Trust scorecard
12/03/22
Reposted from here
We increasingly don’t trust the apps we use - or the ppl/governments that directly or covertly influence them.Decentralization - especially in social media - is rising in popularity. But not all “decentralization” is the same. Here are some Qs to ask:
1/ Account mgmt:
a) How do you create and delete an account? b) where are accounts “stored”? c) Who has power to delete or act on accounts?
2/ Namespace architecture:
a/ Is it one global namespace or different “sub-spaces” (regions, subreddits, groups, etc)? b/ how do usernames work across the above? Do you get to take your username across each space? c) How do renames work?
3/ Moderation Transparency:
a) what transparency do you have on content moderation actions (account suspensions, any algorithmic levers)? b) what is the recourse process if any?
4/ Algorithmic choice:
What options do you have on influencing the various algorithms used (picking algorithms / building your own)?
5/ Client choice:
What options do you have to use different clients/build your own?
6/ Node architecture:
If split across multiple nodes, Node trust+incentives: what is the incentive schemes for various nodes/relays/intermediaries? What are the trust assumptions? How do you resist centralization?
7/ Privacy and data guarantees:
What privacy and data guarantees exist at various levels of the system?
8/ Censorship resistance:
Which actors can censor content and how? (group owners, nodes,…)
9/ Centralization:
Which parts of the service need an opaque centralized service in the middle?
These are not exhaustive - and not even mutually exclusive - but think key to this evolving space as many engineers try and build here.