Increasing trust in the OpenBazaar network
OpenBazaar manages the counter-party risks of online trade with Bitcoin (and soon other cryptocurrencies) using multisignature escrow transactions. The buyer, seller, and a third party ‘moderator’ create an address that requires 2-of-3 signatures to release funds. Once the address is created, the buyer transfers their funds to the multisignature address.
Normally, the funds are released to the seller if the buyer receives the good or service, or the seller can refund the transaction back to the buyer and cancel the order. If the buyer or seller have problems with the order, they can initiate the dispute resolution process. The moderator investigates the situation, and co-signs with the winning party to release the funds.
In the past few weeks we’ve seen some OpenBazaar users fall victim to a collusion attack, whereby the seller and moderator collude (or are in fact the same person) to initiate a dispute immediately after receiving a paid order. The dishonest/sock-puppet moderator then releases the funds to the seller, who fails to deliver the good or service and eventually disappears.
In many ways, this is a ‘micro exit scam’. Fortunately these cases don’t affect all users of OpenBazaar, only those who participated in a transaction with the dishonest moderator. Nevertheless, these types of attacks must be prevented as much as possible.
A moderator reputation system is something we always planned to deploy, but it didn’t make it for the initial launch of OpenBazaar 2.0. While it is now a higher priority feature for 2018, reputation systems are fundamentally lagging indicators.
To take a more active approach to improving the marketplace for moderators in the OpenBazaar network, OB1 is going to be rolling-out a ‘verified moderator’ program immediately.
Verified moderators are users on the network that OB1, and other non-OB1 contributors and developers, are publicly endorsing to be trustworthy, and strongly advise users on the network to set as their default moderators.
The verification requirements are:
- Moderators must associate their OpenBazaar node to other verifiable identities via Keybase. Using Keybase allows moderators to establish provable links to other social media account to signal trust and confidence to users on the network.
- A digitally signed policy statement of their moderation services, digitally signed with their Keybase account. The digitally-signed policy statement will create a fraud-proof of the verified moderator’s dispute resolution policy, availability, out-of-network communication channels etc.
Verified moderators will be preferentially shown in the moderator selection page in the settings of the desktop application and upcoming mobile app.
Step 1: Create a Keybase Identity
The first step in this process is to create a Keybase account (if you don’t have one already) and begin to link to other social media accounts. A Keybase account will create a PGP key for digital signatures that we’re going to use extensively, so ensure that this key is backed-up.
Next, we’ll need to cryptographically associate the OpenBazaar node with the Keybase account. To do this, copy the Peer ID of your node (found in the Home tab of your page).
Head back to Keybase and navigate to ‘Sign’. Paste in the Peer ID with a simple message like ‘I am [insert your Peer ID]’. Type in your passphrase and click ‘sign’.
This will produce a digitally signed message using your Keybase PGP key. Now it’s time to upload this proof to your OpenBazaar node!
Switch back to OpenBazaar and click ‘Customize’ on the Home tab of your store. Go to the ‘About’ section and paste in the Keybase proof generated above.
Scroll down to ‘Links’ and add ‘Keybase’ as a social account with a link to your profile.
Hit ‘Save’, which will publish your changes to the network. In the end, your profile should look something like this:
Anyone can verify that this is you by going to the ‘verify’ page in Keybase, pasting in the proof, and clicking ‘verify’.
Here you should check that the signature is valid, and secondly that the profile link below matches the link in OpenBazaar.
Step 2: Create a Policy Statement
The second major step is to draft a policy statement for moderation services. An excellent template can be found here.
The policy statement should cover things like the terms of service, dispute resolution scenarios (and how you’d solve them), best practices (things you recommend for each party to do before a dispute arises), availability, and off-network communication channels. Having at least one off-network communication method is required.
The link to the policy should be added to the About page of your profile, and must be added the ‘Terms’ section of Moderator settings.
Step 3: Apply
Once you’ve completed steps 1–2, contact us and include a link to your Keybase profile and moderation policy for us to review. OB1 may respond asking for more information from you.
Once the application is reviewed and if approved, the moderator will be added to the list of verified moderators that you’ll be able to see in the app. We’ll also maintain a copy of the list on the OB1 website, Reddit, and Slack. The list will include the link to the Keybase account and the policy statement.
Creating a surety bond will be an optional step when becoming a verified moderator. The bond is fully refundable, provided the moderator’s services are reputable, and covers the period of verification (6 months minimum, with an option to extend).
The purpose of the surety bond is inflict a monetary penalty for dishonest behaviour by a verified moderator, and some degree of renumeration to affected victims.
The bond will be in the form of a 2-of-3 multisignature address, with OB1 and a non-OB1 contributor/developer as co-signers. OB1 will publish on our website our list of partners to be used as the third party for these surety bonds. These individuals do not work for OB1, but are active and long-standing developers or contributors to OpenBazaar.
Lastly, the size of the surety bond will be used to rank verified moderators, which will be represented in the app.
Apply now to become a verified moderator by emailing us.