
A decentralized anonymous marketplace - cyberviewer
https://mailman.stanford.edu/pipermail/liberationtech/2014-March/013304.html
======
hendzen
Fun fact: the original Satoshi bitcoin code included a partially completed
distributed market system. Check out the file market.cpp in version 0.1.0.

That said, some major challenges (I've done a bit of thinking about this) -
First: Sybil attacks on the reputation system. The author alluded to this but
the solution given was vaguely specified and somewhat reminiscent of social
network driven overlays like Tonika that a) are inherently problematic for
anonymity, and b) hard to grow due to aforementioned invite problem. Another
problem is maintaining anonymity while making things efficient - the obvious
design would be DHT based but this leads to a whole host of weaknesses (see a
paper called 'Hashing it Out In Public' for details), and leads to fragility
as DHTs are weakened by high rates of churn, which are quite common in real
world p2p networks. Have quite a bit more to say on this topic but I'm on
mobile at the moment, may write up an essay at some point.

I would encourage the OP to read up on some of Peter Todd's ideas around
fidelity bonds for some ideas on the reputation aspect, also have a look at a
(centralized) marketplace called NashX for dispute resolution.

EDIT: also check out the bitcoin-otc web of trust.

~~~
runeks
> Fun fact: the original Satoshi bitcoin code included a partially completed
> distributed market system. Check out the file market.cpp in version 0.1.0.

For the curious; content of market.cpp and market.h:
[http://pastebin.com/aa82ajub](http://pastebin.com/aa82ajub)

~~~
liamzebedee
This system was spread out among other files, including a review system and
such. The commit where Satoshi has removed it provides a nice overview:

[https://github.com/bitcoin/bitcoin/commit/5253d1ab77fab1995e...](https://github.com/bitcoin/bitcoin/commit/5253d1ab77fab1995ede03fb934edd67f1359ba8)

------
runeks
As far as I can see, the essential problem with decentralized anonymous
marketplaces is that reviews need to cost money. Plain and simple. Good
reviews have great value, so they need to have a non-zero price. A vendor's
review history is the indicator by which you assess whether a vendor is
trustworthy or not, and a vendor should have to pay to achieve a trustworthy
reputation - if good reviews are free, and you can make money from good
reviews, they would have little value.

This is the reason spam emails are so frequent: you can make money from
something that costs very little. If reviews were near-free, good reviews
would be as plentiful as spam emails.

Free reviews means vendors can make sock-puppet accounts, fake a transaction,
and leave a five-star review to themselves. With Silk Road, they take _x_ % of
the value of each transaction (or if not, that's at least how it should be),
so if a vendor seeks to inflate their review score, they will pay a price for
it.

In fact, a good overall review score for a vendor - as far as I can tell - is
the sum of all the review "values" (1 to five stars) multiplied by the value
of the transaction in question. So a vendor with 10 five-star reviews on 10
orders of a value of 1 BTC each, would have the same score as a vendor with a
single five-star review on a single transaction with a value of 10 BTC. Both
these vendors would have paid the same amount of money to get this, equal,
review score.

I've thought a bit about this, and I don't see how this can be solved in a
decentralized market, with no middleman to tax transactions, and make sure
that vendors can't get free reviews.

~~~
ap22213
It doesn't help me to know that an anonymous person had tipped an anonymous
vendor. That doesn't add much value.

However, it would be sufficient if I could somehow determine that someone that
I knew had tipped the vendor.

Of course, I don't want my friends to see that I had tipped someone, or all of
those of whom I have tipped. I just want it to be possible that they can see
my tip, within an aggregate poll, only if and when dealing with that vendor.

~~~
runeks
> It's not important for me to know that an anonymous person tipped an
> anonymous vendor. That doesn't add much value.

Allow me to disagree (with the last sentence). If you can see that a certain
vendor has spent a total of, say, 100 BTC on fees, to build up a reputation,
then it doesn't make financial sense for that person to try to scam you in a 1
BTC transaction.

~~~
ap22213
Maybe. But, doesn't it make sense for a vendor to spend 100 BTC in fees to
build a reputation so that they may scam 1,000 people in 1 BTC transactions?

~~~
runeks
Yes, it does. Which is why you have to have the trust factor incorporate the
transaction volume for each vendor (calculated based on how much they've paid
in fees).

Scamming 1,000 people for 1 BTC would require having 1,000 open orders for 1
BTC each at the same time. If a vendor who has paid 100 BTC in fees has over
one hundred 1 BTC pending orders, you'd probably be wise to stay away. And the
software can guide you in making this decision.

------
justinjlynn
Hi. I've been working on a system very similar to OPs description for months
now -- [http://portobello-road.org](http://portobello-road.org) . Must be an
idea who's time has come, eh? Now I know how Newton and Liebniz felt when they
discovered they'd simultaneously invented calculus. Aside from a few
architectural decisions (hubs and marketplaces instead of DHT for seller data
dissemination and indexing) things are much the same. Would love to join
forces and do something cool. I've already gotten a whitepaper put together
(though very incomplete I've done a lot of the work in getting a build system
for LaTeX up and going and a structure in place) and an initial implementation
of a downloadable nodewebkit client and some server code. Just starting on
documentation of the communications protocol and getting things going, so it's
not very far along. Open to all discussions and debate regarding architecture
and specifics.

~~~
justinjlynn
Oh, forgot to directly link the codebase. It's at
[https://github.com/portobello-road](https://github.com/portobello-road)

------
logicchains
As a market anarchist, I think it's important to point out that the concept of
'reputation' plays a significant role in many justifications of how a market
may function without regulation or any other form of state oversight.

Making a market completely anonymous significantly limits the role reputation
can play, which leads me to wonder whether some of the standard arguments for
the effectiveness of markets don't apply in this case.

~~~
pliny
One of the goals in the OP:

>* Allow users to maintain a pseudonymous identity that carries anonymous
trust across transactions.

i.e. anonymous as in it's difficult to establish a real world identity for
sellers not anonymous as in no persistent identities at all.

Bootstrapping such a marketplace is obviously difficult, since it's never safe
to buy from someone without reputation but everybody starts without reputation
- it might be possible to demand some proof-of-work-money to establish a
marketplace identity, but I'm not sure where the money would go.

~~~
logicchains
But if the identity is not connected to a real world identity, there is no
legal recourse if that identity cheats you. Most who advocate a pure free
market still accept the need for a legal system (not necessarily a State-based
one), such that for instance people who take your money without delivering the
good may be sued.

An anonymous market means that there's no legal recourse if someone cheats you
or steals from you.

~~~
runeks
> An anonymous market means that there's no legal recourse if someone cheats
> you or steals from you.

Which is why the protocol needs to financially discourage cheating.

Take the Bitcoin protocol, for example. It's not impossible to build a Bitcoin
mining ASIC for $10M, get 30% of the network hashrate, and have a reasonable
chance of reversing a 6-confirmation transaction. But unless you can find
someone who is willing to accept a 6-confirmation $10M-equivalent Bitcoin
transaction, it doesn't make financial sense for anyone to do so.

The same should apply for this hypothetical protocol. If you can see a
merchant has spent 100 BTC to build up a reputation (eg. through proof-of-
burn), he _could_ try to scam you when you buy 0.5 BTC worth of goods from
him, but he wouldn't profit from it financially.

~~~
hendzen
In practice it is better to build p2p systems under the stronger assumption
that actors need not be economically rational. Otherwise the market could be
attacked (say by a nation state that wants to kill it) by repeatedly building
up rep, then scamming on a large transaction (even if the accumulated rep is
worth more) to destroy faith in the market itself.

~~~
runeks
Of course. But if this is not possible, we're much better off with a system
where at least actors cannot profit from being dishonest.

I think Bitcoin is a great example of a system that is not cryptographically
secure per se, but still holds up because actors need to spend money to -
temporarily - prevent it from functioning properly.

------
roeme
This is interesting; but as a netizen taken part in international transactions
outside of ebay/amazon I'm wondering how one can make the whole transaction
safe/trusted in the face of complete anonymity for both seller and buyer.

Escrows are mentioned; but I can't shake the feeling that malicious
individuals can game the whole system by creating a lot of sockpuppets and
pulling up a smokescreen of trust, ultimately ripping somebody off in a high-
value transaction, either as a seller or buyer.

It was/is possible on the platforms mentioned above; I don't imagine it more
difficult in a anonymous market.

Looking forward to their results and insights to this.

------
boredinballard
There is a project called BitMarket that runs a market on the bitmessage
platform, really neat.

[https://github.com/AyrA/BitMarket](https://github.com/AyrA/BitMarket)

[https://bitmessage.org/forum/index.php?topic=3549.0](https://bitmessage.org/forum/index.php?topic=3549.0)

~~~
lappa
Just a note: This is not decentralized, it is just a centralized marketplace
using the decentralized network Bitmessage.

------
dan_bk
> * Are there any similar attempts we can contribute to or borrow ideas from
> instead of implementing something on our own?

RetroShare could be used as a platform for this, given that it's:

\- 100% Decentralized

\- Public key encrypted

\- Open source

...and accepts plug-ins for new features. See:
[http://retroshare.sourceforge.net/](http://retroshare.sourceforge.net/)

------
infruset
I think they might want to reconsidert using bitmessage for communications,
because it has some serious security failures as it stands. At least according
to
[https://bitmessage.org/forum/index.php?topic=1666.0](https://bitmessage.org/forum/index.php?topic=1666.0)

------
DanielBMarkham
This was what the internet was supposed to be all along, correct? A place
where data can move freely from point to point without oversight or control
from a central authority.

Strange that we seem to have to keep trying to get back to where we started.

~~~
celticninja
this is not about data, this is about the transacting of physical goods over
the internet. I am not sure you understand a) what the OP is suggesting or b)
what you are saying.

~~~
DanielBMarkham
Nope, I got it. I conflated "data" and "purchases", mainly because they are
both transactional, and the difference between pure data and physical goods is
decreasing by the day.

Thanks for pointing out the difference, though. I should have been clearer in
my comment.

------
mrfusion
People are mentioning the need for reviews in such a marketplace. I present
one possible solution:

> Users pay some fee to leave reviews. the more they pay the more the review
> is weighted.

> Buyers can rate the reviews on how helpful they are.

> A small transaction fee is collected from every transaction and distributed
> to reviewers proportionate to how many votes their each of their reviews has
> gotten.

I imagine this would prevent review spam, and reward people who post good
reviews. In fact it could even support a class of professional reviewers
making a living off of reviewing sellers and products.

~~~
allworknoplay
This is incredibly open to abuse by both vendors and their competitors. A
rater's "realness" is probably much better judged by other measures of
marketplace activity or simply equal weighting than by their willingness to
pay to bias the ranking of a particular review. I'd tend to defer to what's
worked in other (semi) anonymous markets -- it's pretty easy to tell when
someone is real or not based on their activity patterns.

A better policy is probably to keep raw information available and let people
parse it in different ways, rather than baking in a risky and probably fragile
system we hope will work.

------
iamsalman
My 2 cents: The element of trust is primary for any financial transaction.
There's a reason why eBay Amazon et al employ thousands for conflict
resolution b/w buyers and sellers. I wouldn't mind going on SilkRoad for
acquiring something which I otherwise cannot but for items which are available
elsewhere, I don't mind giving up tiny bit of control while transacting on a
commercial platform like eBay.

~~~
wildgift
I think the relationship is desirable, which is why some people will pay a
higher price to have a relationship with a vendor, with the understanding that
if s transaction goes wrong, the vendor won't balk at fixing the problem.
There might also be an expectation that one party or other will extend credit
for a few days.

In contrast, there are touch-and-go relationships all the time, like at
convenience stores. You can't have the exchange without being present for the
entire transaction, because neither party trusts the other.

------
treirich
When I read this proposal I immediately thought that Namecoin could be an
asset, being a decentralized DNS. Maybe use a variant of Namecoin on
individual 'store' nodes to resolve them to a single (non-ICANN) TLD that can
be spidered and displayed by several aggregators.

[http://en.wikipedia.org/wiki/Namecoin](http://en.wikipedia.org/wiki/Namecoin)

------
lappa
I've written a description for the potential implementation of a decentralized
pseudonymous marketplace. I would appreciate any critical analysis of it.

[https://github.com/lapp0/Smart-Market](https://github.com/lapp0/Smart-Market)

~~~
runeks
In my humble opinion, after the advent of bitcoin, there is no longer a reason
for a client to do proof-of-work. Bitcoin basically outsources proof-of-work
to miners, and presents you with a token that represents proof-of-work. As
money, bitcoin proves - just as proof-of-work - that you've worked for it,
there is no such thing as free money. The price of a unit of proof-of-work
varies wildly, depending on what hardware you have. The price of money is the
same for everyone, or at least varies much less.

The problem with proof-of-work is that attackers can invest in powerful
hardware - as your spec notes - and have an advantage over other nodes. When
paying in bitcoin, as a spam prevention mechanism, no one has an advantage
over others. Everyone pays the current market price for bitcoins, and even the
miners - who generate bitcoins, and so don't pay the market price - _can_ sell
their coins at the market price, so it still comes down to " _do I want to use
these bitcoins to spam this network, or do I want to sell the coins for $575
per piece?_ ".

~~~
lappa
I agree and don't plan on using PoW other than in the proof of concept. V0.2
should use PoS because proof of burn (as a believe you are suggesting) is bad
for the Bitcoin network (large number of unnecessary tx) and expensive (you
don't want to pay the tx fee every time you view a listing). PoS doesn't
require any tx in the Bitcoin network (ignoring those you used to earn the
stake).

Thanks for the comment. Let me know if you have any other concerns.

~~~
runeks
> V0.2 should use PoS because proof of burn (as a believe you are suggesting)
> is bad for the Bitcoin network (large number of unnecessary tx) and
> expensive (you don't want to pay the tx fee every time you view a listing).

My suggestion was related to ratings, not viewing listings. I think that if
the network reaches a sufficient size (thousands of nodes), retrieving
listings won't be a problem. Hosts can simply throttle connections, and refuse
to send out more than a certain number of listing to a single host in a
certain time frame.

I don't see proof-of-burn as bad for the Bitcoin network. Proof-of-burn
transactions are instantly pruneable, so they don't really put a burden on
nodes (other than the 200 bytes they take up in storage space).

~~~
lappa
Yes, every object, listings, ratings, etc. should be PoS instead of PoW. I
suppose the hosts can define their throttling in the contract they make with
the seller, so that isn't my decision.

PoB tx usually do require a change output along with it's burn output, and
even if we weren't concerned with that, 200 bytes is 1/5000th of a block
meaning only 5000 objects can be broadcasted per 10 minute period (assuming
everything in the bitcoin block is a PoB tx). In other words, it doesn't
scale.

------
rk17
The advantages of the anonymous marketplace only really apply to people who's
work is being suppressed (activists/journalists) or who's work is rightfully
being persecuted (criminals). Maybe there's a case to be made that a lot of
people do want to know who they're dealing with, besides that the system
(algorithm etc.) thinks they're thrust worthy.

~~~
Thiz
In countries like Venezuela, where government is enforcing laws for price
control and shops are shutting down everywhere, an anonymous marketplace would
be a godsend.

Citizens under totalitarian regimes are the ones who benefit most from crypto
currencies, crypto messaging and crypto markets.

~~~
rk17
Yeah, I should have included that example. Just adding that repression on that
scale actually merits regime change more than finding a workaround. Although
the workaround might be more feasible in most cases. So, it's a good
initiative.

------
64598u3wieodsk
SpeakEasy comes to mind. It was very much in its infancy last time I checked,
but the ideas behind it seemed profound. I don’t have access to .onion sites
right now, and I don’t have the url either, but maybe someone remembers and
can post the link (assuming it's still up).

------
sadfnjksdf
Fully decentralized means everyone has their own autonomous device to act as
server and client of the transactions and has a usable decentralized (probably
mesh) network. P2P over the standard net is NOT fully decentralized.

------
m0g
I'm not sure with OP doesn't address SilkRoad use cases on top of the ones he
mentions, that are clearly a minority if we consider what is likely to happen.

~~~
bertil
Well, actually, one that he describes ‘journalists sharing secrets’ can be as
big as the drug trade, if you read ‘journalist’ as ‘black hat hacker’ and
‘secrets’ as ‘exploits’. Silk Road couldn’t really do that, because of
possible meddling from the central host, but without that risk…

------
buzzybee
I want to see fewer markets. Markets create complex work for people.

~~~
runeks
A market is simply two or more people engaging in a transaction. Why would
they engage in the transaction if they think it's more work for them?

