You are viewing a single comment's thread from:
RE: Steem Bounty System - Milestone #1 (Proposal)
I see a way of easy misuse.
- Someone maliciously posts an emotional bounty "save the whales, world peace, feed the kittens, donate to hurricane Z, etc." You get the picture. There could even be some kind of required task, albeit difficult.
- People upvote and donate. The value of the bounty gets large. Momentum draws more people in to upvote/donate. The creator makes emotional pleas, etc. to garner attention and coin.
- An accomplice does something marginal but nothing spectacular. The "owner", at their discretion, allocates sizable chunks to one or more such accomplices, making money for nothing on the back of good (yet gullible) people.
This system, without 3rd party oversight could be abused. It can very easily be setup to conduct fraud, theft, Ponzi schemes, etc.
In general I like the concept of a bounty system. I think there needs to be more controls designed with malicious parties in mind.
Ah hah ha hah, So you actually saw my Save The Whales article. I assure you, I had no malicious intent.
Overall I see the things you speak of all being things not related to an actual "bounty" program, but more of a crowdfunding platform. Sure some of it may apply, but in these examples, I think the existing safeguards would work just fine.
These are also things you could do right now simply by writing posts. The system proposed above doesn't enable any of this behavior specifically, though it would present it differently.
With all due respect, don't underestimate the minds or influence of professional fraudsters. Just because you don't think they can do it, does not mean they can't find a way. Wetware (people) are much easier to hack than technology.
I agree this is tied to the weaknesses of crowdfunding, which in this case is very similar to the bounty proposal. But there are other aspects, social aspects, which could play into this. In fact, I blogged about some of those earlier today https://steemit.com/security/@mrosenquist/cryptocurrencies-are-a-target-for-cybercriminals-social-platforms-are-next-part-2
Don't get me wrong, I think a bounty program is a really good idea. I just want to make sure we have the appropriate controls in place to reduce the likelihood of abuse AND limit the impact when it does occur. I like an independent 3rd party who make decisions on allocations. The creator, is just that, only creates the bounty. They do not actually allocate the funds.
Taking a page from Steem, why not have a council of witnesses, including a number who are random, that must vote to disposition funds. This might be applicable for any bounties reaching $500 or more. They alone determine if the bounty has been fulfilled and allocate funds. The volunteers also get paid a little for the service. Such a system would be much more difficult for an attacker to setup as they don't control who the witnesses are and therefore can't control the destination of the money. Just an idea.
Apologies, I didn't mean to come off as dismissive at all. I actually wrote that comment in somewhat of a hurry (was leaving the office after a long day).
I agree that it shouldn't be underestimated, and I agree that a group should likely be performed to provide oversight (which is why I mentioned the council idea).
Ideally you're right, a 3rd party who makes decisions would be nice, but the technical complexities of designing the system or the manpower required to operate it are now 10 fold. It's not really a viable option if I were to build the system.
To counter this idea - I plan on using the bounty system create bounties for my projects. I don't want a council deciding anything, I want to be the one deciding. No offense, but you don't know what's best for my projects. If people don't trust me, then they shouldn't apply for my bounties.
I didn't dive into the community driven awarding aspect for these reasons - my feelings towards it are mixed and complicated. Specifically when I tried to break down to create engineering requirements, I couldn't find a system that wasn't a full time job for many people, that scaled, and/or wasn't abusable.
With the way that the simple dispute system written above works - anyone involved in the bounty can stop the automated process requiring manual intervention. This was the cleanest way I could systemize that actually worked.
I would love to see an idea otherwise though that didn't require a ton of effort on either development or the council :)
No apologies needed!!! This is a good discussion.
You bring up an interesting point. I doubt anyone, myself included, would question your bounties. You have contributed so much to Steemit! Your reputation precedes you. Perhaps that is another angle to explore, the reputation of authors. That could be a mitigating factor against fraud, if incorporated into the system. Just a thought.
A council is a high-resource endeavor which introduces other issues. My brain just works in a way to compartmentalized the assets from potentially malicious instigators. There are always tradeoffs.
The goal is to find that elusive 'optimal' balance.
There are only three kinds of people in today's world; People inventing scams, People running scams and People getting caught in scams ! ! !
Wait, I want to be in a fourth group: those constantly maneuvering to avoid scams. :)
Then you have three options ; )
move overseas , get filthy rich , or become a politician . . .
Plz let me know what you decide , I might join you if we can find a " two 4 one " deal : )