Working on an idea for simple web-based alternative to bitcoin-otc web of trust

[audenx]

I updated the website with v0.02 of the pitch. Based on CIYAM Open's and dscotese's feedback, the system now requires fewer transactions for scoring, reduces potential fees, and eliminates the need for the one-off "scorecard" address described in v0.01. I also added some initial FAQs (not comprehensive, but it's a start) based on a lot of gweedo's questions and comments.

Thanks for your help so far. I'm hoping to keep improving. I think next I'll write down my thoughts on the specifics of how the outputs might be structured. (Specifically, I'm thinking about what numbers to use to indicate the opening transaction so AudenX knows which of the two score numbers represents the scoring scale and which represents the final score.)

[1713853020]

1713853020

[coqui33]

...I want to meet these people that can't use GPG keys I have taught maybe ~10 to ~15 that have that are not geeks by any means and they caught on quickly so may it was the way you were teaching them. IRC is just as easy as AOL IM today. ...

Sorry, gweedo, but you lost me with that remark. You might as well say that Linux is as easy for a nontechnical customer (like my grandmother) to learn as Windows or Android.

[gweedo]

...I want to meet these people that can't use GPG keys I have taught maybe ~10 to ~15 that have that are not geeks by any means and they caught on quickly so may it was the way you were teaching them. IRC is just as easy as AOL IM today. ...

Sorry, gweedo, but you lost me with that remark. You might as well say that Linux is as easy for a customer to learn as Windows or Android.

LMAO considering that Android is linux based I would say it is easy, also have you ever installed Ubuntu it is insanely easy. IRC isn't just for the geeky of the geeks, actually most IRC are really user friendly. GPG keys the concept maybe tough, but the software again makes it very easy to use. I really don't see how these things are hard for people now of days.

[CIYAM]

I don't think that the GPG software is particularly hard to use myself (compared to say configuring Email apps years ago) - but people just "don't want to bother with it" is the *real* problem (especially non-geeks).

[gweedo]

I don't think that the GPG software is particularly hard to use myself (compared to say configuring Email apps years ago) - but people just "don't want to bother with it" is the *real* problem (especially non-geeks).

I have yet to see that, really. I think a lot of people don't want to learn the "magic" behind it so they can understand what is exactly happening. But as gpg and bitcoin address signing and verifying are becoming more popular for contracts and GPG keys I am pretty sure if you sign it, are legal contracts so yeah, they aren't going anywhere. People better learn or be left in the dust.

[CIYAM]

I have yet to see that, really.

And I have already had several people simply *give up* on joining CIYAM Open due to GPG - really!

(perhaps I should refer any future such people to you to get them somehow magically converted?)

[gweedo]

I have yet to see that, really.

And I have already had several people simply *give up* on joining CIYAM Open due to GPG - really!

(perhaps I should refer any future such people to you to get them somehow magically converted?)

It isn't magic, I just know how to teach GPG, which includes pointing them to software that will make it easy, what they will need to know in the command line. I really don't understand how they gave up GPG isn't a hard thing to learn to just use.

I actually taught a person IRC and GPG for bitcoin-otc and they gave up trying on their own, after I explain and held there hand showing them and explain exactly what they need to know, how to use it and what references will be a great deal of wealth to them.

Also If they are giving up that means they are probably frustrated and sometimes it is the teacher that can cause that.

[CIYAM]

Also If they are giving up that means they are probably frustrated and sometimes it is the teacher that can cause that.

Sure - although they never even got as far as asking for help (basically just complained that they don't want to use GPG and would only join if it they could use their "Google" or "Facebook" accounts to login).

(a bit hard to teach someone that doesn't want to even learn)

[gweedo]

Also If they are giving up that means they are probably frustrated and sometimes it is the teacher that can cause that.

Sure - although they never even got as far as asking for help (basically just complained that they don't want to use GPG and would only join if it they could use their "Google" or "Facebook" accounts to login).

(a bit hard to teach someone that doesn't want to even learn)

Well that is true, but they will figure it out that it will be more and more important as there bitcoin career goes on.

[CIYAM]

Well that is true, but they will figure it out that it will be more and more important as there bitcoin career goes on.

Even worse - these people want to be paid via PayPal !!!

[nyusternie]

Well that is true, but they will figure it out that it will be more and more important as there bitcoin career goes on.

GPG is not necessarily TOO hard, but it is certainly and without question the HARDEST form of authentication to adopt.  I recently joined the WoT and was pleasantly surpised to see it using GPG. This allowed me to renew some very old keys, update my passwords and generally update myself on the state of the technology. But I was very disappointed to say the least at how difficult it was to get everything working properly (invalidating old keys, updating the public repos, etc).  I was even more disappointed by how difficult it is to get verified on IRC (at one point I just quit and had to restart the next day).

The only way I can see a non-geek making this work successfully is if you literally "hold their hand and move their fingers for them", then write auth "scripts" that they can use on IRC. I get a little turned off when people suggest that its sooo EASY as if anyone who can't figure it out on their own is an idiot.

I'm totally in favor of both GPG and 2-factor auth.  I'd say that Google Authenticator (free and open source on most platforms) finally made 2FA possible for everyone.  Someone needs to do the same thing for GPG.
--------------------

Moving on, I really like this idea of blockchain trust, but I'd never support a system that was centralized (the same way bitcoin-otc is now) to one organization.  Most of the projects that I'm looking into and working on now are trying to decentralize a centralized service and I think this is the right direction moving forward.

The way I see it, as soon as the idea catches on there will be at least a dozen audenx trust networks maybe using the same protocol, maybe not.  Don't you think it would be best to start with an OPEN protocol (as in NOT tied to any specific address)?

[gweedo]

Well that is true, but they will figure it out that it will be more and more important as there bitcoin career goes on.

GPG is not necessarily TOO hard, but it is certainly and without question the HARDEST form of authentication to adopt.  I recently joined the WoT and was pleasantly surpised to see it using GPG. This allowed me to renew some very old keys, update my passwords and generally update myself on the state of the technology. But I was very disappointed to say the least at how difficult it was to get everything working properly (invalidating old keys, updating the public repos, etc).  I was even more disappointed by how difficult it is to get verified on IRC (at one point I just quit and had to restart the next day).

The only way I can see a non-geek making this work successfully is if you literally "hold their hand and move their fingers for them", then write auth "scripts" that they can use on IRC. I get a little turned off when people suggest that its sooo EASY as if anyone who can't figure it out on their own is an idiot.

I'm totally in favor of both GPG and 2-factor auth.  I'd say that Google Authenticator (free and open source on most platforms) finally made 2FA possible for everyone.  Someone needs to do the same thing for GPG.
--------------------

Moving on, I really like this idea of blockchain trust, but I'd never support a system that was centralized (the same way bitcoin-otc is now) to one organization.  Most of the projects that I'm looking into and working on now are trying to decentralize a centralized service and I think this is the right direction moving forward.

The way I see it, as soon as the idea catches on there will be at least a dozen audenx trust networks maybe using the same protocol, maybe not.  Don't you think it would be best to start with an OPEN protocol (as in NOT tied to any specific address)?

Wait you know how to use GPG and you couldn't use IRC and GPG at the same time, with gribble, then obviously you never knew how to use GPG in the first place LMAO If you know GPG then gribble is a piece of cake probably even easier.

GPG is already too easy how much more easier do you want it? Like you said do you want someone to move the mouse for you that is the only way it will get easier.

Actually there are two people that are non-geeky ident on OTC so yeah I guess they know magic or something.

[audenx]

The way I see it, as soon as the idea catches on there will be at least a dozen audenx trust networks maybe using the same protocol, maybe not.  Don't you think it would be best to start with an OPEN protocol (as in NOT tied to any specific address)?

Yes!

Ideally, I'd like to see the AudenX.com website develop into a showcase of how such an open protocol can work, and of how easy to use it could be. Whether the protocol that ultimately emerges requires users to send outputs to a certain address or not, I imagine there will still be a place in that ecosystem where users will need products (web, mobile, etc.) that give them easy interfaces to the trust info on blockchain. Long-term, I'm hoping AudenX can offer products like that. Near-term, AudenX could just be a testing ground to get the wheels turning in peoples' heads. There are already a ton of ideas I have that presuppose the existence of this trust data — but the protocol needs to exist first, and I need to find a group of people interested in using it.

[gweedo]

The way I see it, as soon as the idea catches on there will be at least a dozen audenx trust networks maybe using the same protocol, maybe not.  Don't you think it would be best to start with an OPEN protocol (as in NOT tied to any specific address)?

Yes!

Ideally, I'd like to see the AudenX.com website develop into a showcase of how such an open protocol can work, and of how easy to use it could be. Whether the protocol that ultimately emerges requires users to send outputs to a certain address or not, I imagine there will still be a place in that ecosystem where users will need products (web, mobile, etc.) that give them easy interfaces to the trust info on blockchain. Long-term, I'm hoping AudenX can offer products like that. Near-term, AudenX could just be a testing ground to get the wheels turning in peoples' heads. There are already a ton of ideas I have that presuppose the existence of this trust data — but the protocol needs to exist first, and I need to find a group of people interested in using it.

But there is not a protocol... So you just hoping people will recognized this as uniformed way of doing trust. I really think this needs more time to be thought out, I think your jumping in with two feet, but it takes a lot of time to develop these things.

[CIYAM]

A couple of things I'd like to suggest:

1) rather than ratings between -10 and +10 why not just keep it minimal so: -1 (failed), 0 (resolved) or +1 (succeeded)

2) reserve the entire 8 digits of each protocol tx so that the protocol can be extended

and of course it would be advised to *formalise* the protocol *before* starting up the service.

Apart from rating specific transactions for services or goods it would be useful to have *special* ratings for things like GPG identity and perhaps even other *real identity verifications* that could useful for services such as loans.

[nyusternie]

1) rather than ratings between -10 and +10 why not just keep it minimal so: -1 (failed), 0 (resolved) or +1 (succeeded)

at least on the plus side, it would be nice to have a range (similar to the 5 star system).

Ideally, I'd like to see the AudenX.com website develop into a showcase of how such an open protocol can work, and of how easy to use it could be.

the problem as i see it is that this should really be integrated into the CLIENTS. so unless you plan on offering your own client, what you are currently suggesting sounds to me like a new proprietary protocol that you want the currently OPEN clients to adopt. i don't want to in any way discourage you from what you're doing, its just that i'm just starting to see the trends in bitcion and they all seem to move towards OPEN / DECENTRALIZED protocols.

i'm currently working on a fork of bitcoinjs, which comes with its own web-based client -- similar to blockchain.info's mywallet. i'd love the idea of integrating a blockchain wot into this client.

GPG is already too easy how much more easier do you want it?

i know you're not serious. you couldn't possibly be serious.

[CIYAM]

at least on the plus side, it would be nice to have a range (similar to the 5 star system).

I understand but IMO that just makes it easier to *game* the system (i.e. getting 10 +5 *fake* ratings is certainly going to be easier than getting 50 +1 *fake* ratings - I have the same problem with the "skill points" system I have implemented in CIYAM Open and am now thinking of changing it for just this reason).

[gweedo]

GPG is already too easy how much more easier do you want it?

i know you're not serious. you couldn't possibly be serious.

Very serious LOL 100% serious, I don't know what software you were using but honestly I know about 10 people non-techies that use gpg no problems.

[audenx]

But there is not a protocol...

Correct. I haven't yet written a detailed protocol specification. Just to reiterate: this thread is for the purpose of brainstorming an idea with the benefit of other Bitcoin users' and developers' feedback. My goal in this thread is to gain insight that can help me start experimenting with some different protocol specifications.

So you just hoping people will recognized this as uniformed way of doing trust.

No, I don't expect lots of people to simply recognize and adhere to a new standard for scoring trust. I do hope, however, that in time I can build a proof of concept, gather a few alpha users, etc., and then try to grow it from there.

I really think this needs more time to be thought out, I think your jumping in with two feet, but it takes a lot of time to develop these things.

Agreed. Again, this idea is currently in the early concept phase. Version 0.01. Or 0.00000001, if you prefer ;-)

[CIYAM]

I think you need to check the definition of a protocol, this is uniform way of doing trust at best.

As far I can see the OP is about creating a send of standard conforming tx's over the Bitcoin protocol that can be used to define a WoT system - if you have something other than terminology disputes or arguments about how easy GPG is or isn't to use that would be helpful to this thread otherwise your input is just coming across as trolling (if you think people should just use Bitcoin-OTC you are entitled to that opinion and I think you've already made that point here so can we keep OT please?).