New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Be honest about what this app is really for #5
Conversation
👍 |
1 similar comment
👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Spot-on.
👍 |
@jasny why was this closed? This seems like a better description of the app. |
From https://twitter.com/jrmithdobbs/status/951529205065433088
I find this conclusion reasonable, but would like to extend the invitation for @jasny and the rest of the LegalFling.io team to explain what you were thinking when you designed this app, and answer to why this criticism was closed without comment. You realize that, allegedly knowing how "blockchain" works, the abuse I mentioned in this pull request is very likely to occur, right? Even if it has no legal standing in court, it is the sort of thing sovcits love to use for their crazed threatening letters, and it's the sort of thing Twitter Nazis love to excerpt without context to summon their hordes to harass their victims. There are really three ways this can go:
Hint: Step 2 is the best outcome. |
I can’t wait for the lawsuits that quote this PR as proof you were notified that you seemed to be willfully creating a platform which enables abuse. Going to be hard to say you had no idea. |
If you think this application is a tool for deniability, please stop, read and think. For starters, forget about the blockchain for a second. Who ever say's "stop, let's first sit down and talk about the do's and don'ts / rules and boundaries before sex?" You might expect your one-night stand to have the same norms as you. Reality shows that this is not the case. We believe that the smartphone centered youth will find such an app a good tool for this. Saying "Before we continue, let's first fling" is something I can imagine happening. Being legally binding will mostly help in cases where you can fit current comment legal documents, like an non-disclosure-agreement. That is where Live Contracts and the blockchain comes in. This application can remind people about well general decency at the moment it matters most, right before having sex. We would love to have Sarah Jamie Lewis, not only for LegalFling but for LegalThings in general. I've already reached out and hope she's open for it. |
So you live in a fantasy world where consent can not be revoked and where things are “legally binding” because you say so (please cite relevant case law. There is zero to my knowledge for this form of contract especially as it relates to withdrawing consent before or during the act. As it stands and based on your above response you seem to intend your tool to be used to harass victims. |
Also, please be specific about the jurisdiction of said case law. |
This app is an implementation of the new Swedish law. |
This exchange doesn’t make you look as good as you think it does. You are addressing the harassment concern only from the angle of men in position of power to grant them even more power. I can guarantee you they don’t need that and if you keep providing your service, it will be used to silence victims. |
Being in the Netherlands, you should know that contracts are 'formless' here; that is, any sort of agreement is legally binding, whether written, oral, or otherwise. Claiming that your app is 'legally binding' is therefore completely meaningless. As far as I am aware, this is true for most of the Western world.
And these solve what problem, exactly? It sounds to me like you have a 'solution' that's looking for a problem; not surprising, since this entire app seems to be intended as a marketing demo for 'Live Contracts'.
There's a much easier solution to that that doesn't depend on a trivially abusable app: talking to your sexual partner. In person. With your voice. One has to wonder why you don't seem to consider this a reasonable solution.
That same "smartphone centered youth" still has a mouth they can use to speak with. They don't need a dubious abuse-prone app built on unproven technology for that. Said youth use smartphones because it solves certain practical problems for them; in this case, you have failed to provide a concrete practical problem that this solves better than existing solutions. What it all comes down to, is that you've repeatedly been advised of the abuse potential and practical uselessness of this app. At this point the distinction between malice and ignorance pretty much ceases to exist - it doesn't really matter whether you started this with malicious intentions, because your complete failure to address the issues that others have pointed out means that you're currently behaving maliciously. |
I highly recommend everyone, present and future, that reads this Github issue to take a moment to read The Moral Character of Cryptographic Work by Phil Rogaway. |
Why would anyone actually use this? It's impossible to revoke consent in its current state. One of the general principles about distributed systems is that ordering events is hard. Blockchains in particular don't guarantee ordering of events. Someone trying to show that they revoked consent turns into a he-said she-said situation - which is what we already have without this (broken) system. With this system, you cannot ever get an earlier message of consent off of the blockchain. You might be able to put "revocation of consent" messages into it if you wish, but those aren't useful, for reasons I'll outline below. The only useful thing that this system offers is a way for people to get a non-retractable message of consent out of a partner. Consent itself is not irrevocable, and neither should any messages conveying that consent. Any malicious parties can just use that irrevocable message as a shield to hide behind. In any good, healthy sexual encounters, there shouldn't be a fucking need to put consent on the blockchain. Consent shouldn't matter to anyone outside of that encounter - if you need to prove the other party had consent to other people, then.... I'm not really sure what to tell you, because frankly, that's incredibly toxic. Is it a problem that some people can (falsely) claim they revoked consent? Yes, but it's been shown to be a fairly small/overblown problem in the long run (especially since nothing ever comes of them - innocent until proved guilty, after all). However, this is still a reality that this 'app' encourages. Is it a problem that some people can revoke consent and then continue to be violated? Personally, as a woman - that's a pretty scary reality I face. This 'app' doesn't offer anything of use to a lot of people. Let's frame the different situations/outcomes:
This doesn't add any value to any encounter whatsoever. Additionally, if you're a malicious party, all that this does is add value and opportunities to exploit people, regardless of what gender you are:
So, to reiterate:
I'm going to currently assume that maybe you didn't think about this from other angles/perspectives (although the above discourse shows that's pretty unlikely), because the other alternative (that this was made with the express purpose of aiding malicious parties) is a bit of a sobering reality. Edited to add: something else I forgot. The entire point of a blockchain is to distribute trust and make it so that one person can't just force things into the blockchain or impersonate others. This doesn't really have any of those benefits. Consent is always between two people at its basics. Sure, like the site mentions, you can have 'group flings' - that's basically just a bunch of two-way consents (think about the handshake problem). In any case, between two people, it'll always boil down to just two people. How does the rest of the blockchain verify the truthfulness of any statement? Sure, we can verify that person X said that they grant consent to person Y, or that X revoked it. However, how do you verify that X was violated by Y? You're taking one person's word-of-mouth and blindly throwing the blockchain at it. There's a lot of things I've seen that just blindly use the blockchain and don't really get any of the benefits of a distributed ledger, but this takes that brand of stupid to a whole new level. |
Let's take a quick look at one of the "features" listed on the website. So, again - the entire point of a decentralized ledger is that a majority should be verifying claims and then adding them to the ledger. Let's take a quick look at bitcoin. At its basis, people just sign messages saying "I'm X and I give Y BTC to Z". However, additional info is verified for a transaction to get confirmed (i.e. that you have at least Y BTC). It does not just verify that the statement was made by X and then throw it into the ledger. So, this feature - how does anyone else verify that consent was revoked? How does anyone else verify that X was violated? How do you get a majority of users to verify what went on, behind closed doors? You don't, and that's why this is horribly flawed. You're either going to be blindly trusting the words of users (and opening doors to false claims), or you'll basically have loads of unverifiable claims, which should not be added to the ledger. The entire point of this stuff being decentralized is to avoid someone having an authoritative source on something. However, that simply is not how consent works. I can't repeat this enough. A person will always be the only authoritative source on their consent, and its status. Consent and a decentralized ledger are two wholly incompatible ideas. |
The core use case of this application is to assist rapists in their criminal defense. |
@PandorasFox It seems like you want this app to do things that technology simply can't solve. You can't use this app to prove there was continues consent at any moment. If your think in terms of an agreement, as a proof that there is consent and requiring a specific action to revoke the consent, your are misunderstanding how agreements work and how consent works. The contract formalizes an agreement between two parties. So what might be in this agreement? (Not the actual legal text, but just to give you an example.)
How is the blockchain useful for rape victims?So let's take a worst case scenario. You've accepted a LegalFling contract. However you ware not treated respectfully. And worst, upon asking him to stop he didn't and forced himself on you. What now? Currently, the only option you have is go to the police to give a statement so they can start criminal charges. In practice this often doesn't happen. Part of the reason is that talking about a traumatic personal experience to a complete stranger is hard. With LegalFling you can indicate that the man did not respect you, inspitte it being abundantly clear (through the agreement) on how to behave. When you click on 'violate' you can explain what happened. This is automatically communicated to the other party as well as stored on the blockchain. He can either acknowledge it and deal with it from there. Or he can deny it as which point the Live Contract can assist with taking it to court. What he can not do is ignore this or deny he knows about this. This statement is anchored in the blockchain, which means that even a man in power can't use his power to delete of falsify your statement. If you choose to take it to court at later time. For instance when you learn more women have been violated by the same person. It's good that you've created your statement is such a way it's always verifiable. So to conclude, the Live Contract is not some real time device that says; 'now you're allowed' and click 'now your not'. That doesn't work. Instead it's a way to communicate clear rules of engagement. The blockchain is used, so that you don't have to rely on a trusted third party (in this case a police officer) to take and store a statement. You can do that yourself. |
Consent Bypass PoC:
From a standalone point of assessing the security in any sense of an application, one must try to work out what the vulnerabilities might be. Worst case scenario for you the developer here is that your app could enable an abuser to spoof consent and if you are somehow correct that this is in any way grounded in a legal contract basis, you've helped them achieve their goal. I'm not really interested in some semantics/hypotheses about some app password or similar auth implementation, because this will just add tangents of security discussion that will detract from the main issue |
To add to this, it's reasonable to assume that at least some of the people involved in this application had honorable intentions and were trying to leverage technology to solve a problem. I hope we can realise this sentiment so as to not allow attrition to come between meaningful discourse. |
@path-braenaru We'll release LegalFling as an open source project to everybody can check there is no backdoor. Any unintended security issue will be fixed asap. Security is always a challenge, but one we can handle. We've also passed a security audit for Euronext. If an abuser uses the app via the phone of the victim, he isn't better of. He just made it easier for the victim to take action for the abuse. Additionally, we can add a pin to make sure you can't access the app if you have access to the phone. |
How? How does a victim prove that it wasn't them who granted consent "at the press of a button"? Again - the entire point of a blockchain is that you are not relying on one person's word and that everyone verifies claims before adding them to the ledger. Consent is something wholly unverifiable by external parties. How does any of this help? How does any of this add value to people? If the only benefit is that someone violates your consent then you can go after them with this app - you'll just end up in court in a he-said she-said situation regarding what actually happened, which is what already happens with these sorts of proceedings. There's no difference between anything on this blockchain and a text message in the eyes of a court. Additionally - what happens if someone uses this to show consent to people, then they hook up with someone without using this to grant consent? From an outsider's point of view, it would be the same as if they got raped - there's no consent that they can see! It could be argued that since they never granted consent on the blockchain, they never granted consent (which is pretty fallacious - not publicly granting consent for everyone to verify does not mean there was a lack of consent). Again - the entire point of a blockchain is that everything added to it is verifiable and nonreversible. Consent is neither of those things. These are two wholly incompatible ideas, and combining them is very bad.
Is no one even going to point out that if you're going to police officers beforehand to show that you have consent, you probably have a lot of problems? Like, that's pretty screwed up. I think that right there kinda shows that this is generally bad - the situation that you're proposing this replaces is something that generally only malicious parties do... Also, eliminating the first sentence:
So why do you need to put the consent on the blockchain if you can do it yourself? :) |
@jasny you missed my point - it's not a code-based attack. I want you to realise, or rather admit, that it is conceivable that an abuser could use the application to enact 'consent' whilst a victim may not be in a suitable position to stop them, thereby removing the credibility of the app's purpose entirely. If an abuser uses this app on a victim's phone when, say, the victim is unconscious then, according to your blockchain indexing, that victim supplied consent. |
@path-braenaru @PandorasFox I'm afraid you're misunderstanding the point of LegalFling. The apps is not about proving you have consent. There is no way you can prove consent through an app or any other type of technology. You don't create a contract to prove something. You create a a contract to clearly and unambiguously set the rules of a relationship. If that contact is broken, then you need to provide proof that it is, through other means. So to be absolutely clear LegalFling is not a tool to prove consent. You can't prove consent!At no point do we claim this. It's unfortunate that some media has interpreted it this way. We believe it's cultural. In some countries (like the USA) the primary reason to draft a contract is to cover yourself in case of a lawsuit, instead of it being a way to communicate and formalize the rules of a relationship. |
That doesn't matter, because it's going to be used as if it does. There are an estimated 237 million people in the US. Most people will properly shun this application, but some will use it, and there will be criminal cases, and defenses "from the blockchain" will be entertained, and may very well be successful. |
If you admit you can’t prove consent you’re admitting there is no reason for the existence of this app. I’m glad you see what we’ve been saying. I look forward to your announcement of pulling this product. Further reading: |
If you're admitting you can't prove consent, then this is pointless (and you're pretty much misleading users, too). You cannot verify consent/mutual consent without proving it, too. I very much doubt that this could at all be a replacement for a trusted third party, because this app knows nothing about you or your current state. A police officer can verify that you are, indeed, you. A police officer can verify you're not drugger or inebriated when giving consent. This app cannot distinguish between you, or a malicious party taking your phone & granting consent - and unlike a real-life contract, which can be annulled, things appended to the blockchain, cannot be removed from the blockchain. This is not a replacement for what you claim it replaces, nor does it add any value for any non-malicious parties. |
Okay, I think we've reached a final conclusion with this discussion.
|
No description provided.