out how to make it very clear to users that they have control over their data - ie by clearly not using any other 3rd party servers besides the user's or the gaia hub of another user with which the user has chosen to interact with.
Can I just build a centralized app, enable gaia auth, and have < 1% of my features implement gaia storage? If so, this is very concerning. The Blockstack team is selling this notion of #cantbeevil but if a majority of an application is centralized, what are we actually promoting?
I agree.
Thanks for the feedback @larrysalibra.
In my mind the discussion of using an indexer vs. a centralized database in my opinion are two very intentional differences.
In the case of an app using a service like Radiks, the app is at least making an effort to make a gaia call prior to updating the indexer. Indexing only stands as record keeping and should not make write privileges until a gaia post request has been made.
On the contrary, there are apps that do exist that are centralized, contain blockstack auth, and does not utilize gaia. I know it's hard to test on some of these apps but like I said with some due diligence I think this can be resolved. I spent 20 minutes on a top 5 app and did not see a single gaia request when updating my information. After talking with the individual from their team, I learned that most of their data is centralized/stored in a db. Secondary feature was using gaia. (in my opinion not core to the business model)
Personally, I would not group indexer vs. centralized db together. With that being said, I think a simple form where app developers identify areas where they are using gaia could go a long way. Then based on the submission, your team can confirm it via testing and make the call of whether or not this integration is crucial to the overall impact of the application. Some will be more obvious than others and that could require a bit more follow up.
If the app developer can not clearly explain how gaia is core to their business model then in my opinion that's a red flag. Responses like we are "researching" and "exploring options to integrate" tells me first and foremost that they are not CURRENTLY integrating gaia storage in a meaningful way.
This raises another discussion of what are quality apps. Is Blockstack's primary focus to increase users regardless of how they get it? Well established apps are being highly critiqued for participating in app mining because a majority of their functionality is centralized. I can understand the frustration on the other side because based on the conversations I've had, it really looks like those devs care about decentralization/data ownership.
Personally, I would not group indexer vs. centralized db together.
How can a 3rd party (or software) observing the behavior of an app determine the difference between the two?
I can make an api that looks exactly radicks and stores data that is critical to the functioning of the app that can't be replicated by someone running their own indexer.
It seems like one way to test for this would be to have an api for users to specify their own indexers.
In my mind the discussion of using an indexer vs. a centralized database in my opinion are two very intentional differences.
Determining developer intentions seems...challenging...to say the least.
I understand Radiks is not a perfect solution. As it stands right now, I have not seen a good way in building an application that requires interaction between two blockstack users WITHOUT an indexer.
By utilizing Radiks, I would think developers are trying to come up with the best middle ground between full gaia and some sort of centralization for the sake of building complex applications. My major concern is that there are apps that are completely centralized without really using gaia at all. However, from the sounds of it, it looks like you want to group an application that is primarily centralized and an app that uses with gaia + indexer together.
As great as Radiks has been for debut, it's still not comparable to going full centralization. Beyond the principle of trying to do the right thing, as it stands, are there any restriction of what I asked before?
Can I just build a centralized app, enable gaia auth, and have < 1% of my features implement gaia storage? If so, this is very concerning. The Blockstack team is selling this notion of #cantbeevil but if a majority of an application is centralized, what are we actually promoting?
Should there be a distinction between an app using an indexer vs. a complete centralized db /w a few gaia features?
If not, and debut, which uses a Radiks indexer falls into the same category as a centralized db, what gains do I get from trying to integrate gaia calls with my indexer via Radiks?
Are we pigeonholing ourselves based on the current infrastructure support to certain types of apps? It would be good to know because as app developers we should be realistic about what types of apps we can build based on the foundation that is set.
It would be good to know because as app developers we should be realistic about what types of apps we can build based on the foundation that is set.
You can build any type of apps with blockstack. It is just that they might be rewarded differently.
To address the question about intentions of developers, I reference #11 here and encourage to think about the advantages of limit rewards to open source apps.
@kkomaz I agree with you that apps that use Gaia more extensively should be rewarded for that. I need to learn a bit more about the current state of indexers and apps so that we can come up with some sort of objective process.
Can the user run their own instance of Radiks and still use your app? If they are able to run their own instance, do they get the same app experience as someone using the instance you run?
If the user has a clear choice (UI wise) whether to include the data in the indexer or not and the app still makes sense for the user then this should count for an advanced use case.
@larrysalibra any updates here?
Had a talk with Larry during consensus. I personally don’t want this discussion between indexers vs not but more towards app that aren’t making the effort to utilize gaia in a meaningful way. Top apps are STILL being rewarded in app mining and is centralized. If radiks supports running your own indexer in the future with a good transfer system I will definitely implement it.
Next step here is @larrysalibra and @hstove will brainstorm on how to detect partial vs. full Gaia reads and writes.
I've been thinking about this. The only possible option, I think, is to have some arbitrary threshold where NIL can detect if all writes are going to Gaia. Determining if every single write on the site goes through Gaia is not possible - both practically and fundamentally (the "halting problem"). So, in my mind, the next step forward is to determine if this is useful.
So the proposal would be something like:
NIL will use the application for X minutes, and inspect network requests. If all requests to save data are written to Gaia (in addition to any indexers), then it will get full points for "writing data to Gaia".
@hstove we should try to re-schedule 30 minutes to chat about this
I tried to read all the comments about NIL Gaia points, and it seems fair what you've done with removing the limit for index-using apps. Although in making BlackHole, we acted very strict and did not use any independent server for users data, beside Blockstack for Auth and chosen Gaia provider for storage, as @larrysalibra checked the system, Making many features is harder this way, like short links, crash reports, or even OpenGraph for share links.
I wanted to ask if you will add more points for apps that use Gaia more strictly and respect decentralization more. It is not a question about fairness, we knew using indexing systems and independent servers will ease many things very much, but we want to push the limits, as long as it does not hurt user experience, and take more steps in the way of decentralization.
For now this binary 0,1 score is weakening NIL importance in final score. My suggestion is to make the score value bigger from 0 to 10. Zero will be no Gaia and 10 will be only Gaia. Testing like @hstove suggests can be a good way to choose the value. Because for now, I see many apps that say they are "decentralized", but at the best they are just "encrypted".
As I said here too, I think with these changes, everything seems too comfy for people who want to make Next Level of a powerful world. And not many people will have an issue with this, who has a problem with easy? Respectfully I think managers like you @larrysalibra and @hstove should push these limits and encourage others to come far with you.
After all, we call our apps, dapps and we want to it means more.
Sound like @larrysalibra is working on some building some tools that could help here. We should put this on hold until he follows up on next steps.
Yes - I'll have something to share with the community very soon. Agree with @Walterion1 we should push the limits of dapps so that they can't be evil.
Indexers or no-indexers and how Radiks fits into that...