Hacker News new | past | comments | ask | show | jobs | submit login
OpenBazaar 2.0, powered by IPFS (openbazaar.org)
512 points by zapita on Mar 28, 2018 | hide | past | web | favorite | 236 comments

I work on OpenBazaar and I'm happy to answer any questions. The basics: It's a fully distributed network where people engage in trade directly with each other using cryptocurrency. Because there are no middlemen, there are no fees, there is no centralized data collection, there are no account sign ups, and there is no censorship.

You can view the server (Go) here:


And client here:


Hi Sam,

How do you intend to prevent sybil attacks on seller ratings? Since there are no account sign ups and subsequent verifications, it would be theoretically possible to create a large number of accounts with fake reviews.

The honest answer is that we haven't solved the decentralized reputation problem and reviews can't entirely be trusted.

There are a few factors that still make reviews somewhat useful though. People can choose to attach their name, and if they are reputable then their review matters more than an anon account. Reviews also can only be left when there is a full record of trade having occurred, and funds have moved (verified on the blockchain), so at the very least an attacker is paying cryptocurrency fees for each false rating.

But ultimately there's a lot of work to be done in decentralized reputation. The work of projects like Trust is Risk seems promising (we've supported their efforts):


Is anonymity only related to identity, and which parties are involved in a transaction?

Could there be a way to leave identity and parties involved anonymous, yet track count and/or value of transactions without knowing what they were?

If this were possible, some weighting could be assigned to reviews based on count and/or value of transactions, to somewhat combat a review bomber willing to pay for many small transactions. In a sense it would raise the cost of a fake review campaign.

I bet if you gave users the option to have only count and value of their transactions public, in exchange for some sort of “trusted reviewer” status badge, that a significant number would opt in to it, because people like to earn badges and points for reasons more motivating that we intuitively think.

edit: better yet, allow opt in to have your transaction count and value incrementee on a per transaction basis, so you could earn reputation power or not depending on the marketplace or persons dealt with.

side note: I think the “free sub” episode on Seinfeld may have been the first reference to gamification mechanics on television.

Why isn't a basic version of proof of work a reasonable approximation of that for the time being? Ex. to provide a review you must also provide a value that when postpended to your review gives a hash containing some properties that scales with the number of reviews. This doesn't solve decentralized reputation at all but does prevent review bombing.

If the buyer leaves a review after making a purchase, that's effectively a small proof of work in and of itself, and you can only leave one review per purchase.

We haven't seen review bombing attempted yet, but if someone were willing to pay a bunch of fees then I suppose it is possible to do.

In book publishing an author can purchase copies of their own books in order to increase purchases by others. This effect is actually common in many industries, even in mobile apps :)

So OpenBazaar's no worse than preexisting systems in this respect.

It's also borderline an unsolvable problem, because how do you identify "legitimate" customers in an anonymous de-centralized system, when it's even too complicated to achieve in a centralized system?

Assign a cost of creating a single anonymous identity: you've got to send xx amount of bitcoin to an unspendable address.

That is somewhat analogous to proof of stake, I guess?

And definitely in the record industry

There is a dichotomy in real cost/benefit ratio for PoW systems as spam control between real users and attackers. Attackers have more to gain from accepting the PoW penalty than users do. There is no difficulty of PoW that would both deter attackers with a financial motive and be reasonable for average users.


A spammer could easly bypass that with capital/hardware.

Anybody can do anything with enough capital and hardware :-)

The question is always just "Will the cost of fraud exceed the benefits of fraud" and if that is true, no one in his right mind will do it.

>gives a hash containing some properties that scales with the number of reviews

That woudl IMO mean that once you have 10k reviews you can scam some customers without worry.

Is there a check that the price in the transaction is (greater or) equal to the price of the product?

Or, can I pay for a product from multiple addresses and leave many reviews?

Edit: typos

The buyer can only leave one review per purchase, it's not one review per payment.

What is the logical distinction between purchase and payment? How does one know the differences when the transactions are anonymous?

Each step in the transaction flow appends a new step - digitally signed - into a JSON document that acts as a ledger. So the seller puts out the listing and the buyers signs it and sends the funds. The seller won't proceed with the order until the payment is made in full, so the ledger doesn't get any new information until then. The final step (the review) is the last addition to the ledger.

It's based on the concept of the Ricardian Contract by Ian Grigg, adapted to become a ledger. This allows trade to continue asynchronously.

Every purchase goes to a unique address. Multiple payments can be made to that address but they constitute a single purchase.

Will you be able to delete a user's data to be gdpr compliant, while still using IPFS ?

Pretty sure the goal of a distributed technology like that is to not be affected by laws such as gdrp enforced by centralized governments, same for drug laws etc.

The problem with that is that it often ends up being used mostly by people who want to specifically circumvent these laws unless there's some other incentive to attract vendor and shoppers for "legit" goods.

How does OpenBazaar compare to something like ebay or alibaba in terms of both usability and fees? Does it have an edge?

Also while I greatly value distributed infrastructure in general I'm not sure I see the advantage for an e-commerce platform. When I buy something through a respectable platform I like the guarantees provided by the 3rd party in case something goes wrong. It's actually a feature for me, not a drawback.

> How does OpenBazaar compare to something like ebay or alibaba in terms of both usability and fees? Does it have an edge?

I think OpenBazaar only advantage is freedom of censorship, although if lightning ever becomes a thing it could compete on fees.

> When I buy something through a respectable platform I like the guarantees provided by the 3rd party

If OpenBazaar manages to implement a solid reputation system in addition to smart contracts and escrow-like functionality, it could offer relatively good guarantees of service like some of the centralized darknet websites do.

>When I buy something through a respectable platform I like the guarantees provided by the 3rd party in case something goes wrong. It's actually a feature for me, not a drawback.

Isn't the guarantee already baked into smart contracts and escrow-like functionality? I mean that the deal, or money transfer only happens if both parties agree, e.g. you greenlighting the transaction after receiving and inspecting the good.

It's not possible to do this trustlessly. What if the seller doesn't post the goods? What if the seller does post the goods but I say he didn't? How can the smart contract distinguish those two cases?

> It's not possible to do this trustlessly.

It is possible as long as smart contract backed by money from both parties. Customer buy item for $5, but both seller and customer additionally put $10 each into contact and these money remain locked until both parties confirm that everything is fine. Once confirmed seller get his $5 and customer already have his goods, $10 become available for both parties again.

This scheme worked on other online payment systems even decade ago and require zero trust.

PS: This obviously just an example and not how it work on OpenBazaar and there is detailed post from developers in comments.

That's a good idea, although obviously impractical for larger purchases.

Look at how bisq does it. Trustless, private transactions of relatively large sums, with escrow and arbiter resolved disputes. Bisq is the best crypto-fiat exchange system if it's ok for the transaction to take a couple of days.

For large transactions you have to put a lot of faith into the arbiter. What if they're not being impartial? What if they're corrupted? Eventually you want an arbiter that's "big enough" not to have an incentive to cheat you for any mundane transaction, like a bank or a huge company like Amazon. They're always available, mostly consistent with their rulings and can guarantee a huge amount of transactions at once without bottlenecks. I know that Amazon has no incentive to screw me over a $2000 purchase. Also since they generally have a history of transactions for both seller and buyer they can more easily identify fraud. The more information the arbiter has the more likely they are to rule correctly.

Suppose that a Canadian buys a DVD from a German, some Chinese guy is elected by the system as arbiter. The Canadian guy claims he hasn't received the DVD. What does the arbiter do? Book a ticket for Canada to check it out? Ask the German to send him the DVD first so that he can forward it? What if the chinese guy steals it and claims he's forwarded it then?

Here's how Bisq does it[1]:

>Arbitrator follows a protocol to request additional information from both parties and renders his decision based on acquired evidence.

Well that's very nice, how do you prove that you haven't received anything? What if you've received something but it's broken? Or not the thing you wanted? It seems so easy to game the system.

I have a hard time believing that distributed arbitration system like the one you're talking about could beat the speed, scale and efficiency of our current infrastructure. Maybe for certain niches it would could work though, for a cryptocurrency it might make sense to avoid centralization and a single point of failure.

[1] https://github.com/bisq-network/docs/blob/master/exchange/wh...

A bit of a late reply, but in case of bank transfers proof of transaction is actually an interesting topic. You use PageSigner[0] to make a cryptographically secure webpage screenshot of your bank statement. I'm still a bit confused about how TLSNotary (underlying technology) works, but apparently it does.

[0] https://tlsnotary.org/pagesigner.html

More specifically it's possible for digital goods since you can effectively do the entire exchange "on chain" so to speak, therefore letting the algorithm decide if the conditions have been met. But like everything else blockchain it breaks down heavily as soon as the physical world is involved because the blockchain has no practical way to reach an objective trustless consensus on the state of meatspace.

Why would you give your Ok to the transaction if your transaction partner doesn't deliver? The smart contract just holds back the money, and pays the seller after your Ok. If you e.g. receive a broken product, you'd return it to the seller, and then wait for the seller to give his Ok.

I haven't looked into OB and how it works over there, this is just my mental model of how smart contract might work in commerce. A transaction needs the Ok from two parties for it to happen.

And if you do receive it, but you lie and say you didn't receive it? How does the smart contract know you're lying and not the seller?

It wouldn't be much different from how it's handled in traditional ecommerce. If there's a legal dispute, or something "disappears", the're ways to find out where it went missing, you could go to court. You're still using package services for physical goods. The money would be held back until both give the Ok and the dispute is resolved.

Yes, but "We put extra in effort into breaking the law." is among the worst possible things you can say to a court. That one is unable to fulfill their obligations because it's impossible by their own choice of technology is not an excuse. A user of such technology is still affected by laws if they ever get hands on them. This removes the incentive to use the technology apart from those that specifically (or by negligence) are out to break that law. I wouldn't want to attach my name to anything that I know will have major consequences for me personally.

> I wouldn't want to attach my name to anything that I know will have major consequences for me personally.

It's a good thing for all of us that Phil Zimmermann didn't feel that way.

Phil Zimmermann didn't actually do anything illegal, if we believe that the export of PGP was done by other people.

He knew he'd be targeted (and he was), legal or not. It's probably why whoever wrote Bitcoin used a nom de chiffere.


I'd say the primary goal is to remain anonymous and retain your privacy, not evade government legislation, and those two are completely different things. [1]

The general public are finally realising more and more how much big companies are misusing, selling, profiting from our data, evading our privacy for their own financial gain [2]. Having a distributed marketplace should also decentralise the data that is collected. I'm not saying that OpenBazaar doesn't expose/collect all data from sellers and buyers, I don't know, but it's a lot closer than a company like eBay that store and sell data (keeping it to themselves).

Even if it is possible to see all of OpenBazaars data, it at least creates a fair playing field where everyone can see all of the data.

Let's also have a look at Amazon. A company who lets retailers sell on their platform, only to undercut popular sellers when they discover a new gap in the market [3]. At the same time gladly taking a cut of your sales [4]. Having a decentralised marketplace that is free to use, doesn't compete with its sellers and creates an even playing field by sharing all data with all users equally has to be a benefit to society?

1. https://duckduckgo.com/?q=why+should+I+care+about+my+privacy

2. https://www.pcworld.com/article/2986988/privacy/the-price-of...

3. https://www.theguardian.com/technology/2015/jun/23/amazon-ma...

4. https://services.amazon.co.uk/services/sell-online/pricing.h...

I'm happy to see the above summary of the principal benefits and motivations behind such trustless, private and decentralised systems.

I think it's worth talking about the fact that the discussion too often degrades to "good people don't have anything to hide" or similar arguments. Such an attitude demonstrates incomprehension of just how much power these little pieces of data surrender to the upper tier of our stratified society. Examples of that would be banal, especially today.

"not be affected by laws"

Are you kidding? The will make ISP blacklist yuor IP ranges faster than you can spell decentralized. This is the fundamental issue with any "decentralized" service that it runs on a system that is controlled by governments and corporations. You can fool yourself into believing that this works but in practice they can stop you so many ways that it is not worth the effort even trying. Step 0 for any decentralized service is to create a point to point network that is fully operated by end users and there is no dependency on anything that is controlled by a government or a ISP/corporation. Good luck!

What IP ranges? IPFS is peer-to-peer. So unless you mean they'll blacklist the entire internet...

Yeah I understand.

Few questions:

- after I installed IPFS where does it connect first?

- if both computers in a theoretical IPFS cluster are behind NAT how do you make them connect to each other without a 3rd publicly available node?

Thanks in advance.

You can mask and encrypt data going over the network. The only thing they can do is prevent usage of networks entirely.

As someone who works in the cryptocurrency industry, it's refreshing to see someone dedicated to building something actually useful instead of another depressingly transparent get-rich-quick P&D scam. I will download and try OB this week.

Glad to hear it, please let us know how it goes. There's a feedback button built right into the client so it's very easy to let us hear your feedback!

Same here. I created a few service listings this weekend. I really like the technology (can I use the word "platform" here?) and the vision.

I wonder about the business side though. Vendors need many buyers and vice versa, yet download and installation presents significant friction.

For OB, what might become a kernel of serious market activity as collectibles apparently was for eBay in their early days? I believe you are targeting Crypto trading, right?

It's interesting to note that the submitted blog post has no mention of the plans to launch a token[0].


Well the submitted blog post is old and predates our curation token plans so it's not really weird. A token will never be required to use the protocol. Even if we tried to make it work that way we'd be forked because it's fundamentally unnecessary for the base protocol.

Thanks for the kind words! I hope you enjoy using it.

How does the recent FOSTA legislation square with this distributed network?

I presume that it works similar to the BitTorrent network where there are nodes and supernodes? I also assume that if someone creates a listing, it gets distributed automatically to many different nodes on the network.

So if that's the case, and an illegal sex trafficking listing gets created, how do you ensure that innocent nodes or supernodes on the network don't become liable for the criminal listings that may inevitably popup?

Listings are not pushed to unwillimg nodes. Nodes only pull and cache content they explicitly load. If you load something that isn't something you want to provide to the network you can clear your cache.

We do operate a few nodes that accept content updates from user nodes but we can manage what is and isn't hosted there. They're not really "super" nodes because anybody can host them and have nodes push data to them.

OpenBazaar is not like BitTorrent but more like Tor hidden services. As a node, you do not host any content that isn’t yours. When you visit a store, you traverse through the network and communicate directly with the owner of the store.

So, the legal liability of each store rests with the store.

This is not quite correct. It does actually work a lot like BitTorrent. When a node loads content it begins to serve it it to other users as well. This cache can be purged by the user.

But isn't it fragmented so it is only serving chunks and not the whole thing?

Yes, data is fragmented and served in chunks just like Bittorrent. You might only serve small chunks of any given piece of data, and as a downloader you may be downloading different chunks from different peers.

Are the chunks encrypted or obscured? That is, could an adversary with local access to the node determine what object a particular chunk is part of? How about an adversary that can see traffic, but not the node's storage?

They aren't, how would you encrypt them so the local user could read them but someone with local access couldn't? You'd have to ask the user for a password every time the service started up, which would be terrible UX.

Since there's no censorship, it sounds like if OpenBazaar is successful it will be used to buy and sell illegal things.

How do you feel about that?


Illegality and immorality are different, and - speaking personally - I don't have an issue with the platform used for moral but illegal uses. If it helps people get medicine they need then I'm happy for them.

People using the tech for immoral transactions does bother me, but we've seen very little of it, and ultimately I strongly believe the benefits of free trade significantly outweigh the few people who abuse it.

This is admirable. Totally fucking admirable!

"I don't have an issue with the platform used for moral but illegal uses. If it helps people get medicine they need then I'm happy for them."

You really, really should not have said that. It will probably come back to bite you. Even if it doesn't, why even take the risk in making a statement like that in today's climate?

I do appreciate the word of caution.

I've gone beyond the point where any given act of self-censorship is more beneficial than speaking the truth of the situation.

My position: over the next few generations, adoption of decentralized technology will result in an enormously more peaceful and prosperous humanity then the centrally-controlled alternative. If we take the path of reliance on systems that are controlled by a few powerful organizations then we are at their mercy. The alternatives must exist for those who want to opt out.

I can obviously be accused of naivety, but if I'm open about my motives and my expectations it seems less likely to be accused of malicious intent.

I don’t think you’ll be charged with naivety, more likely that’s what your attorney will desperately try to plead. Of course, your words cited by GP will make that impossible.

Good luck, you’re really going to need it!

Don't let fear paralyze you. If those pushing the boundaries censored themselves based upon the fear of being persecuted in the future, we'd have no progress.

As far as I know, as long as they don't host any nodes with illegal content, they shouldn't get in trouble just for publishing the protocol and the client protocol and servers. Otherwise, the inventors of tcp/ip, http, bittorrent, telnet and more would be in prison.

> You really, really should not have said that. It will probably come back to bite you. Even if it doesn't, why even take the risk in making a statement like that in today's climate?

Hey now. Let's not shame people for speaking truth to power. This is a great forum for it.

>ultimately I strongly believe the benefits of free trade significantly outweigh the few people who abuse it.


I believe in decentralization and the benefits of anti-fragility.

Having only a handful of companies in the world exerting enormous control over online commerce is dangerous. The amount of data they control is staggering, especially when combined with data collected from other centralized platforms (social media, the banking system, government surveillance).

I don't like needing to ask permission to use those platforms in order to engage in something as fundamental as commerce. Alternatives need to exist, and OpenBazaar is the alternative to the tightly monitored and controlled online marketplaces.

The world needs a protocol and network for trade that no one company or government controls. That's OpenBazaar.

There is an alternative: (small) business. The world is filled with people who would love to setup a trading business. You might remember it, we called it "shops".

These corporations are so huge, because you buy stuff from them. That is the only reason. You bought and still buy stuff from them, because you preferred convenience and cheap stuff to integrity. Now they've grown so huge there is no way to control them. We will pay the price now, thanks.

We don't need another child-porn and weapons distribution channel.

I think the benefits of access to a nation-wide or world-wide market have been enormous and will become even more so in the future. Unfortunately we are realizing that the costs of this transition, if we maintain our current path, are grave. A decentralized approach like OpenBazaar mitigates or eliminates many of the negative side-effects brought on by our current, mega-corporation-dominated access model. With regard to small businesses, an OpenBazaar type system would enable small businesses to trade with the rest of the world (and their local community) on their own terms, without any anti-competitive BS, and without sacrificing profit to platform fees.

The question is: can a distributed system match the value Amazon's service provides to the consumer?

Sorry, I disagree.

Just because Amazon sucks, does not mean we need to retreat into full-on anarchy over this. Craigslist is also a marketplace and it isn't the behemoth Amazon is.

Also, Amazon provides a lot more than just a market-place. Everything from "inventory tracking to tax collection to credit card processing". These are no trivial features.

You could have started a regular, centralised, open market-place - by the community, for the community type of deal - and get the same benefits. Of course, selling "medicine" would be difficult.. but we all know that is not what this is about, right?

i agree

You said you want a network that no one company or government controls, but it sounds to me like what you actually built is a network for trade that no one controls.

What about a network that people could control, but not governments or corporations? That's a technical challenge if I ever saw one.

>what you actually built is a network for trade that no one controls

That's true in the same sense that no one controls the internet.

People can control their own portion of the network, they can ban peers and report listings to search engine providers. They can create a custom client that will only see certain types of listings.

Distributed networks aren't a new phenomenon, no one controls them either. If someone could control them they they wouldn't be distributed anymore.

There are ideas for governance systems (voting or other mechanisms), but if the network is permissionless then there's really no way to have an effective governance system (that I'm aware of).

Ideologically I like where you’re coming from, but legally speaking I think you’re going to prison.

I view it similarly to the creation of BitTorrent. Yes, it was used to facilitate illegal activity, but the creators of the technology themselves didn't host the infrastructure or break the law. We shouldn't be afraid to build new things just because they can be abused.

Also we monitor the network and the overwhelming majority is legal trade. If that changed at some point then it might be a different question.

Bram Cohen didn’t go on Hacker News and invalidate every safe harbor a defense counsel needs, either. Just to be clear, you’ve said, in writing, on behalf of your company, that you are aware of illegal activity happening on your network, that you’re okay with it, and that you monitor the network on which illegal activity is taking place and have determined the legality thereof (enough to know a minority is illegal), and to ice that holy shit cake you even fired a warning shot at pharmaceutical regulators planetwide.

That manner of legislative and regulatory flout is a heat-seeking company missile, and can only end with your eventual incarceration.

Abort thread. Talk to lawyer about further HN commentary. Your discussion here is plainly legally actionable by any investors concerned about your fiduciary responsibilities, and this page will almost certainly be printed out as an exhibit in several legal proceedings, some potentially criminal. I appreciate and respect the change you’re trying to drive, where you’re coming from, and your optimism, but you really, really need to understand the peril you’re in, as unfortunate as it is.

I’m dead serious. DPR got life without parole. They’re not messing around.

Repeat after me: I have no knowledge of illegal activity taking place on the platform, and condemn it.

We live in such a fucked up world that people with good intentions need to lie so they can have a bit of protection against those who would use them as a scapegoat from people who abuse those good intentions, even though everyone knows it is a lie.

FWIW and don't take it personally, but i do hope you are wrong and overreacting.

People that refused to tell obvious lies that everybody knew about used to be burned in a plaza or just thrown away from society.

In fact, they are still thrown away from society. Just in a slower manner. That's some progress anyway.

(I agree entirely, but one should endeavor to make that statement the truth to avoid the sharp end of the stick.)

That fucked up world is called the world, and the world as it’s always been. None of us has to like that, and we can try to change it, but it’s still the world. Ignoring reality in favor of what we want to be true is magical thinking.

Reality changes if society stops accepting it.

See: literal millions of people marching in S Korean streets in recent years because their gov was corrupt.

Correct me if I'm wrong but didn't DPR go well beyond creating a piece of software that might be abused, well beyond even making public statements indicating knowledge of illegal activity? I seem to recall attempted murder for hire, and a few other things that might have had some role to play in that sentence.

For a criminal action to take place, there has to be a violation of existing law. What law do you see being broken here, by the creators of the software, or users? Assuming they are diligent about keeping illegal content and activities off of servers they control.

Has anyone ever been prosecuted for making software, or using it, that was used by another in the commission of a crime? Perhaps there is existing law related to people who write and release software that was intended only for malicious use that could extended.

In the crypto/ICO space, the people getting into hot water have charges related to violation of finance and securities law.

"Has anyone ever been prosecuted for making software, or using it, that was used by another in the commission of a crime?"

Are you serious?

Humour me please!

Every author of virus, worm or ransomware in the wild. Even some cryptography programs were illegal to use not long ago. Specific programs with the intent of committing crimes.

Is it really so easy as to pretend you don't know? Surely that can't hold up for very long.

Bram Cohen didn’t go on Hacker News and invalidate every safe harbor a defense counsel needs, either. Just to be clear, you’ve said, in writing, on behalf of your company, that you are aware of illegal activity happening on your network, that you’re okay with it, and that you monitor the network on which illegal activity is taking place and have determined the legality thereof (enough to know a minority is illegal).

Yeah, he’s going to prison, but that doesn’t mean he’s wrong about the potential value of his platform, and it doesn’t mean his motives aren’t good. It probably does mean that idealism is a shitty defense in court though.

> Yeah, he’s going to prison

No he's not.

As I said in another comment, as far as I know, as long as they don't host any nodes with illegal content, they shouldn't get in trouble just for publishing the protocol, the client protocol and p2p servers code. Otherwise, the inventors of tcp/ip, http, bittorrent, telnet and more would be in prison. And no, just saying "I'm ok with people using it for evil" is not a reason to go to jail, 1st amendment comes into play here. Now, if they start relaying nodes with CP on it, even by accident, that's a difference story of course. My guess is that their software comes with only their safe node on it and people will use search engines to get nodes addresses with CP on them. If anything, this will give more work and trouble to Google, not OpenBazaar.

I wouldn't put anything past the jerks. But truly, what he's said is not very different from what the Tor Project says. And they're primarily funded by the US government.

And like Tor, it's primarily a framework.

If I were doing it, I'd rather be anonymous. But then, I'm just very cautious.

Anonymous from whom? I think you should keep in mind that once 3 letter agency is on you then you'd rather be as famous as Kim Dotcom. At least then you have a chance of some people or organizations like EFF helping you.

If you're "anonymous" they could just charge you not just for your words in public, but for awful reasons and nobody will stand for you since you're just overall ciminal.

First they'd have to find me. And I don't mean as Mirimir. I'd be easy to find, for a TLA. But other personas, I could make them very hard to deanonymize and locate. I've studied many of the major takedowns over the past decade or so. And they all involved quite obvious failures. I wouldn't speak English, for example, but rather another language that I don't use often,

While this is a fascinating subject in theory, in practice I can't imagine deanonymisation is really that hard for three letter agencies, and to a lesser extent five eyes et al. Especially if you paint a large target on yourself like OP claiming to have monitoring capabilities on his network.

I'm going with the "be famous or be afraid" school of thought of your parent comment.

Ok, let’s look at an example of illegal and immoral. What will you do when people sell child porn on your platform?

I'm not with OpenBazaar, but I believe with how it works it's not possible to do anything. It's decentralized. The government should go after nodes hosting the illegal content.

I'm not a lawyer but I can confirm that there's no more that we can do to control content than Google can for the web or email. We (OB1) follow US law in our services but we have no control of the p2p network.

Well that what happened to the guys behind piratebay. They weren’t responsible for the actual content, but they were still convicted since they made it possible. Right or wrong, sometimes how the tech actually work doesn’t matter.

The piratebay had direct access to their database index and deleting content was as easy as running "delete from torrents where torrent_hash='xyz'". This case is different, there is no way for openbazaar to delete remote nodes hosted by other people. It's like ordering Google to delete content hosted on someone else server, they can remove it from their index but the server would still be online accessible to all.

Well they weren’t convicted because they didn’t delete it, they were convicted because they made it available. The hash is still not the actual content, which were One of their actual argument in their case. Depending on where you live there are serves cases where making things available is criminal. Have ISPs ordered to block domains etc. VPN is illegal in China etc.

> Well they weren’t convicted because they didn’t delete it, they were convicted because they made it available.

They did. The piratebay default search engine allowed people to find illegal content. That's why they got in trouble. If Google Chrome default search engine had CP and drugs on it, they'd get into trouble too. Anyone can use chrome to find CP but Google is ok because they don't enable it by default. As long as OpenBazaar default search engine does not contain anything illegal and forces people to use a different search engine to find illegal stuff, they will not get into trouble.

The law they broke was “assist in copyright infringement”, not that they actually broke “copyright infringement”. The law don’t care about the tech, it’s about the intentions.

The piratebay had a list of most popular keywords directly linking to illegal content. Also their very name _pirate_bay made them a target for bad intent. OpenBazaar doesn't link to or has anything in its name offering or encouraging illegal content. I used to work for isohunt by the way who got shut down by the MPAA and it was because of these details that they lost. If OpenBazaar never links to anything illegal and does not host hashes or any other data of anything illegal, then they'll be fine. Another point is that OpenBazaar is at least so far not profiting from anything illegal such as showing ads on pages featuring illegal content, that was a big point against bittorrent search engines.

Building a system with the specific goal of making it impossible to follow the law does not make it acceptable.

Google can and does delist content, for example in response to copyright violations.

I don't think you're able or willing to delist content right?

You should probably talk to a lawyer, because given what’s been said in this thread alone, you’re never going to be able to argue that you didn’t knowingly facilitate. Love it or hate it, new laws make that problematic even for Google.

I mean, this is damning: Illegality and immorality are different, and - speaking personally - I don't have an issue with the platform used for moral but illegal uses.

A blacksmith knows good and well that his newly forged hammer, meant for building and construction, is also used for destruction and despair.

I'm pretty sure a vanishingly small number of hammers actually get used for destruction and despair, so I would have no problem being involved in hammer production.

It does not just matter that something CAN be used for evil, it matters how likely it WILL be used for evil.

It seems you fully understand op's point!

Why do you think that is damning?

I believe a bunch of legislation has language regarding being "aware" and "knowingly facilitating." Safe harbor goes out the window if you know things are going on and do nothing. How being p2p factors in is beyond my armchair.

Does that apply to software developers as well as service providers? Wouldn't the Tor project get prosecuted into the ground under such legislation?

Because Google isn't aware of pirate/CP search results on their platform?

And SESTA/FOSTA will apply to them too. It's a horrible set of laws.

I too think this statement matters with regards to law. Knowing that your platform can be used nefariously is one thing, being ok with it is another. Once the witch hunt starts it can get tricky fast.

It's obviously damning because it shows that he knows he's potentially facilitating illegal activity.

With this as a stated goal, The world needs a protocol and network for trade that no one company or government controls. That's OpenBazaar... going after the network as a whole doesn’t seem unreasonable. The FBI for example, probably isn’t still in their Atlas Shrugged phase.

How do you go after the network as a whole?

The nice thing about decentralization is that it forces government to be more surgical in their enforcement. State actors have all the tools necessary to identify and target individual bad actors. You have to be a real champion not to leak data or make a mistake over time. Bitcoin, for example, is much harder to hide than cash. In centralized systems it's just easier to be lazy and implement mass surveillance and absolute control - which a lot of people in the community disagree with.

Terrorism for example barely exists, and barely ever existed, but massive apparatuses that infringe on the liberties of billions of people have been implemented in the name of it.

Child porn, chemical/radioactive weapons trading, and assassination requests are the big 3 often cited - but really these too barely exist, and nations have more than enough resources to counter them with precision.

> The FBI for example, probably isn’t still in their Atlas Shrugged phase.

Where can I read about the Objectivist FBI phase?

>The world needs a protocol and network for trade that no one company or government controls.

Strictly speaking, that is marketing hyperbole on their part as the world already has a lot of protocols and networks for trade that no one company or government controls, otherwise stuff like international mail would have problems.

International mail is far from being a distributed system like OpenBazaar.

I would assume that if law enforcement becomes aware of it they buy it and find a way to trace it back to the seller.

Authorities will go after the platform instead of going after the people responsible.

How do you moderate the search engine? In other words, people post illegal items on your platform; how do you prevent those items from showing up on the various search engines?

There is no one search engine in OpenBazaar, that's the beauty of it. Anyone can run a search service returning results that people can see in the client themselves.

Our company (OB1) runs one service, and we do censor those listings and allow people to report illegal or offensive listings. However there are other search engines that choose to censor lightly or not at all, and everyone is free to use whichever search providers (or a combination) that they want.

I'm not super familiar with ipfs, is that sufficient to cover yourself legally speaking? Does the company host any server nodes itself?

We have some bootstrap nodes and some data nodes to help provide redundancy on the network. We can control what content we serve from those nodes. I'm not a lawyer and can't speak to legal concerns.

Currently we have federated search, like BitTorrent, except we have a public standard[1] for allowing anybody to create a search engine that plugs into the client. Every search engine has their own policies and methods for moderation. It's similar to choosing between Google and DDG in your browser.

[1] https://github.com/OpenBazaar/obips/blob/master/obip-0002.md

So if you run an open bazaar server, do you have any control over what content gets federated to your node?

In the case of BitTorrent, you are only serving up what you have specifically downloaded.

So how do you federate the market listings without turning unwitting users into felons?

This isn't a push network, you only cache and rehost the data that you have requested (by visiting another user's page). And if you visit something you don't want to rehost then you can clear the cache.

So yes, users have complete control over what content they are serving.

I don't know how this is implemented in UI's but it seems that this rehosting occurs too easily.

If you visit someone's page and then.. oops its inappropriate.. I have to take quick action now before I get sued (and its easy to make mistakes and overlook something)

I'd rather have an explicit opt-in button 'Rehost' (or something) than having to opt-out by clearing the cache.

Or is this easily configurable already?

Just like you described for BitTorrent. Your node only downloads and serves things you have explicitly downloaded/viewed. You can purge that data if you want but not yet remove only specific content.

the way you describe this (i.e. 'viewed') sounds like an opt-out feature, not an explicit opt-in..

How do you make money if there are no fees?

Why do they need to make money?

In a blog post from a few months ago [1] your organization expressed lament at the (at-the-time) high Bitcoin network fees and the lack of a usable Lightning Network. Now that LN is entering the late stages of beta development and a proper release is imminent, do you have an estimated timeline for BTC LN integration?

[1] https://www.openbazaar.org/blog/openbazaar-bitcoin-fees/

How is integration with Tor? Can nodes be onion services?

Yes, when starting in Tor-mode OpenBazaar creates a new hidden service.

Very cool! It was iffy, the last time I checked. But that was many months ago.

So just as with IPFS, there can be OpenBazaar branches in Tor onion space. But those nodes are only accessible for users in Tor-mode, right? Or are there gateways?

Edit: https://news.bitcoin.com/openbazaar-2-0-beta-launches-with-t...

Clearnet can't see tor but tor can see clearnet.

Hi Sam,

It's a tangential question- What kind of real-world problems do you envisage being solved by blockchain first? ( Ethereum/ Ipfs/)

Also, from an proficient and experienced Software Engineer(with backend /infra side of things), what kind of blockchain-based projects would you find impressive to showcase one's skillset?

Any ideas on how much sales volume there is?

All great, but is there no money to be made? Did you guys build this out of the kindness of your heart?

No money to be made via the protocol itself, true.

But we obviously hope that OpenBazaar becomes widely adopted and we then have a large group of people to sell (optional!) services to.

We (the company I co-founded, OB1) already have a search engine for the network and a verified moderators service that helps people know who to trust on the network. As the network grows there will be other services to offer.

Thanks! Good luck

How does the search engine work ? (I'm interested building a search engine for IPFS)

It's important to note there are plans for the development company behind OpenBazaar to launch a token[0].


It's also important to note that distribution plans are not final so there's no reason to believe money will be made from it.

How do buyers make sure sellers are not scamming them?

There is a system for dispute resolution.

Both parties agree to use a third party, called a moderator, who will settle the dispute if either party is dissatisfied.

The cryptocurrency isn't sent directly to the seller, but it goes into a 2-of-3 multisig account. That requires any two of the parties to release the funds.

Most of the time the buyer and seller are happy and release the funds when the transaction is completed, but if either party is unhappy then they open a dispute and the moderator gets involved. He / she then joins with the winning party to move the funds.

Moderators are very important in the system and it's important that people choose trustworthy ones, so my company OB1 offers a service where we vet moderators so people know who to choose.


you should check on Kleros.io for a real focused startup on that subject

How do you feel about inevitably facilitating assassinations and fentanyl deaths?

By that logic there are literately thousands of people in the chain of "facilitators" from the people who write cell phone operating systems to the auto dealership who sells them a car.

Is it possible to extend and add support for other crypto-currencies ?

Why is the website loading so slow?

Top of Hacker News probably doesn't help much!

We're in process of changing the website over so it wasn't a great time for a big hug. But the website is mostly a marketing tool and a place to download the installer packages. Which you can find here as well:


This headline says it's powered by IPFS, and if the website was hosted there, then the site wouldn't suffer this problem!

It sure would be great if browsers supported ipfs. :P

If you use the IPFS companion extension, then your browser does!

What's the vision and mission of OpenBazaar? Do you think it's going to be significantly scalable and disruptive?

This is great news! I would love to hear comments from

Tim Berners-Lee: Is this the decentralized web he envisioned and was recently complaining that it gets increasingly lost?


Lawrence Lessig: About the legal implications in respect to his book Code is Law.


SamPatt reminds me a lot of Ross Ulbricht[1], the creator of the Silk Road. Ross started silk road using tor and believed this open marketplace to buy and sell anything: drugs, child pornography, guns, bombs, organs, sex workers, etc. would reduce the government's ability to outlaw and let people decide. True Libertarian beliefs.

I would recommend to Sam that he reads American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silkroad [2] and figures out how far he is willing to go for his beliefs. When national actors get involved, your life can become miserable, you will be watched, followed, drug cartels could go after your family to build backdoors in, NSA will go after you to build backdoors in, there is no limit to human evil, corruption and avarice. Be careful man.

[1] https://en.wikipedia.org/wiki/Ross_Ulbricht

[2] https://www.amazon.com/American-Kingpin-Criminal-Mastermind-...

I know it has been ongoing for awhile, but.. just in case.. cloning the repositories anyway, powerful application like this shouldn't be available only on github.

Clone away!

Mirroring or torrenting the packages is also a good idea:


Putting a mirror in IPFS is a good idea, you can update repo directory anytime.

> Once you’ve downloaded OpenBazaar, send an email to jenn [at] ob1.io with your ob:// user profile or store address AND your mailing address and we will send you a few of our OpenBazaar promotional items including stickers, pins and some surprises!

Uhhhh. Isn't that kind of an opsec fail? I mean, you can always re-register a new profile/store, but still?

If linking your address to your store is "an opsec fail", then yes.

If it's not, then no.

There are plenty of businesses that are perfectly happy to let people know their address.

Hey SamPatt, what are the top 3 products being sold on OpenBazaar? Also, does it accept Monero?

Multisig was needed for our escrow and until recently it wasn't in Monero, so it's not integrated yet. Also ideally it would have SPV, but Monero can't do that. But I like Monero and hope it does get integrated eventually.

We can't know what the most popular products are because people can engage in trade without the rest of the network knowing about it. If you download the app and look at search results then play around with the filters, you can make some guesses.

What are your guesses?

The biggest part of the community is cryptocurrency users so I know some of the sales are related to cryptocurrency swag and electronics. There are quite a few artists on there as well. I know one of the biggest sellers on the 1.0 version was a Dutch man who sold homemade waffles.

The website seemed down earlier, and currently its quite slow. Im wondering, if ipfs is distributed then why isnt it able to handle this traffic? Are there more decentralized options?

The website isn't on IPFS yet. A new marketing site published to IPFS is something we want to do but hasn't been a priority (we weren't expecting to have a big influx of traffic).

The application is available on Github[1], and that's the part that uses IPFS.

[1] https://github.com/OpenBazaar/openbazaar-desktop/releases

Congrats! OB is great and openbazaar-go has been a very helpful project for us.

I'm glad to hear this, if you're using OpenBazaar in your project I'd love to hear more about it (you can join our developer calls we hold bi-weekly).

At least a couple of the guys I work with have gotten help from your team on understanding it all. We used it to get https://github.com/textileio/textile-go off the ground. Def not possible with ob-go.

What is it?

I'm wondering what the social network equivelant is to OpenBazaar? Is there one that's as easy to setup and use?

Scuttlebutt is the first one that comes to mind. One of the more popular clients is Patchwork, which can be downloaded here:


Another awesome one is Fritter (a twitter clone), which can be used with the dat protocol and through the Beaker browser. More details here:


Just checked out scuttlebutt. Everything published is public on the network and is immutable. Forever.

Cool project for sure but seems like a bad tech to build a social network on.

I dunno. There's something nice about holding people accountable to past statements. There's also something nice about knowing that "If I hit submit, I'll be stuck with this FOREVER" People tend to be a bit more thoughtful in that scenario. The thoughtless jerks aren't, of course, but there's not much that can be done about them in any social network.

Practically speaking the only thing anyone every _really_ complains about is the inability to edit typos.

Immutable, yes, but you can create encrypted posts. Also, you can set up your own custom network and private pubs if you want.

Mastodon is the closest thing I've seen but I've never tried setting it up.

Mastodon is federated, yes? I think Diaspora is distributed. But I haven't used either in a while.

I think Scuttlebutt mentioned above is also federated as it needs Pub servers.

Also interesting to mention, because distributed like IPFS, is datproject.org and beakerbrowser.com (built on top, decentralized website hosting and browsing). I believe there are some social network projects using Dat as well.. should be on their awesome list on GH. SocialHome.network (federated) is also cool

(note: not equivalents to OpenBazaar, though)

Scuttlebutt is p2p, and pubs are not mandatory but are helpful for replicating messages among users when they are online at different times. Each user could run their own pub if they wanted to, for maximum decentralisation while maintaining the asynchronous replication.

Ah, thanks for clearing that up, cool. I thought they were required when you are in a network with a private IP to reach outside world, because there is no full NAT traversal impl, but wasn't quite sure :)

I just checked and you are correct. It seems that at the moment, peers can only sync directly on a local lan and in order to sync over the internet peers need to join a pub. But that is a technicality that will hopefully be solved in the future. Still, it's not a federated protocol because identities are global and the pubs are only used to improve uptime and availability by replicating messages among users. More on the subject here: https://scuttlebot.io/more/protocols/secure-scuttlebutt.html

Yes it is but I've not seen anyone using Diaspora. If I'm wrong that'd be great but I've not seen anything better than Mastodon with any kind of traction.

There are very few totally distributed applications out there, and no social networks ones that I'm aware that have any traction.

I think Diaspora is the closest:


Anyone that has or is close to having something like that would probably do good to get the voice out there just about now.. Marketing vice, and for anyone that is sitting on the fence to bail other "solutions".

as noted elsewhere in this thread: Scuttlebutt. https://scuttlebutt.nz

Server’s down. Here’s the archive.org snapshot:


It would be nice to use an IPFS mirror. If still no one has mirrored it on IPFS I'll do it when I get home.

Unfortunately, Archive.org does not archive the downloadable installers because of robots.txt. Is there a mirror for these binaries?

Thank you.

This sounds interesting. From what I understand, openbazaar is first a protocol for trade and then a product. So is there any documentation on how can I build something on top of this protocol?

Have you or your team used it to trade anything yet? Would be interested to hear what kinds of things you traded and how the process went.

Apologies if user stories are on your site-- I can't access it atm.

This announcement was made last November, I'm not quite sure why it's resurfacing now (though I welcome it!), but there's been a substantial amount of trade on the platform since it began.

I've been running the swag store and we've sold hundreds of tshirts, pins, stickers, etc. But I always get excited when a merchant reaches out and tells us about the sales they've gotten.

No question that it doesn't even have a small fraction of the users of major platforms, we've got a long way to go. But there have been about 42,000 unique nodes on the network since Nov 2017, and I'm pretty happy with that number. It's a fairly radical proposal to have people run their own store on their own computer, but there are at least that many people in the world willing to do it.

Just wait until the mobile app and the browser client are finished!

I actually missed the announcement in November (despite being very excited about the project) so I'm glad it was re-posted.

Why don't you take fees to support further development?

Disclaimer: not associated with OpenBazaar, just a devil's advocate.

If Alice and Bob were to trade drugs on my website, and I take fees for that commerce, you can bet that law enforcement is knocking on my door very soon.

Note that OpenBazar is not a website. It's open source software you download to your machine and it connects you directly to the network. There is no company or organization running a server that is hosting stores; it's completely distributed.

I'm thinking law enforcement will come knocking whether you take fees or not. Especially with the recent legislation.

Craigslist took down their personals and they don't make any money off of it.

Now we need to make a distributed version of Craigslist.

Most development is sponsored by OB1 (where I work). We have raised money from investors like A16Z, BlueYard, and USV. The project also supports donations. We don't need to skim fees to survive.

Edit: Additionally, the aim is to be an open protocol for trade and not just a product. Fees for using an open protocol don't make much sense.

Does OB1 have a source of income?

Not currently. Now that the base protocol is becoming stable we're going to start focusing on growing and starting for-profit products and services.

What kind of other things are you going to build on the protocol? (If you are able to say so in public yet.)

Public things are that we're working on crypto trading and a mobile app right now. We're also building out some basic reputation services starting with our Verified Moderator program. I'm not a business guy so I can't give you details on possible monetization routes.

What uses do you see for this aside from illegal drugs, cybercrime, terrorism, child porn and human trafficking? Do you feel you're making the world a better place with this project?

I can speak objectively about this because I watch the network every day. Tens of thousands of listings on the network and the vast overwhelming majority are legal and moral. People use it because it's cheaper and more private than alternatives.

There are some illegal drugs on the network. Thus far I haven't seen any evidence of the other stuff you've claimed.

Perhaps it's human nature that people will eventually abuse the technology in that way, but it doesn't mean the technology isn't valuable, and it doesn't mean that the benefits don't outweigh the costs.

This is obviously an age-old debate about new technology, but if we had the mindset that any technology that can be used for evil shouldn't be allowed to exist then we wouldn't have TCP/IP and HTTP and SMS and SMTP, etc.

That's exactly what I think (though I am not 100% sure). The time has came for this IMHO.

Is there a convenient place to see the listings without installing the app?

The app is very easy to download and run:


But if you can't be bothered then there is a search engine as well:


You can search the network at bazaarbay.org

You seriously can't imagine any uses for an online marketplace that aren't illegal??

Have you bought or sold anything online in the last week? Those things could probably be done on OpenBazaar.

> You seriously can't imagine any uses for an online marketplace that aren't illegal??

> Have you bought or sold anything online in the last week? Those things could probably be done on OpenBazaar.

But will they? I don't think that's a fair summary of the criticism. There are already much more convenient alternatives for legally selling goods and services, using currency that's actually effectively currency, without using some command line tool to run a node. I think there are going to be three types of users: 1) people that are using it out mostly out of interest of the technology, 2) people to whom the platform is ideologically interesting i.e. anti-government types, libertarians, anti-corporate types etc., and 3) users that actually benefit from the anonymity and lack of censorship by selling illegal goods or completely avoiding taxes.

I wouldn't be surprised if the last category eventually grows much bigger than the former two. I only hope that it will be mostly illegal goods that don't harm really anyone, like cheap counterfeit consumer crap.

Would you have said the same things about eBay when eBay first launched?

"Who would buy anything on eBay when there are already more convenient alternatives?" ?

I buy almost everything on eBay because of the convenience of having the same search system and user interface for every type of thing I want to buy. I'd love to get a similar user experience without having to trust eBay as the arbiter of every single transaction. For example you can't buy knvives on eBay, so when I want to buy a knife I have to go somewhere else. I bought a number plate for my car on eBay recently (old one was cracked), and it all went fine, but when I went to buy another I found the seller's account had been shut down by eBay, for unspecified reasons. On OpenBazaar that wouldn't be able to happen.

> Would you have said the same things about eBay when eBay first launched?

Not really. I don't know of any much more convenient ways to facilitate auctions that predates eBay. I'm too young, really, to say out of experience how things were before eBay, but personally I went directly from browsing second hand stores and newspaper classifieds to use the local eBay clone which afforded it the additional convenience of only listing local items, but that was eventually bought by eBay as well.

For the general consumer I don't think that trust in eBay or having to go someplace else to buy knives and license plates is enough of an inconvenience to outweigh the inconvenience of trusting your bitcoins to have roughly the same value the day after tomorrow, or having to run a daemon to access listings.

I don't think you're wrong or that you have misplaced your priorities somehow, but I think you'd belong in category 1 and/or 2, and for as long as those aren't representative of the broad public I think services like OpenBazaar will mostly be attractive to those operating in the legal grays and blacks, simply thinking in terms of who's got most to gain from anonymity, lack of governance and untraceable transactions despite their inconveniences.

But let's say it attracts some 10000 (+/- an order of magnitude) privacy-minded cryptoanarchists that are all there because they don't trust sites like eBay or can't find some categories of legitimate items there because of some of eBay's rules. The sheer breadth of items, buyers and sellers afforded by a much more generally convenient site like eBay or CL won't be available to them, and I think that's going to turn a lot of people off that aren't explicitly looking to buy items that are much harder to get elsewhere. Maybe they'll find their knives and license plates but it'll be switchblades and counterfeits respectively.

Disrupting Amazon is as good a reason as any.

The recent SESTA/FOSTA debacle is just one example of why such decentralized networks are needed.

Because we are discussing legality, I want to point out that you just aggregated and published these links, the developers of the OpenBazaar software did not. So if a crime is being committed here, which of you is more likely to be committing it?

Send me a DMCA request, I'll take them offline, like Google and other websites do.

Does OpenBazaar do this? Probably not.

Are all these people anonymous on IPFS?

Probably somewhat because they're behind VPNs or proxies, at least that's what I hope they do if they're offering things like above.

Will this stop law enforcement?

No, it will not: https://www.theregister.co.uk/2017/10/08/vpn_logs_helped_unm...

There's a slim chance you or HN could receive a DMCA takedown notice, but sending OpenBazaar developers such a DMCA notice would be as foolish as sending Google Chrome developers a DMCA notice demanding they delete the comment you posted or the pages you linked to. Would that work?

You should also be informed that DMCA is not relevant to over half of your links. Its target is copyright circumvention, not narcotics sales etc.

The individuals allegedly selling those possibly illegal things could receive legal actions like DMCA and narcotics laws, and even you might for linking to them. But I was not talking about those individuals, only the irony that you are at greater legal risk than the OpenBazaar developers.

Yes because the Silk Road developers were just running a marketplace and bore zero responsibility for how it was being used.

History disproves your disingenuous comments.

This comment seems to suggest that your're unaware of the big difference between OpenBazaar and the Silk Road, which is why you believe my comments about legality are disingenuous and irrelevant.

The most important issue is that OpenBazaar is software and the other was a service based around a website.

Why do you comment so confidently and enthusiastically, when you apparently understand so little?

You should be right imho, but neither you nor antagonist knows how the laws of various countries will eventually rule on OB. Is it a platform or is it just software? ... TBD

zaggynl posts clear evidence that OpenBazaar is being used for illegal and immoral purposes, and instead of addressing his point you snipe irrelevantly about link aggregating.

Heard a lot of news about OpenBazaar. Surprised the homepage design is so, well, confusing! If you guys need any help... :) www.beaver.digital

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact