Idea for anonymous reputation on sites like Paxful

[theymos]

One of the more anonymous ways of buying bitcoins currently is to buy a gift card with cash and then sell it for BTC on Paxful. However, it is difficult to do this with a brand new Paxful account because BTC-sellers are wary of various types of fraud in this process (eg. buying the gift card with a stolen credit card); however, if you build reputation on a Paxful account, you will then be tying all of your acquired BTC together, which is terrible for privacy. This could be solved with blinded bearer certificates (eg. lucre):

1. Paxful designates certain users as trusted. These users might, for example, have their identity known to Paxful.
2. Without having to create an account, a user can post an advertisement like "Selling a $100 Amazon gift card for BTC". When they do this, they will spend all of the Paxful trust certs that they have acquired at any time in the past. Their advertisement will then be listed with a trust score equal to the number of submitted certs.
3.
    a. If the advertisement is cancelled, then Paxful will reissue new certs equal to the previously-spent certs and give them back to the advertiser, so the advertiser’s trust score will not change.
    b. If the advertisement is completed successfully, and the counterparty is a Paxful-trusted user, then Paxful will reissue new certs equal to the previously-spent certs plus 1. So the advertiser’s trust score will either increase, if they are dealing with a Paxful-trusted-user, or stay the same if they’re dealing with any other user.
    c. If the advertisement results in fraud by the advertiser, then no new certs will be reissued, and the advertiser will lose all of the trust points that he associated with the advertisement.

The result is that you can do Paxful trades without any possibility of your transactions being linked together (blinded bearer certificates are perfectly anonymous, even to the "bank"), but with tracking of your reputation so that once you’ve done a few trades, you will be able to easily trade with people.

[1714018657]

1714018657

[1714018657]

1714018657

[1714018657]

1714018657

[1714018657]

1714018657

[mdayonliner]

I never heard of paxful before, considering I do not know much about the outer world. 
So, I actually do not understand how this certs is working for the their trust system but it seems a good idea that to keep myself anonymous - buy a gift card and sell it in paxful for BTC.

When it comes to trust, as a new user on there - someone can use their BitcoinTalk profile (if they have one) as an alternative (if that works for paxful, I will create one account later today to explore their features) to show the reputation they have here in BitcoinTalk.

[HeRetiK]

So if I understood correctly: In essence using centrally issued tokens as a representation of trust ratings, decoupling previous transactions from subsequent ones by burning the original tokens?

One potential problem I see is with the proposal of users spending all their certs / tokens they have acquired in the past. Couldn't this potentially enable correlation attacks? Not so much with users that only have a low level of trust, but once a certain level of trust is reached correlating advertisements to one another based on the amount of certs spent might become trivial (ie. a lot of people have 10 trust points, only few have exactly eg. 854 trust points). This could likely be easily alleviated by allowing for custom amounts of certs to be spent though.

I'm not familiar with blinded certs though, so I might be completely off-target.

[aleksej996]

I am not familiar how gift cards work, but if you can't use a gift card after you sell it (no chargebacks).
I don't see why this just easily couldn't be added to something like Bisq, where BTC are locked in a 2-of-3 multisig with an arbitrator until the trade is over.

I don't see why it is necessary to involve centralized trust based systems into this.

[HCP]

I am not familiar how gift cards work, but if you can't use a gift card after you sell it (no chargebacks).

The problem with "digital" gift cards is that there is no way to tell if the card has been redeemed until you try to redeem it.

Essentially, you are buying a "private key" that someone else has already seen. So basically, you pay... Get given a code, and hope that it hasn't already been used. Buying them with cryptocurrency is fraught with danger for the buyer.  

Paxful essentially acts as an "escrow" and "trust system" to try and protect the buyer... While providing a platform to connect buyers and sellers.

With a physical gift card, you can see if the scratch off portion hiding the code has been removed and therefore already revealed... But obviously this isn't practical for a lot of people to arrange in person meetings to inspect goods prior to purchase.

[RGBKey]

Wouldn't that limit most people without large amounts of reputation to only a single open trade? I suppose that may be beneficial. Just trying to think of blocks in the user experience.

[HCP]

Wouldn't that limit most people without large amounts of reputation to only a single open trade? I suppose that may be beneficial. Just trying to think of blocks in the user experience.

It would limit everyone to a single trade:

2. Without having to create an account, a user can post an advertisement like "Selling a $100 Amazon gift card for BTC". When they do this, they will spend all of the Paxful trust certs that they have acquired at any time in the past. Their advertisement will then be listed with a trust score equal to the number of submitted certs.

I guess the idea is to avoid people attempting the "long con", whereby if you only had to use 10 trust certs, they could collect say 100 trust certs... then they could try and run 10x concurrent scam trades with the accumulated trust.

In a way, forcing a user to use ALL their trust certs, means they have to risk their entire reputation... rather than a small, possibly insignificant, part of it.

[theymos]

So if I understood correctly: In essence using centrally issued tokens as a representation of trust ratings, decoupling previous transactions from subsequent ones by burning the original tokens?

Right. And due to how blinded bearer certificates work, even the issuer can't know that the burned certs and the re-issued certs are connected.

BTW, this would be a per-site thing, not a widespread "trust cryptocurrency".

One potential problem I see is with the proposal of users spending all their certs / tokens they have acquired in the past. Couldn't this potentially enable correlation attacks?

It would limit everyone to a single trade:

It's not actually necessary to burn all of your certs, I was just imagining that as the most common scenario.

I was actually imagining that the certs would be completely divisible, so if you had 100 then you could do 100 trades with 1 trust score each. But if this is undesirable, one solution would be to have certain fixed denominations into which you could up-convert but not down-convert. So perhaps there would be denominations of 1, 5, 10, 25, and 100. If you did a trade in which you used 5 1-value certs to achieve a trust score of 5, then at the conclusion of the trade you would end up with 1 5-value cert back, and it would not be possible to ever divide this again (except perhaps on an unofficial, off-site basis, at a premium). Using fixed denominations would prevent much correlation on value.

[Diamond Member]

If I am understanding this setup correctly, the goal is to have a system in which you can engage in many trades, building a reputation, while preventing anyone, including Paxful from knowing your trade history.

My concern about this setup is that it will allow anyone who is "trusted" to essentially generate an infinite number of trust, as they can trade with themselves to generate trust certs for their alternate account. This would mean that the cost of attempting a scam would be zero (or very close to zero), and it would be difficult (if not impossible) to trace a series of scam attempts back to the "trusted" person.

Wouldn't that limit most people without large amounts of reputation to only a single open trade? I suppose that may be beneficial. Just trying to think of blocks in the user experience.

It would limit everyone to a single trade:

2. Without having to create an account, a user can post an advertisement like "Selling a $100 Amazon gift card for BTC". When they do this, they will spend all of the Paxful trust certs that they have acquired at any time in the past. Their advertisement will then be listed with a trust score equal to the number of submitted certs.

I guess the idea is to avoid people attempting the "long con", whereby if you only had to use 10 trust certs, they could collect say 100 trust certs... then they could try and run 10x concurrent scam trades with the accumulated trust.

In a way, forcing a user to use ALL their trust certs, means they have to risk their entire reputation... rather than a small, possibly insignificant, part of it.

I don't think there is a way to force someone to spend all of their certs. That is somewhat like saying that you must spend all of your inputs in a transaction.

I am not familiar how gift cards work, but if you can't use a gift card after you sell it (no chargebacks).

The problem with "digital" gift cards is that there is no way to tell if the card has been redeemed until you try to redeem it.

Essentially, you are buying a "private key" that someone else has already seen. So basically, you pay... Get given a code, and hope that it hasn't already been used. Buying them with cryptocurrency is fraught with danger for the buyer. 

I am not familiar with the specific details of how Paxful operates, however I would think both buyers and sellers would be at a high risk of fraud. If the buyer discloses the digital gift card "code" to the seller, if the code is subsequently loaded onto a newly created account, I do not see a way Paxful would know if it was the buyer or seller who loaded the code in the event of a dispute.

[theymos]

If I am understanding this setup correctly, the goal is to have a system in which you can engage in many trades, building a reputation, while preventing anyone, including Paxful from knowing your trade history.

Right

My concern about this setup is that it will allow anyone who is "trusted" to essentially generate an infinite number of trust, as they can trade with themselves to generate trust certs for their alternate account. This would mean that the cost of attempting a scam would be zero (or very close to zero), and it would be difficult (if not impossible) to trace a series of scam attempts back to the "trusted" person. 

Once new net trust has entered the system, it can't be traced. But the issuer can place limits on how it is created. For example, they could allow their designated-trusted users to create only so much net trust per month. And the issuer knows everything about each trade, even if they don't know the trade histories of the users, so they could disallow net-trust-creation for trades which look suspicious to them, using whatever criteria seems appropriate.