Add negative score for protocol violations #260
Comments
|
So if you get a negative reputation score, you just need to delete your keys to go back up to zero? |
|
Yes if you use altcoins we cannot do too much. For Fiat you need a new payment accout as the account witness get linked to the score. But you cannot have both: positive reputation by the number of trades you did with a user AND avoiding negative reputation by renewing the onion (or later reputation key). |
|
I would prefer not to have this measure implemented because it gives more power to mediators, is bad for privacy and only has a slight effect on fiat trades, but almost only on fiat BTC buyers (sellers don't have trading limits to be lifted).
2 years ago we had about 8% of disputes (all of them going to arbitration, as there was no mediation) #52 (comment). Now we have less than 1% of disputes going to arbitration. Of it, at least 30% are on the "no protocol violations" category. I think these are pretty good numbers. Let's talk about incentives, which is what Bisq should be relying mostly on, instead of reputation: |
Fully agree. Maybe Bisq could allow both low and high security deposits, then just highlight the offers with higher deposits in the overview? Maybe sort them closer to the top, or mark them as safer / lower risk? This would incentivize takers to prefer them, and sellers to offer them, while still not alienating those who prefer smaller deposits. |
|
There is already AccountAgeWitness and SignedWitness that carry reputation and reduce privacy. They are rather neutral though, just a timestamped hash and the other a sign if the trade went through as expected. Adding another reputation system with more bias to it is something I would rather avoid. As @cd2357 says, improving the UI could probably help users assess risks better and reduce the cases going to refund agent more in line with Bisq's philosophy. I would like to try this before any new reputation system. The problem is that we don't really have any developer working on UI improvements right now, but perhaps even small changes here could have some serious impact. |
|
I agree with the concerns. Lets focus then first on improvements in various areas. Dispute agents need to act more according to clear guildelines. There are too many cases where not responding traders get back their deposit. I don't understand why, that is destroying the incentive structure of the security deposit if you get it back even in severe protocol violations. |
|
From the role reports from mediators I estimate we have about 70 mediation cases per month. So that would be about 630 cases 2020. Related to the 26 000 trades of 2020 would be a 2.4 % rate, which is not that bad and a decrease from the 8% posted in #52 (comment) . Those numbers are rough and should only serve as guideline. With improved reporting we should manage to draw better conclusions and find out what is most effective to bring the numbers further down. EDIT: Udated numbers from roles reports, initial estimation was way too high |
That's good to hear. I had fears that as opening mediation is kind of easy, people was abusing of it and it could be over 8%. I'm quite sure that removing the mediation button when trading period is still running reduced that % a lot. |
|
How about when viewing available offers you can see a 'trading score'. This would be based on successful trades a user has completed with that payment method. +1 for every successful transaction If a case goes to mediation the mediators could then take off points eg: -1 Minor trade violation (eg 2 days late with payment) Number of blocks could also be used? Number of people live on the network that have blocked the peers onion address. If a trader has a positive reputation they are more invested in the platform and have more to lose., and would be less likely to just delete account and start again. Alternatives would be some sort of percentage based on the above or similar. Users of Bisq would benefit not just from ascertaining risk, but also what users are good counter parties to trade with. |
|
@pazza83 A +100 reputation score could be done by self trading in the bad scenario, and a signal for agencies to accept an offer from this trader to investigate him in the worst. Bitcoin doesn't have a reputation system for the same reasons I think Bisq should not have one either. |
|
I did not think of the privacy concerns reputation could cause. Good point. |
YES to this. Stats on successful trades. Stats on unsuccessful ones that incurred violations and just number of them e.g. minor, significant, major. Security deposits are BS and ineffectual, the fact you can't set it at what you want for each trading party e.g. over 50% for myself (flagging I am trustworthy) is comically inept. I'm sorry why are we not giving the users more choice, ability to do so? I think the proposed reputation key breakdown is helpful, thus there is the choice about privacy or reputation with account. Of course someone could self-trade 1,000 times and then do a bad trade/scam. Besides buying BSQ to do so / paying fee's with BTC... So? Have comments to that effect advising of the possibility. But at least folks can be more discerning, and keep that in mind! More stats on trading account is better than less imo. After that account gets a "Major" violation on it, then likely has to start all again. I don't think there necessairly needs to be a points system involved in terms of keeping some overall score, but indicating the stats of no. of trades, and then violations A trade disputes, B meditators, C arbitrations, X minor, Y significant, Z major violations. |
|
Hi @Conza88 Its seems that my proposal above did not take into account privacy. Any positive reputation score indicts that a trader has completed multiple trade successfully. Whilst this is good for the trader and for other users, it does give away privacy info. For example if someone is trading on a market where buying / selling Bitcoin is illegal then law enforcement could use a positive reputation system to target a trader and build a case against them. I think that is why a negative score is more useful as it only showing occasions where something has gone wrong. The problem seems to be who would want to trade with a negative reputation? It would be easier to just start again. Maybe this is a good deterrent but it is to be decided? |
To avoid that it requires some "scarce resource" like the bank account. |
|
Thanks, I am not clear if your proposal would apply the negative score to an individual payment method or to all payment methods associated with the users onion address? |
Yes a combination of both would be best. But not thought out in details yet... |
|
Ok, A few thoughts I had where: New users New users are more likely to make errors when trading on Bisq. Usually not following trade protocol correctly or from having a problem with a payment method. This happens pretty frequently. If the problems they have prevent them completing the trade correctly then generally they will lose some of their security deposit. This seem fair to me, and likely fair to the new user who will quickly understand the trade protocol to avoid loses in future transactions. However to add an additional punishment of a negative trade score seems a little like a double punishment that would risk disheartening new users from continuing to use Bisq. Accounts that become restricted Occasionally payment accounts ask for additional information regarding reasons for a payment. When they do this they usually put all funds into and out of the account on hold. This means there is a risk of a trader being unable to complete trades in progress, leading to all potential security deposit penalties on all in progress Bisq trades with that payment method. Again the penalty of a negative score being applied to a whole onion address in this instance seems a little harsh as the trader will have already lost security deposit funds. I think a negative score on the payment account would be fair. Payment accounts experimentation Both buyers and sellers may wish to experiment with new payment methods. I think they should be able to do so without risking a negative score being applied to their whole account. For example is a new user would like to buy with TransferWise they may be less likely do so so if they know a mistake in the account set up process might mean that they receive a negative score on their whole account.
If this happens that would be great. But the violations you mention could be honest mistakes and it must be hard for Bisq mediators to judge what is honest and what isn't For example; option trades, not responding trader, using a different name as stated in the payment account, etc For this reason I think applying a negative score regardless of reason would be fairer. I think there is a balance between reducing trades going to mediation by giving negative scores, and encouraging people to use Bisq, use Bisq more frequently, and to use Bisq with multiple payment methods. |
Yes, that was not intended. Only for behaviour which can be interpreeted as bad intentions or not responding. Honest mistakes should not be punished. We rather should work to improve UX to avoid those mistakes.
Same here. I would even not take away security deposit for bank problems.
We have a tool in place to detect that. Mediators get the info if the trade might be an option trade (e.g. calculate if canceling trade is profitable, if so its suspect to be an option trade). I think that probem has been decreased over the past months also because sec. deposit gets estimated based on past volatility.
I think that is really a main problem still. Might be a UX problem in some cases, that new users dont understand that they have to be online but that is one of the bigger issues and I would suggest that justifies a negative score. Such a score is not binary anyway, so one issue will not have that much weight, we could fade it out even over time. Probably its better atm to invest our efforts in improving the UX to reduce the cases. And if we see there are some problem cases which do not go away we can think into that tool/idea again. |
Starting again can at least signal for traders to be cautious. Possibly costs some BSQ to renew onion address? Or wipe 'trade score' negative? /weak throw out there suggestions. I do think the above focus on 'payment method' as opposed to tarring the whole user is interesting. Definitely agree any 'punishment' should only be on dishonest/fraudulent etc. actions. Hard to determine, yes. So maybe it's just mods/arbitrator's making that call? But consistency? Perhaps options indicating the 'type' of 'negative trade score' e.g. new. Maybe its just the number of negative's... but the AGE of the account kind of gives a proper perspective... WITHOUT breaching privacy stuff e.g. +1,000 trades and thus subject to target by authorities (possibly).
The "portfolio" notification needs some work imo. Always on, have to go to the screen specifically with open trades... and only then see a notification of trader chat. |
|
With AccountAgeWitnes, how about adding number of trades (+5 to +20 to +50 and finally +100). Those numbers can count as a rating system, even if the trader is doing protocol violations only this portfolio will know. But this protocol system that are issue there only work for takers. If you are a maker you can't choose or not to make trade with low account age. So i don't think Bisq users want to change this. To add a score protocol violation mean add another feature to accept or not a trade, regardless if you are a taker or maker. |
|
I think this is best avoided as it caused issues with privacy. Easy for someone to know how many trades someone has completed with a various payment account. If you were living in a country where the authorities were, or could in the future, crack down on p2p BTC trading then having evidence on Bisq as to how many trades have been completed would be a risk. |
|
@pazza83 Add account age with a metric that goes from +5 to +100 doesn't issue the privacy, the privacy breacher need to attach info and know who behind each bisq address. So the only method that exist at this point is to trade before hand with the address and know those infos. He has to join on one side of the trade. And an very old aging address with +5 mean a lot (again if you are a taker). So people can manage risk. When authoritys have laptop and password there no protection against privacy. Maybe i lossing a spot there how an attacker can crack p2p services if they are encrypted ? |
|
Not sure if we are getting wires crossed. For example using number of trades as a scoring system:
|
|
The same argument goes for all Bisq address, for privacy breach financial authorities or other attackers they need to perform a trade and get all informations related to the Bisq address. It require an amount of time to collect those info and with discretion. So if a privacy breacher need to attack Bisq accounts he just have to wait and see all interesting Bisq offers with old aging address if possible, the breacher has to make trade to collect those info. This breacher become a bisq trader even if he has bad motives. He need to give away this info. So its classic risk no privacy risk. The only way to have a privacy risk is to attach a separate metric with account aging like a central rate score. But bisq doesn't work this way so it's pretty safe. The only scenario i see is if this happen outside of Bisq. The attacker can connect to an address, like those bank account info to a crypto address that the only way. So for this scenario of privacy breach the attacker need to perform trade in Bisq and connect dot, that require a lot of resources and discretion on community driven project. |
We had about 26 000 trades 2020 and about 165 disputes at refund agent level. This is about 0.6% chance for a dispute per trade. This is not that bad but we need to get the number still much lower.
60-70% of the refund agent cases are protocol violations like buyer not paying (option trade) using incorrect bank details (account name not matching) or one of the traders is not responding. The increase of the security deposit did not had the intended effect and we cannot increase it further without causing collateral damage to the large group of honest traders.
One old idea to deal with that problem is to add a negative score system and let traders decide if they want to trade with users who had previous protocol violations. There can be a scale of severity and the user could decide to accept light violations but not stronger ones.
Such negative score would only be applied for clear violations not for honest mistakes of problems. Sure there will be a grey area but we know already that quite a large percentage are clear violations and those we want to target.
The mediators and arbitrator would automatically broadcast the score based on the dispute result. It would be attached to the account age witness (fiat) as well as the onion address. For altcoins it might has less effect as it is easier to change the onion address, but if so the user would also lose his local reputation.
The score can have a time stamp and there could be a decay function so that old violations fade out over time.
Details have to be worked out but a basic idea would be as follows:
Option trade: score 5
Not responding trader: score 4
Using a different name as stated in the payment account: score 3
The scores add up and have a decay so that after 1 year are have been faded out. E.g. after 6 months they count only 50%.
The user can decide in the settings what is his accepted max score to trade with. Default I would suggest a score < 5 but the user can change it to any value. Makers who have a score larger then what the user has set would be filtered out.
The local reputation is atm bound to the onion address. We should change that to a new dedicated key pair. This would allow more flexibility so users can decide to use that as identity (to build up reputation) or to not use it at all (for more privacy). They can renew it any time without other dependencies. The score should be bound then to that reputation key. An altcoin trader could avoid getting negative score by renewing the reputation key all the time (and changing onion addresses) but that would come with the cost that he has no reputation.
The text was updated successfully, but these errors were encountered: