Evolution - Social Wallet Discussion

oaxaca

oaxaca

Well-known member
Foundation Member
Users will have a username and password which they use to access the network. The
username will be reserved by using features of DashDrive and the password (812 words) will
be used to create an HD wallet. A primary key will be pulled from this HD wallet, which is used
to retrieve information about the user from the network. All communication with the network is
protected by using these root communication keys.
 
Ok, I think I missed it if someone explained this in one of my many inquiries, LOL. But can anyone explain to me the need to pass out 5 addresses to friends? I mean, I remember it said that payments could also be made to non-friends, by using their next available address. Thus, I feel like this is redundancy and unnecessary. Does it speed things up? Is it safer? Thanks for any info :)
 
TanteStefana said:
Ok, I think I missed it if someone explained this in one of my many inquiries, LOL. But can anyone explain to me the need to pass out 5 addresses to friends? I mean, I remember it said that payments could also be made to non-friends, by using their next available address. Thus, I feel like this is redundancy and unnecessary. Does it speed things up? Is it safer? Thanks for any info :)
Click to expand...

Mainly because you then know who the funds have come from automatically. Generating a fixed number of addresses like that seems like a rough and ready way of getting of the ground, as far as I can see HD wallets should be able to generate any number of receivers addresses from the payers wallet on the fly so it could just be a stepping stone.

I'm really looking forward to seeing where this goes, I really wasn't expecting it :) One thing I don't see mentioned (so far, still reading) is keys to personal data, something like allowing someone to see part of your personal details and the ability to revoke that permission but I'd guess that's the kind of thing that will be fleshed out as the system evolves.

I'd seen IDs as a reversal of the way we use the internet, instead of being an unknown internet user and logging into sites and services we have an ID and sites and services recognise us. Same for personal data, they get details from IDs that we're responsible for rather then trusting each site/service with them, details can still be harvested but the IDs they belong to can be dropped at any time.
 
This does not bode well for parents of the future. Have you made your allowance payment this week? Will they forget about it? Fat chance, "look here mom, I haven't gotten my allowance in two weeks, and you said you'd send me some last week!" " I did sweetheart, you must have spent it" "no, look at my account, no payments in 3 weeks now!"

Yah, I can see it now.... not good.
 
TanteStefana said:
This does not bode well for parents of the future. Have you made your allowance payment this week? Will they forget about it? Fat chance, "look here mom, I haven't gotten my allowance in two weeks, and you said you'd send me some last week!" " I did sweetheart, you must have spent it" "no, look at my account, no payments in 3 weeks now!"

Yah, I can see it now.... not good.
Click to expand...
Dash: Power to the teenagers, LOL!
 
oaxaca said:
Users will have a username and password which they use to access the network. The
username will be reserved by using features of DashDrive and the password (812 words) will
be used to create an HD wallet. A primary key will be pulled from this HD wallet, which is used
to retrieve information about the user from the network. All communication with the network is
protected by using these root communication keys.
Click to expand...

We'll need to support password changes in case of system compromise, so directly generating some of this key material from the password isn't an option. I'm drafting up something that will address this and will post it later.
 
I assume that each user can have an entry called "bob" to pay. There can be hundreds of "bob", but no centralized "bob".
 
oaxaca said:
I assume that each user can have an entry called "bob" to pay. There can be hundreds of "bob", but no centralized "bob".
Click to expand...

Thousands, maybe even millions if there's nothing limiting account creation, high end servers just to run the "Username unavailable" routine and even with limitations it'll quickly get to the "all the good usernames are taken" situation needing names like bob_69765465. How to get around that? Seems facebook could be a case study for it:
http://janrain.com/blog/the-end-of-the-username-landgrab/

Ok, unique user IDs is the term for it and payment addresses are already being used that way, a bad habit but it shows folks are happy enough with a hash for an ID, being able to add an alias to a hash makes it friendly and having that alias available everywhere gives that automagic, high quality experience.

So, quick and anonymous ID creation is covered and Bob stays Bob but how do you find Bob? Where's Bob based? Is it a private or business Bob we're looking for? Male or female? Fields for extra (entirely voluntary) info and it shouldn't be too hard to find Bob if Bob wants to be found or for Bob to be qc10ohbsFL7qI today and 4LeTcuq6ROk5I tomorrow if he doesn't.

Supposing Bob does want to be found then there's a powerful tool available, Bob knows Sue, you know Sue, Bob is only one contact away and right there at the top of the list when you go looking for him. That's assuming Bob is a friend of Sues but what if Bob is on Sues shitlist? Then it gets controversial, ranking from zero up doesn't seem to cause much controversy but a few services that tried negative rankings quickly got a lot of bad press. Why that is depends on how much tinfoil you have on your hat, a network that only allows positive rankings only finds good actors but a network that works both ways also finds the bad ones.

Expand that system and it forms groupings, with location data it could show a map of all the businesses in an area that are run by friends (of friends, of friends) or ones connected with folks you don't want to deal with but it's a prime target for gaming, creating artificially high (or low) rankings so imo it would be best implemented just within the masternode network initially and expanded from there as it will likely need several resets as vulnerabilities are found and fixed and that could be damaging to credibility.
 
Last edited by a moderator:
The question I have is "What is DASH?" Is it digital cash or is it yet another facebook but with tokens? If you can search the system for "the business bob", then we have failed. If you want to pay "the business bob", ask bob for an address.
 
oaxaca said:
The question I have is "What is DASH?" Is it digital cash or is it yet another facebook but with tokens? If you can search the system for "the business bob", then we have failed. If you want to pay "the business bob", ask bob for an address.
Click to expand...

That went through my head when I searched for "all the good usernames are taken problem" and found facebook as a common example and I think it needs to be looked at the other way around, not "what's this system supposed to be?" but "what else can this system do?". Obviously being the best possible implementation of digital cash is first and foremost and imo the DAPI is a great step towards that, no downloads or updating, its just there but that needs a login system of some kind, an ID and what kind of things can be done with an ID that are relevant to digital cash should be considered when implementing that.

Expanding on that, I wouldn't consider a social network outside that scope and would definitely consider trust relevant to it, it might not fit in with the way we see monetary value today but that's more due to bastardisation of the term "value", we place an instinctive value on who we do business with but it has no monetary representation other that the fact we're willing to do business with them. That has been the foundation of many monetary systems in the past, today we treat "value" in a monetary sense as a different word to "value" in a social sense but I see them re-merging as crypto evolves. Ultimately I see the monetary aspect, the "store of value" disappearing altogether and being replaced with contracts for real world things with real world value but that's way off topic for this thread (happy to discuss it in another though).
 
I feel like I'm rereading "Zen and the Art of Motorcycle Maintenance" again. Come to think of it, maybe I should. Excellent discussion of the term "value".

Anyway, these "social" aspects of the project can wait in line as far as I'm concerned. The rock solid foundation has to be concentrated on first.
 
As long as the "social" aspect is completely voluntary and doesn't create a potential risk of hacking, I'm ok with it. I personally will probably never use it (well, maybe I'd use it to send funds to my children??) but I would prefer to send funds anonymously.

My problem is I don't understand the value of some of it. But I am admittedly not an inherently social person. I have few friends, but they're very good, close friends - like family, and family. That's it. I hate facebook, etc... LOL.

So, my question is, how will this make Dash better (and I don't doubt it will)?

My guesses:
1. inviting people into the Dash ecosystem. If it works like Facebook, people would want to join?
2. I suppose, you could share an encrypted key with your friends and send highly secure messages? But we can't afford to store a bunch of messages, so they'd have to be short lived.
3. It could be a way for businesses to advertise their acceptance of Dash?

So I know you all are a lot brighter than I am, what do you think this could do for Dash?

I posted this elsewhere, but I would like to have at least 2FA of some sort. I guess the theory is to have 2 out of 3:

Something you know (like a password)
Something you have (like your phone or a key)
Something you are (like a finger print or retina scan)

And I did notice there is an open sourced iris scanner, and since just about every device has a camera, we could possibly utilize this?
http://projectiris.co.uk/ or https://github.com/bernii/IrisRecognition and I'm sure there are others.

Question is, how easy is it to fake these with a photograph?

Apparently, it can be done, but at a personal level, it's definitely cost prohibitive.
http://www.wired.com/2012/07/reverse-engineering-iris-scans/

Also, if the data is encrypted to the person's file (and you first have to know the passphrase) it can be quite a help in securing funds :)
 
Last edited by a moderator:
I'm going to cross post this message from Evan here as it's relevant:

-----------------------------------------------------------------------------

[quote author=eduffield link=topic=421615.msg13205318#msg13205318 date=1449759224]
[quote author=TanteStefana2 link=topic=421615.msg13203199#msg13203199 date=1449741813]Oh, and regarding "chat" (or I prefer messaging), I can see it being used, especially in partner situations, for discussing and coordinating payments among other things, and if it can be a tunneled, encrypted connection that is never recorded by a 3rd party, it could be a great tool, only face to face would be better!
[/quote]

I was more thinking we should support encrypted JSON blobs being sent to your friends within the network. This allows the clients to actually talk to each other directly and decide what they implement on the client side.

Something like this:

encrypted
{'type' : 'message', 'data-from' : '@user2', 'text' : 'hello'}

The first use of this I see is allowing you, as a client on the network to send your friends messages like:

{'type' : 'next-use-pubkey', 'data-from' : '@user2', 'pubkey' : 'Xaddr3'}

This would tell your friend, "use this address for the next payment". So you can imagine all of the things we can do with a system like that, we could have different wallets that support various advanced functionality.

For example, private chatting and group chatting become really easy. Or how about a command to implementing a whole new window in the wallet? I can think of a million things we could do with it

- Negotiating multi-sig transactions, through the network!
- Creating a fiat/dash "local bitcoins" market within the currency itself
- Negotiating an arbitrated transaction between parties
- Sending a "friend" deliverables for a contract

All of these things can simply occupy new command "types" within this transport layer.

[/quote]
 
eduffield

What is the shelf life of messages? I'd hate to see the Dashdrive clogged up with these.
1 day?
1 week?
Configurable duration option in settings?
 
TanteStefana said:
As long as the "social" aspect is completely voluntary and doesn't create a potential risk of hacking, I'm ok with it. I personally will probably never use it (well, maybe I'd use it to send funds to my children??) but I would prefer to send funds anonymously.

My problem is I don't understand the value of some of it. But I am admittedly not an inherently social person. I have few friends, but they're very good, close friends - like family, and family. That's it. I hate facebook, etc... LOL.

So, my question is, how will this make Dash better (and I don't doubt it will)?
Click to expand...

Well, yeah, at first I though it would be a major privacy risk with no benefits. But my guess is that we want to make Dash more organization or family-friendly, so we need an easy way to set up shared accounts or configurable permission wallets. The users must establish a trust relationship with each other, and you can't establish a relationship with a disposable receive address (maybe?), so I think that's what personas are for.

Evan already said you can create alternate personas for different purposes, and you can still send money anonymously. I just don't get why we need an email, since there are already plans for a messaging system in the protocol.
 
I think those things, like emails are voluntary, and not necessary to use the system. I hope so at least :)
 
Some questions:

1. A user connects to the wallet via wallet/dapi.dash.org This subdomain distributes requests over masternodes in a round robin fashion. In a home or company network, it's quite easy to put up a fake DNS server and redirect the user to a tampered wallet, which grabs your HD wallet passphrase and steals your funds. This is not fixable via a SSL certificate, since all masternodes would have to have the private certificate key and it would be public. Any solution to this issue?

2. Is the data provided by the masternode to the browser wallet encrypted and then locally decrypted in the browser with the HD wallet passphrase?

3. Friends etc. are stored on DAPi drive. In the form of single files or as a database which is magically synced across 5 nodes?

Best,
Rango
 
rango said:
Some questions:

1. A user connects to the wallet via wallet/dapi.dash.org This subdomain distributes requests over masternodes in a round robin fashion. In a home or company network, it's quite easy to put up a fake DNS server and redirect the user to a tampered wallet, which grabs your HD wallet passphrase and steals your funds. This is not fixable via a SSL certificate, since all masternodes would have to have the private certificate key and it would be public. Any solution to this issue?

2. Is the data provided by the masternode to the browser wallet encrypted and then locally decrypted in the browser with the HD wallet passphrase?

3. Friends etc. are stored on DAPi drive. In the form of single files or as a database which is magically synced across 5 nodes?

Best,
Rango
Click to expand...


1. The wallets (Dashpay) are separate to the network protocol (dapi). For example DashPay, would be written by someone and distributed directly to our users. Dashpay then takes the seed and uses it locally only to seed the funds and get all possible addresses. So there's no way to actually redirect a user to hacked wallet using DNS.

2. The client will use the HD wallet to get 1 key, which is used for encryption/decryption. Not the seed though.

3. Friends are stored in your user profile, which is magically synced across 5 nodes
 
Great, got it Evan. So we can have these types of wallets:
1. Desktop wallet/mobile app/payment terminal connecting to DAPI
2. If you trust a site: Browser javascript wallets hosted by anybody (doing cross domain AJAX requests to DAPI)

The proposed social features sound awesome to me, although we can't be sure whether this feature really important for the enduser (nickname yes, friendlist: unsure). But i suppose you set the priorities in such a way that we have a functional DAPI to allow 3rd party app connections first and then go down the road with the social features.

Will there still be mixing of blockchain transactions? From what you told, the anonymity is delivered by connecting with a app to DAPI (random masternode => asking quorum for results). This should be sufficient even without mixing. What about the masternode which gets the first request? This one sees your client IP and also sees one request you do. If you click around in your wallet, you easily send requests to about 100 masternodes (e.g. gettx XXX or getbalance XXX). So even with a few malicious logging masternodes, there is a high probability to catch requests and log the IP address. Of course, VPN is the solution to everything, but not really something for a nontech enduser.
 
You must log in or register to reply here.
Back
Top