Bitcoin Forum
December 10, 2016, 07:05:24 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Introducing BitCoinFeedback.com!  (Read 4678 times)
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
May 09, 2011, 08:23:04 AM
 #1


The site isn't entirely ready yet, but it *should* be ready enough to fully use.  I just don't yet have all of the features implemented that I'd like to see.  Give it a try, and let me know if you see any potential security problems or bugs.

The site serves two main purposes:
1. Provide a central and easy-to-use location for rating various businesses and individuals who sell or trade with bitcoins.
2. Allow users to validate that a particular bitcoin address is indeed attached to the seller they believe it should be attached to.

I decided to create the site after seeing the stickied list of "honest traders" on this forum (http://bitcointalk.org/index.php?topic=484.0).  It just seemed that there wasn't any way to leave feedback for someone you are trading with aside from the list on the forum and the web of trust/IRC trading.  I know that IRC trading isn't exactly user-friendly for people who haven't used IRC before.  I also know that the list on the forums can be a bit cumbersome to use and search through, and disorganized.  This website is meant to fill the hole between those two options.

Potential dangers:
- Users registering under another members name with malicious intent to deceive.  Best prevention is to ensure that you register your forum name and any business names you have at the website quickly, even if you do not plan to use the website.
- Others...?  You tell me if you can think of anything.

Future expansion
I intend to expand on this website, perhaps through use of another domain name, to allow sellers to create "listings" of items or services for sale.  I am picturing a craigslist-style catalog, but with feedback and usernames integrated.

Let me know what you think!  http://www.bitcoinfeedback.com - I am open to all constructive criticism!
1481353524
Hero Member
*
Offline Offline

Posts: 1481353524

View Profile Personal Message (Offline)

Ignore
1481353524
Reply with quote  #2

1481353524
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481353524
Hero Member
*
Offline Offline

Posts: 1481353524

View Profile Personal Message (Offline)

Ignore
1481353524
Reply with quote  #2

1481353524
Report to moderator
1481353524
Hero Member
*
Offline Offline

Posts: 1481353524

View Profile Personal Message (Offline)

Ignore
1481353524
Reply with quote  #2

1481353524
Report to moderator
1481353524
Hero Member
*
Offline Offline

Posts: 1481353524

View Profile Personal Message (Offline)

Ignore
1481353524
Reply with quote  #2

1481353524
Report to moderator
joeydangerous
Jr. Member
*
Offline Offline

Activity: 55



View Profile
May 09, 2011, 10:56:17 AM
 #2

i really like this idea! I am starting to do business using bitcoin now and I'd like people to know they can trust me. I got an error message when I tried to register:
Parse error: syntax error, unexpected ';' in /homepages/44/d217581656/htdocs/bitcoinfeedback/register.php on line 7

Let me know when you figure it out, I'd like to be one of the first to register!
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
May 09, 2011, 03:05:30 PM
 #3

Haha, figures, I launch it with a defect that doesn't allow anyone to register!  Fixed.  Smiley
speeder
Hero Member
*****
Offline Offline

Activity: 546



View Profile
May 09, 2011, 06:06:44 PM
 #4

Still broken your site.

It gave other errors though...

SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
May 09, 2011, 06:18:58 PM
 #5

Try now?  Fixed some other errors.  Should have done more testing after adding the anti-mysql-injection function, but I didn't know it could cause any trouble!
Insuremeplz
Member
**
Offline Offline

Activity: 113


View Profile
May 09, 2011, 07:07:56 PM
 #6

Great idea. The homepage colors make my eyes want to bleed though!
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
May 09, 2011, 08:17:17 PM
 #7

Great idea. The homepage colors make my eyes want to bleed though!
Lool, what would you suggest?  I was considering changing all of the green to grayscale...  Or, click on the FAQ page, and tell me what you think of the colorscheme there.
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
May 09, 2011, 09:28:03 PM
 #8

Just fixed an error where only members who had bitcoin addresses would show up in the search.  Now, all members show up in the search, regardless of whether you have assigned any bitcoin addresses to the person.

For an example of how the private bitcoin address verification works... enter 1CjoEtypZhqkBLSdfpnphNYjWyokourkxe into the search box.  My username shows up, but clicking on my username only shows a single public bitcoin address.  The above address is associated to my username, so if someone searches for that EXACT bitcoin address, my username will show up.  But there is no way for another person to find that bitcoin address on the website, thus keeping it private.

This is useful for ensuring that private bitcoin addresses stay private, so that no one but the legitimate payee can lay claim to a payment made to your account.
Insuremeplz
Member
**
Offline Offline

Activity: 113


View Profile
May 09, 2011, 09:35:05 PM
 #9

Great idea. The homepage colors make my eyes want to bleed though!
Lool, what would you suggest?  I was considering changing all of the green to grayscale...  Or, click on the FAQ page, and tell me what you think of the colorscheme there.

Anything that isn't so bright and more neutral. Color isn't bad, unless it's overwhelming.
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
May 09, 2011, 09:39:45 PM
 #10

Fair enough.  I'll work on toning down the color scheme this evening.  Maybe just less saturation for the green, rather than going completely gray with it.

Thanks for the suggestion.  Smiley
lulzplzkthx
Sr. Member
****
Offline Offline

Activity: 322



View Profile WWW
May 09, 2011, 09:45:14 PM
 #11

You may consider authorizing users using gribble's database. Again, somebody could signup as you on gribble, but many users already have OTC accounts, and you could make this optional "verify with #bitcoin-otc", do the same authorization gribble does, and then give a little badge on the profile if they've verified that way.

Just a suggestion.

BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
May 09, 2011, 10:02:06 PM
 #12

I'm working on a similar project, however mine isn't up to registration - a scammer wouldn't normally "sign up" to this sort of things, do he? - but to use hashing look ups instead. Still allowing people to register if they want to manage (see, not alter) their feedback, like associating more items to the same person, nick, email, url...

Eg.

You're about to make a deal with someone who's address is john@doe.com, so you enter it for lookup and the JS library will convert it to:
2c441c6e1c73d03e1e317c46395bf45c9b0efe80 - this is what is sent to the server.

My intent was to prevent feedback harvest and browsing, displaying hashes is safer.

I put its draft here: http://bitcointalk.org/index.php?topic=3920.0
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
May 09, 2011, 10:11:20 PM
 #13

Thanks for the suggestion lulz, I'll consider it.  I'm not terribly familiar with the OTC verification process, or how I would hook in to it, but I'll look in to it.

Interesting take BCEmporium.  No, a scammer would not sign up for this sort of thing, but that's exactly my point - if a user you are considering doing business with isn't signed up to this or another feedback/verification service, maybe you shouldn't be trusting them with your bitcoins or service/goods.

Hashing all of the content before sending is an interesting idea.  Wouldn't HTTPS accomplish the same thing though?

This is certainly a less secure method with regards to information.  It's not something that those who wish to remain anonymous would want to use, as the username, business name, website, etc, is public information that anyone on the web can see (with the exception of private bitcoin addresses that are entered).  I suppose in this way, this feedback website is meant to be more "mainstream" and "userfriendly" than the web of trust (and possibly the website you are describing).  It displays some information about a given company or person, and that helps the mainstream public trust the website and the bitcoin system as a whole.  Someone jumping right in might not want to send bitcoins to a person over an IRC channel (or really know how to use IRC in the first place), but they might be more willing to send bitcoins to someone whose bitcoin address is associated with a public profile on an established website.
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
May 09, 2011, 10:23:41 PM
 #14

The issue I was addressing was more related to ID theft than data encryption.

Like on bitcoin-OTC you've:

john +10
andrew +8
mary +7
...

The simple access to this kind of list can give a scammer the chance to impersonate one of this folks in good stand, like registering to some new business with one of those nicks.
Whereas the same list hashed presents no such threat, or to a much lesser degree, as the scammer doesn't know what username he needs to impersonate.
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
May 09, 2011, 10:45:35 PM
 #15

The issue I was addressing was more related to ID theft than data encryption.

Like on bitcoin-OTC you've:

john +10
andrew +8
mary +7
...

The simple access to this kind of list can give a scammer the chance to impersonate one of this folks in good stand, like registering to some new business with one of those nicks.
Whereas the same list hashed presents no such threat, or to a much lesser degree, as the scammer doesn't know what username he needs to impersonate.
So you're proposing a similar list to bitcoin-OTC, only it be hashed, so that another user looking to your own website wouldn't know which account to spoof?

It's a good thought, so I'd be interested to see how it does if started up.  I'm not sure that it's really fit for the mainstream or public though, but that would be something to be seen.

I'll work on proof-of-ownership for accounts if/when the situation arises.  It would likely include PMing on the forums, if they are using their forum name as the sign-up or business name, or emailing from an official website address, if they believe someone else is trying to take over their name on the website.  There's a variety of ways I could have someone prove that it is their forum name or business name.  In the meantime, I'll just continue to encourage people to "take ownership" of their accounts on the website before anyone else does.
nanotube
Hero Member
*****
Offline Offline

Activity: 485


View Profile WWW
May 09, 2011, 10:54:35 PM
 #16

The issue I was addressing was more related to ID theft than data encryption.

Like on bitcoin-OTC you've:

john +10
andrew +8
mary +7
...

The simple access to this kind of list can give a scammer the chance to impersonate one of this folks in good stand, like registering to some new business with one of those nicks.
Whereas the same list hashed presents no such threat, or to a much lesser degree, as the scammer doesn't know what username he needs to impersonate.

there is a reason OTC identities are based on GPG keys rather than nicks. Smiley unless you manage to lift mary's private gpg key... good luck claiming her OTC identity.

Join #bitcoin-market on freenode for real-time market updates.
Join #bitcoin-otc - an over-the-counter trading market. http://bitcoin-otc.com
OTC web of trust: http://bitcoin-otc.com/trust.php
My trust rating: http://bitcoin-otc.com/viewratingdetail.php?nick=nanotube
Tally-ho
Newbie
*
Offline Offline

Activity: 19


View Profile
May 09, 2011, 11:20:14 PM
 #17

I'm not trying to step on any toes here...and perhaps I haven't thought this through completely, but why not use a 3rd party feedback system that is already in place like heatware.com?
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
May 09, 2011, 11:35:52 PM
 #18

I'm not trying to step on any toes here...and perhaps I haven't thought this through completely, but why not use a 3rd party feedback system that is already in place like heatware.com?
No worries!  I expect my toes to be stepped on when coming up with new ideas.  Smiley

I wanted to create something that was bitcoin-centric.  Heatware can't tell you whether a bitcoin address is indeed associated with the user account at heatware.  I could just tell you that "oh hey, my username on heatware is blah blah", and if blah blah had a good rating, then they might believe me.

Unless, there's more to heatware than meets the eye... still, I like the idea of being able to verify that a seller/merchant is attached to a particular bitcoin address instantly.
Tally-ho
Newbie
*
Offline Offline

Activity: 19


View Profile
May 10, 2011, 04:23:40 AM
 #19

I'm not trying to step on any toes here...and perhaps I haven't thought this through completely, but why not use a 3rd party feedback system that is already in place like heatware.com?
No worries!  I expect my toes to be stepped on when coming up with new ideas.  Smiley

I wanted to create something that was bitcoin-centric.  Heatware can't tell you whether a bitcoin address is indeed associated with the user account at heatware.  I could just tell you that "oh hey, my username on heatware is blah blah", and if blah blah had a good rating, then they might believe me.

Unless, there's more to heatware than meets the eye... still, I like the idea of being able to verify that a seller/merchant is attached to a particular bitcoin address instantly.

Ahhh, makes sense.  Implement a little more accountability/security into the system.  I think that's a great idea that will hopefully get rid of all but the most determined of shysters.
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
May 10, 2011, 04:25:30 AM
 #20

Glad you like the idea Tally-ho.  Smiley

I added the option to hide your email address.  Most people will want to enter an email address for future account verification and password retrieval/reset, but not everyone wants their email publicly displayed.  You now have the option to hide it in your account settings.
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!