Front-end Team Evolution Demo Video #1

Unstoppable

Member
Jan 25, 2018
145
64
78
I gather the answer is no, but just to clarify, will a person's contact list be visible to others, whether through viewing their profile, or blockchain analysis, or other methods?

I'm sure many people consider this sensitive information.
 
  • Like
Reactions: xkcd

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
Okay, where to start...
  1. Who can see the metadata about my contacts? Honestly, I would barely use this if anyone can view my contacts. More so with blockchain because it makes deniability impossible.

  2. I assume (guess) you will be using round-robin dns for the DAPI. How are you going to deal with security, especially at a state level, where dns has sometimes been compromised.

  3. Are there practical limits to the number of contacts I can have? Say, for example, I'm a social influencer with 100,000K subs. How do I pay / engage that many people?

  4. Will you extend this to payment codes for other cryptos? I am not suggesting we host multiple chains! But it seems to me, this could easily manage the keys for, say, bitcoin. Usernames that worked with bitcoin (and others) would be a huge deal.

  5. Seems to me, this is going to generate HUGE amounts of network data and storage. Huge hardware requirements, but OTOH, it means MNOs are going to be FILTHY RICH! :-D Will sharding be implemented early on or later?

  6. I still think you need to sit down and think hard about username management. I know they are not free, but name squatting will still be a major issue.
 
  • Like
Reactions: akhavr and xkcd

JGCMiner

Moderator
Jun 8, 2014
364
217
113
The privacy question was answered by one of the devs, Alex Werner, as a response to one of the YouTube comments.

To summarize his response, V1 (beta release) will not have any additional privacy features to keep others from seeing your contacts. Those will come down the road and could take up to a year. Core doesn’t want to delay Evo V1 for another year just for privacy so those who really want these features will have to wait.

Good thing is that the vast vast majority of the mainstream don’t care about privacy. If they did, they wouldn’t constantly be using sites like Facebook. The V1 release will be good enough to begin on-boarding the masses. This will increase the price, which in turn will give us more money in the budget to get features like privacy out the door as fast as possible.
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
The privacy question was answered by one of the devs, Alex Werner, as a response to one of the YouTube comments.

To summarize his response, V1 (beta release) will not have any additional privacy features to keep others from seeing your contacts. Those will come down the road and could take up to a year. Core doesn’t want to delay Evo V1 for another year just for privacy so those who really want these features will have to wait.

Good thing is that the vast vast majority of the mainstream don’t care about privacy. If they did, they wouldn’t constantly be using sites like Facebook. The V1 release will be good enough to begin on-boarding the masses. This will increase the price, which in turn will give us more money in the budget to get features like privacy out the door as fast as possible.
I completely disagree, I think you've completely misjudged public perception for what they care about. Say, for example, you have a regular bank account and you have various monthly payments setup. Would you mind that I can see your contacts as Coinbase, Verizon and democrats.org? Retro-fitting privacy would, in all likelihood, give dash a poor reputation, no less than the dreaded instamine issue that haunts us to this very day.
 

JGCMiner

Moderator
Jun 8, 2014
364
217
113
I completely disagree, I think you've completely misjudged public perception for what they care about. Say, for example, you have a regular bank account and you have various monthly payments setup. Would you mind that I can see your contacts as Coinbase, Verizon and democrats.org? Retro-fitting privacy would, in all likelihood, give dash a poor reputation, no less than the dreaded instamine issue that haunts us to this very day.
Well for one, I didn’t make this decision and that is what is going happen whether you like it or not... so I am not sure why you are attacking me.

Secondly, none of this is linked to your actual identity so the bank account example doesn’t make any sense. It is still just pseudonyms on the blockchain. And nobody is forcing you to use a pseudonym that you have used previously. If you register on the blockchain as ilovepeanuts2915 and have a contact listed as Coinbase, how am I to know that is same person I am responding to now — much less your indenity IRL.

Furthermore, as I said, people don’t have to use this if they are really concerned about privacy. You will not be forced to use Evo. You can wait for better privacy or never use it at all. You can still use the core wallet like you do today, mix, and protect your privacy as you see fit.

However, I think you are very mistaken if you think concern over some entity scraping the blockchain for a pseudonym contact list will slow adoption of Evo — and more wrongheaded if you think Core should delay for a year to please the minority.

It is well understood by most that the vast vast majority perfer convience and ease of use over privacy.
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
Well for one, I didn’t make this decision and that is what is going happen whether you like it or not... so I am not sure why you are attacking me.

Secondly, none of this is linked to your actual identity so the bank account example doesn’t make any sense. It is still just pseudonyms on the blockchain. And nobody is forcing you to use a pseudonym that you have used previously. If you register on the blockchain as ilovepeanuts2915 and have a contact listed as Coinbase, how am I to know that is same person I am responding to now — much less your indenity IRL.

Furthermore, as I said, people don’t have to use this if they are really concerned about privacy. You will not be forced to use Evo. You can wait for better privacy or never use it at all. You can still use the core wallet like you do today, mix, and protect your privacy as you see fit.

However, I think you are very mistaken if you think concern over some entity scraping the blockchain for a pseudonym contact list will slow adoption of Evo — and more wrongheaded if you think Core should delay for a year to please the minority.

It is well understood by most that the vast vast majority perfer convience and ease of use over privacy.
I am disagreeing with you so I'm sorry if it came across as attack. You had said, "Good thing is that the vast vast majority of the mainstream don’t care about privacy.", which I simply take as your opinion, so I countered.

You say none of this is linked to an actual identity but someone like Coinbase will collect KYC, so they will indeed be able to link to other contacts. Keep in mind, it may well be mobile apps that are integrating the DAPI, thus they may well have your phone number, wifi identity, location and more. Yes, users don't have to accept such terms, but what are the realistic alternatives if the app provider is something of a oligopoly?

As for waiting another year, I think that's a distortion of the facts, Core have already taken a significant time to get to this point. Having said that, I don't see how it could take a whole year to add privacy. First, I think it could be achieved within 6 months. And secondly, we could possibly integrate with the Enigma project.

A user could create multiple usernames, but this just exasperates problems i.e. having to manage multiple usernames / emails / passwords, which no one wants.

For me, this is such a significant issue, I will be voting down Core until they resolve this. I say this with the best intentions because I don't want to be spending millions later in PR recovery exercises when we can avoid it now.
 

TroyDASH

Well-known Member
Jul 31, 2015
1,254
797
183
I am disagreeing with you so I'm sorry if it came across as attack. You had said, "Good thing is that the vast vast majority of the mainstream don’t care about privacy.", which I simply take as your opinion, so I countered.

You say none of this is linked to an actual identity but someone like Coinbase will collect KYC, so they will indeed be able to link to other contacts. Keep in mind, it may well be mobile apps that are integrating the DAPI, thus they may well have your phone number, wifi identity, location and more. Yes, users don't have to accept such terms, but what are the realistic alternatives if the app provider is something of a oligopoly?

As for waiting another year, I think that's a distortion of the facts, Core have already taken a significant time to get to this point. Having said that, I don't see how it could take a whole year to add privacy. First, I think it could be achieved within 6 months. And secondly, we could possibly integrate with the Enigma project.

A user could create multiple usernames, but this just exasperates problems i.e. having to manage multiple usernames / emails / passwords, which no one wants.

For me, this is such a significant issue, I will be voting down Core until they resolve this. I say this with the best intentions because I don't want to be spending millions later in PR recovery exercises when we can avoid it now.
You think it could be achieved in 6 months, based on...what?
 

JGCMiner

Moderator
Jun 8, 2014
364
217
113
I am disagreeing with you so I'm sorry if it came across as attack. You had said, "Good thing is that the vast vast majority of the mainstream don’t care about privacy.", which I simply take as your opinion, so I countered.

You say none of this is linked to an actual identity but someone like Coinbase will collect KYC, so they will indeed be able to link to other contacts. Keep in mind, it may well be mobile apps that are integrating the DAPI, thus they may well have your phone number, wifi identity, location and more. Yes, users don't have to accept such terms, but what are the realistic alternatives if the app provider is something of a oligopoly?

As for waiting another year, I think that's a distortion of the facts, Core have already taken a significant time to get to this point. Having said that, I don't see how it could take a whole year to add privacy. First, I think it could be achieved within 6 months. And secondly, we could possibly integrate with the Enigma project.

A user could create multiple usernames, but this just exasperates problems i.e. having to manage multiple usernames / emails / passwords, which no one wants.

For me, this is such a significant issue, I will be voting down Core until they resolve this. I say this with the best intentions because I don't want to be spending millions later in PR recovery exercises when we can avoid it now.
You are well within your rights to vote down Core. A single MNO, be it you or me, can’t sink a proposal so I am not particularly concerned about that. Given the overall excitement about the Evo demo and the general lifting of the communications veil, I seriously doubt Core will have trouble getting proposals approved.

As for identity, Coinbase knows who you are so yes they can data mine you — but so can Facebook and millions upon millions use their service. I stand by my claim that a temporary lack of privacy will not a barrier for Joe Nobody using Evo.

Lastly, a Evo backend dev stated that it could take up to a year to add privacy. I simply reported what he said so I don’t see how I am distorting facts. If you have some ideas to speed things along then you should take that up with Core.
 

jimbursch

Well-known Member
Mar 5, 2017
837
501
163
57
No merchant will want their customer list or vendor list exposed, so this would be a non-starter without privacy.

I feel like we are just speculating until we hear directly from Core on this issue.
 

JGCMiner

Moderator
Jun 8, 2014
364
217
113
No merchant will want their customer list or vendor list exposed, so this would be a non-starter without privacy.

I feel like we are just speculating until we hear directly from Core on this issue.
Feel free to check out the YouTube comments yourself. Alex Werner’s (Evo dev) response is in there.

Maybe your reading of his comment will be different from mine.

Btw, I am not sure why a merchant would care if somebody found out that they are dealing with ilovepeanuts2915, but I won’t rehash a point that I have already made. Also not sure why so many people think that most will use their actual identity (or business name) as a user name in Evo. Some will, most won’t — and in any case, it won’t be easy for a third party to definitively prove (beyond a doubt) that user name “Starbucks” is actually the company or just some rando. (Unless of course they had something on their site stating that this is our Dash user name. )
 
Last edited:

Stealth923

Well-known Member
Foundation Member
Mar 9, 2014
352
404
233
If you are going to use your real name as your evolution username then fine, have a whinge. 99% of people will use some handle like Sweatysocks442, why would I care if I bought dildos under that username when no one can link it to my real identity?

This is a non-issue for MVP launch imo and something we can optimize later on down the track as a nice to have.
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
So what username should a legitimate business use?

And please reflect on how companies like Coinfirm work; they make two-way sharing agreements, which is how they are able to put names to public addresses. Exposed contact lists is handing them a golden opportunity.
 

Stealth923

Well-known Member
Foundation Member
Mar 9, 2014
352
404
233
So what username should a legitimate business use?

And please reflect on how companies like Coinfirm work; they make two-way sharing agreements, which is how they are able to put names to public addresses. Exposed contact lists is handing them a golden opportunity.
Starbucks contact list is exposed and found that a username called sweatysocks442 bought 5 coffees a day. Nobody knows who owns the handle is in real life. What’s the fuss about?

Legitimate businesses can use whatever username they like as long as there is some way to verify its them. Like a merchant verification. Look on eBay, there are real world businesses using heaps of different usernames.
 
  • Like
Reactions: Chuck Williams

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
Starbucks contact list is exposed and found that a username called sweatysocks442 bought 5 coffees a day. Nobody knows who owns the handle is in real life. What’s the fuss about?
No. Starbucks make an app that requires name, number and location; they know who sweatysocks442 is and they make two-way data sharing agreements with other companies; the devil is in the detail.
 
  • Like
Reactions: demo

Stealth923

Well-known Member
Foundation Member
Mar 9, 2014
352
404
233
No. Starbucks make an app that requires name, number and location; they know who sweatysocks442 is and they make two-way data sharing agreements with other companies; the devil is in the detail.
Then that’s up to the customer if they want to release that information to Starbucks. How does that fall on the responsibility of Dash core? Every business asks for different levels of information, if we don’t want to give that info, don’t transact with that business.
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
Then that’s up to the customer if they want to release that information to Starbucks. How does that fall on the responsibility of Dash core? Every business asks for different levels of information, if we don’t want to give that info, don’t transact with that business.
Nope, Starbucks are getting access to your entire contact list. Are you sure your friends will appreciate that?
 
  • Like
Reactions: demo

JGCMiner

Moderator
Jun 8, 2014
364
217
113
Nope, Starbucks are getting access to your entire contact list. Are you sure your friends will appreciate that?
Your Friends List:
FriendsForever1
Dashlover77
.
.
.

A bunch of pseudonyms for which Starbucks has no additional information (unless said user gave them that information willingly in a previous transaction).

I fail to see the problem in terms of releasing the MVP. Privacy is a “nice to have”, but not a “must have” by where Core should delay Evo for months if not a full year.
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
Your Friends List:
FriendsForever1
Dashlover77
.
.
.

A bunch of pseudonyms for which Starbucks has no additional information (unless said user gave them that information willingly in a previous transaction).

I fail to see the problem in terms of releasing the MVP. Privacy is a “nice to have”, but not a “must have” by where Core should delay Evo for months if not a full year.
I went to Starbucks, FriendsForever1 used Lyft and got loyalty points, and Dashlover77 is a New York Red Bulls fan. Google it and you'll see they are all partners, sharing data. Additionally, companies like Coinfirm step in and they make two-way data sharing agreements and datamine the contact lists of all three people, recursively. You involuntary gave out more info than you thought or intended.
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
Behind the scenes, Evo is using a HD wallet, but ask yourself, what is the point of doing so when someone's entire contact list is exposed? I propose then that we also reveal the entire public key hierarchy. I fail to understand how we can justify privacy in one argument (HD wallets), yet glibly hand out info about our friends and our friends friends.
 
  • Like
Reactions: demo

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
Here's a real world example. These days, ShapeShift require a "refund address" for the minority case that a transaction goes wrong. Of course, most of the time the refund address is redundant but they require it anyway. They store that refund address and hand it over to companies like Coinfirm. In turn, Coinfirm track that refund address knowing full well it belongs to you. Perhaps that address is next seen at Starbucks. And so, it's these kind of dirty underhanded tactics that others use, it's a hostile world. Why should we handover that kind of power on a plate?
 
  • Like
Reactions: demo

JGCMiner

Moderator
Jun 8, 2014
364
217
113
I went to Starbucks, FriendsForever1 used Lyft and got loyalty points, and Dashlover77 is a New York Red Bulls fan. Google it and you'll see they are all partners, sharing data. Additionally, companies like Coinfirm step in and they make two-way data sharing agreements and datamine the contact lists of all three people, recursively. You involuntary gave out more info than you thought or intended.
So much of your info is out there anyway with the legacy financial system. This will not be any worse. And even with all the datamining they are still dealing with pseudonyms.

Plus privacy is on the roadmap. In the meantime, if you don’t like it — don’t use it.

Sorry, but you can’t convince me that the MVP should be delayed any number of months for this “issue”.

Good luck swaying others...
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
So much of your info is out there anyway with the legacy financial system. This will not be any worse. And even with all the datamining they are still dealing with pseudonyms.

Plus privacy is on the roadmap. In the meantime, if you don’t like it — don’t use it.

Sorry, but you can’t convince me that the MVP should be delayed any number of months for this “issue”.

Good luck swaying others...
Good to know you don't give a shit about your friends privacy.
 
  • Like
Reactions: demo