Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proposal: Blockstack "Good Citizen" reviewer #8

Closed
jeffdomke opened this Issue Jan 31, 2019 · 22 comments

Comments

Projects
None yet
9 participants
@jeffdomke
Copy link
Member

jeffdomke commented Jan 31, 2019

Big idea for this reviewer is someone who evaluates if the app is creating positive outcomes for the Blockstack ecosystem at large.

Will add individual reviewer proposals for:
– Reviewer: Can evaluate based on user growth of blockstack IDs
– Reviewer: Can evaluate onboardings/landing pages and decide if users are getting education around user-owned ID and storage
– Reviewer: Can evaluate open-source repo
– Reviewer: Can evaluate latest blockstack.js

To "win" with this reviewer, I expect an app should focus on:

Educate and explain Blockstack ID and digital rights.
Encourage users to use Blockstack ID above other options.
Make storage with Gaia easy.
Be open source.
Keep your software updated.

What other factors could be included?

@jeffdomke jeffdomke added the Epic label Jan 31, 2019

@moxiegirl

This comment has been minimized.

Copy link
Collaborator

moxiegirl commented Feb 2, 2019

Are they providing some form of documentation written or video for their product?
Support site, dedicated support email address, or forum provided? (Can't be ours)

@jeffdomke

This comment has been minimized.

Copy link
Member Author

jeffdomke commented Feb 4, 2019

@moxiegirl yep, good addition.

@jeffdomke

This comment has been minimized.

Copy link
Member Author

jeffdomke commented Feb 4, 2019

We had an impromptu brainstorm on Friday. Just random ideas:

  • Electronic Frontiers Foundation
  • New internet labs + an external developer
  • Brave
  • Messari
  • Decentralized ID Foundation.
  • Internet Archive
  • Decentralized Web Summit
@pstan26

This comment has been minimized.

Copy link
Member

pstan26 commented Feb 15, 2019

Speaking with @larrysalibra from New Internet Labs today to discuss his taking on this role.

@pstan26 pstan26 changed the title Proposal: Blockstack ecosystem health reviewer Proposal: Blockstack "Good Citizen" reviewer Feb 15, 2019

@larrysalibra

This comment has been minimized.

Copy link
Member

larrysalibra commented Feb 15, 2019

It was great chatting with @pstan26 today. We're really excited about the opportunity to help out the Blockstack ecosystem in this role. I've got a lot of thoughts about how this could be done which I'll share over the coming days.

@larrysalibra

This comment has been minimized.

Copy link
Member

larrysalibra commented Feb 19, 2019

As you know, I believe that we need to have software - user agents like browsers - that protect and defend our digital rights. (For more my thoughts on that, see this video)

As a "good citizen app reviewer", New Internet Labs would review apps submitted to the app mining program on the basis of the degree to which they respect and protect users' fundamental digital rights.

In the long term, we would look at a number of factors including things like this:

  • Is all of the users' data stored under their control in their gaia hub?
  • Does using the app force the user to rely on trusted 3rd parties?
  • What if any access does the app developer have to user data?
  • How does the app track users? If there is tracking, is it opt in?
  • How easy is it for users to use their data with another app?
    • Is it in a standard schema?
    • If it's a custom schema, does the app developer provide libraries to make it easy for other apps to work with the data?
  • Can users be deplatform? How easily?
  • Can the user opt in to updates?
  • Does the user know that the software he's running is the same as other users?
  • Is the app published to blockstack name?
    Is all user data stored to gaia?
  • To what degree is the app censorship resistance
  • Can I verify that code was delivered from developer?
  • Is the app open source?

In the short term, we'd start with a couple key metrics. As we build our new browser, the browser will play a role in checking for and reviewing more metrics.

I'd love to hear your feedback. What metrics do you think make an app a Good Citizen of the Blockstack Community? If you had to only pick one or two metrics, which would you pick?

@pstan26

This comment has been minimized.

Copy link
Member

pstan26 commented Feb 19, 2019

Think the number one priority in the near term Is all of the users' data stored under their control in their gaia hub? and then we could branch out from there.

@jeffdomke

This comment has been minimized.

Copy link
Member Author

jeffdomke commented Feb 21, 2019

https://docs.blockstack.org/develop/dapp_principles.html#blockstack-dapp-principles just referencing this as another source of principles.

@GinaAbrams

This comment has been minimized.

Copy link
Member

GinaAbrams commented Feb 21, 2019

@larrysalibra 🙌 If as an app reviewer you could start with one thing, asking "Is all of the users' data stored under their control in their gaia hub?" would make a big difference. It's conveniently the first point in our dapp principles too. 😉

Even if we had this alone as part of the ranking algorithm for the first several months, that would be majorly impactful for the developers who have done the hard work of integrating Gaia.

@pstan26 pstan26 referenced this issue Feb 21, 2019

Closed

App owner #42

@larrysalibra

This comment has been minimized.

Copy link
Member

larrysalibra commented Feb 22, 2019

Thanks for sharing that list of principles @jeffdomke - I hadn't seen it before - very helpful!

Even if we had this alone as part of the ranking algorithm for the first several months, that would be majorly impactful for the developers who have done the hard work of integrating Gaia.

That makes a lot of sense - thanks @GinaAbrams

@jeffdomke

This comment has been minimized.

Copy link
Member Author

jeffdomke commented Feb 24, 2019

I want to offer a counter point re starting with Gaia. We might consider a review factor by how much desired change it produces in the rank. Currently all apps in from 1–36 claim to use Gaia for storage, with the exception of Zinc. Assuming that they are all truthful, then the likely material change will be Zinc gets a penalty in ranking. That might be it. Again, I think we should rank based on Gaia, just not sure if it needs to be priority one, since as I just diagnosed, lack of this factor isn't having much current impact it seems.

Alternatively, I'm interested in a ranking factor that ranks based on the primacy of Blockstack auth which I think would impact a couple more apps.

Again think we should do both but if we are trying to find priority 1, feel like I need to make this point.

And if you think apps are falsely claiming Gaia and they are currently ranked 1–36, then my whole argument might be wrong.

@hstove

This comment has been minimized.

Copy link
Collaborator

hstove commented Feb 24, 2019

It's interesting that you think it isn't having much of an impact. Yes, there is only 1 app making money real money without Gaia. However, that app is # 2 in total earnings, at $45k. Is this what the app mining program is trying to do? I don't think so. It's fine to incentivize apps to only add Blockstack auth, but I think your rank should change significantly if you're not enabling digital rights with Blockstack.

So, yes, the only impact is Zinc getting a lower score, but it's much more in line with the program's goals, in my opinion.

@larrysalibra

This comment has been minimized.

Copy link
Member

larrysalibra commented Feb 26, 2019

Alternatively, I'm interested in a ranking factor that ranks based on the primacy of Blockstack auth which I think would impact a couple more apps.

Again think we should do both but if we are trying to find priority 1, feel like I need to make this point.

Agree with Jeff on this as well. Apps that only use Blockstack Auth are "better citizens" - they should be ranked as such.

@AC-FTW

This comment has been minimized.

Copy link

AC-FTW commented Feb 27, 2019

I understand the point @hstove makes, but ultimately agree with @jeffdomke and @larrysalibra. What does it matter if I used GAIA or some other service, as long as the data is encrypted with user owned keys, they have access to export the data, and I use Blockstack Auth? If Blockstack Auth appears as the 2nd or 3rd option after Google or Prime Auth, then it seems more like a cash grab to me then an actual option that is being emphasized--especially without an explanation of what it is and what it's benefits are compared to Facebook or Google Auth.

To address @larrysalibra 's question, the two metrics I would choose to identify Good Citizens of the Blockstack community are:

    • How easy is it for users to use their data with another app?
    • How does the app track users? If there is tracking, is it opt in?

I would modify #1 above to say how easy is it for users to access and control their data. It may not be possible to use their data with another App because of standardization, but if they can control their data (i.e. delete it and read a plaintext JSON of it), that goes a long way. The schema and standardization mentioned is icing on that cake.

Tracking users is important to be able to opt out of because it allows a user to control their implicit data.

One other thing that is not mentioned, but might be helpful is how well and App explains Blockstack principles and technology to a user in context. We talked about a lot of ways to do that in Stealthy but it didn't make the schedule unfortunately. I think that would have helped users understand more about why they should use Blockstack and what the benefit is to them.

@larrysalibra

This comment has been minimized.

Copy link
Member

larrysalibra commented Mar 13, 2019

Thanks for for the feedback everyone including @AC-FTW. New Internet Labs is gearing up for a dry run this week and this is how we plan to go through apps:

We'll to look at usage of both Gaia and Blockstack Auth.

For Blockstack Auth, someone will try to use the app and observe to what degree is used for authentication. Is Blockstack ID

  • the only auth method
  • one of multiple methods (presented equally with all others)
  • a secondary auth method
  • not used at all

For gaia, someone will look at the app's use of gaia. Each app will be given a rating based on which category it falls into:

  • doesn't use gaia at all
  • uses gaia for some things (some data is stored elsewhere or we are unable to determine if some critical user data is sent elsewhere)
  • data is only stored in gaia

We might expand these categories or add new categories based on observations during the dry run.

The plan is to use standard developer tools and/or a gaia hub we control to examine each app's use of Gaia. This process will evolve based on our experience during the dry run.

It's important to keep in mind this is a dry run and results won't affect the outcome of app mining this month.

@shankarganesh-pj

This comment has been minimized.

Copy link

shankarganesh-pj commented Mar 14, 2019

@larrysalibra Good work. I will be happy to help and let me know if you need any "Good Citizen" from community.

@hstove

This comment has been minimized.

Copy link
Collaborator

hstove commented Mar 14, 2019

@larrysalibra , I am curious about how you would judge apps with an indexer, such as apps using radiks. I believe that some apps couldn't function without an indexer, like Travelstack and Banter. These apps still store all your data in Gaia, so that you still 'control' them. And the indexers use key signing to ensure that the data on the server matches was not tampered with. This falls into 'all data is stored in Gaia', but a copy is also indexed.

What is your thought on that?

@AC-FTW

This comment has been minimized.

Copy link

AC-FTW commented Mar 14, 2019

@hstove brings up an interesting question about data storage that may not make sense in GAIA. @larrysalibra for Stealthy's use case and possibly other messengers, some data ends up stored in:

  • realtime databases (i.e. gun.eco or firebase) for discovery convenience and push notifications
  • async (local) storage for caching and fast app start up and recovery from long background

While neither of these is required for the messenger to work, they improve the experience by speeding things up and reducing the number of steps user have to perform to talk.

@mehmetkose

This comment has been minimized.

Copy link

mehmetkose commented Mar 15, 2019

@AC-FTW these solutions are centralized

@larrysalibra

This comment has been minimized.

Copy link
Member

larrysalibra commented Mar 15, 2019

Have a bunch of thoughts on these questions from the dry run. Let me organize my thoughts over the weekend and I’ll get back.

@AC-FTW

This comment has been minimized.

Copy link

AC-FTW commented Mar 15, 2019

@mehmetkose how is storing data on my own phone centralized (referring to async / local storage)?

gun.eco is not centralized in the same the way that XMPP / email isn't centralized--you can deploy multiple servers/peers and spec your system such that others are able to. (Edit: optionally of course--you can also use it centralized and not replicate/provide replication abilities)

Firebase is centralized, but we've been saying that since day 1 and it's why we made it optional (you can disable it on our settings/profile page)--so too are push notifications if you want to do them--the folks working on status spent a lot of time trying to find a way around that, unsuccessfully.

@jeffdomke jeffdomke closed this Mar 21, 2019

@jeffdomke

This comment has been minimized.

Copy link
Member Author

jeffdomke commented Mar 21, 2019

Closing this cpic since we "shipped" the V1 of digital rights reviewer. We can always create another epic focused on improving if needed. Thanks everyone for the help getting this from 0 to 1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.