SteemFlagRewards Project Update: Web Application Development Intro
Repository:
https://github.com/anthonyadavisii/steemflagrewards
Overview:
This post is intended to convey the technical requirements and design considerations for the planning of the @steemflagrewards web application. The intent of the development of this application is to streamline the flag approval process from the existing process on the SFR Discord.
Vision:
For the purposes of demonstration, I have created the below GIF of a Google Sheets spreadsheet to illustrate the general idea of the interface. Please, note that we do not plan on using Google Sheets for the actual web app.
As you may see, I have outlined the process our moderators would follow to approve a @steemflagrewards flag mention comment to be processed by our bot for upvotes and / or beneficiary post rewards via our system to provide a return on investment for legitimate downvotes against abuse on the platform.
In the above, I had reviewed the content that @flugschwein flagged and approved the mention comment against the abuser as vote farming. The SFR definition of vote farming is as follows:
vote farming
You're churning out content (often low quality), in quick successions with abnormal number and/or upvote size.
After reviewing the flagged content and observing the @steemcleaners comment assenting to the category of abuse, I believe we have reasonable evidence to approve the mention for processing.
However, I could have gone a step further and reviewed the abusers blog which would have been helpful but it is not really necessary in the event of corroborating evidence.
Or I was just being a little lazy. ¯_(ツ)_/¯
Here is the basic process flow.
So, far, we have our abuse fighting colleague and witness @pjau assisting with the database work and he has created the initial tables for our users and the flag mention queue. We will have an additional table for the bot queue for approved mentions and one for flag mentions that the bot has processed.
Let's talk about integrating this into the web front end
Layout:
For the record, I am not a web designer so my knowledge on this topic is limited but I do have experience in sustaining web servers so I do know things at a surface level. Below is a graphic that I created to provide a general idea for the user interface page layout.
Views:
I have two functional views in mind for the site so far but there is really a world of possibilities. Once the initial site is stood up, it should be rather trivial to add additional view for more advanced functionality to include abuse metrics, analysis, and statistics. The views are as follows:
- Flag Approval View (View for Mods and Admins to approve mentions)
- Abuse Fighter View (Read only view of abuse posts with pending rewards)
Additional Front End Considerations
In this section, I will state additional considerations to include that of information security and "Nice to Have" items. As the approval process will be tracking the moderator doing the approvals, the integrity of their identity is essential for accountability of the respective approval.
SteemConnect 2 Integration
Let's just suppose one of our mods decides to go rogue and beging collaborating with abusers to create a "false flag" situation. In other words, they coordinate with the abusers to manufacture abuse in order to flag it for rewards. We've discussed this matter before internally and I will not divulge specifics on how this attack could be leveraged.
All in all, such a compromise would likely be more effort than it's worth due to the time required for the attacker in building the trust to be granted authorization to approve flags and our bots Steem Power is a scant 11k Steem Power. I trust our mods and don't think we need to worry about this currently but it's good to be aware of any potential vectors that could be used to compromise the efficacy of the project.
With the SC integration, we could pair the SFR web app user account to their respective Steem account via a custom JSON operation. This way we have an audit trail that we can track back to an operation that is signed with the private key of said user. In the IT security world, digital signatures are the means by which non-repudiation is achieved. This means that the user cannot reasonably repudiate or claim the transaction was not performed with their account.
For example, let's say an employee, Bob, sends a digitally signed email to their bosses distribution list telling them all to go eat a shit sandwich but changed his mind after they hit send. Let's just say they sort of pulled a "Scarface" from this scene in the movie Half-Baked but via a mass email.
Now, Bob's knows he is in trouble because of his unfortunate email and is now confronted by his fuming supervisors. Well, Bob is going to try to backpeddle a little bit and insist that he did not send that email and that it must have been a hacker.
Well, Steve from IT just isn't having it as he knows what that digital signature entails. He calls bullshit because he knows that for another entity to sign that email requires Bob's private key. If that was compromised, we likely have bigger security issues than a hoax nastygram.
Digitally signed email in outlook
Most organization with any degree of security competency have two factor authentication in place. Bob would need to have not safeguarded his physical token and passphrase (or biometric) for the hacker to send an email spoofing Bob's identity. Either way, Bob would be in deep water. With non-repudation achieved, probably better to just own up to the email and maybe beg for forgiveness if they want to keep their job. Good luck with HR!
Coming back from my security tangent
Having the custom JSON operation can be used to reasonably assert proof of ownership of a SFR mod account which can be used to hold anyone's feet to the fire in the event of impropriety in our approval process. Do I think we need this initially? Probably not but it will be something we will want to work towards.
Python Web Framework
As most of the SFR Dev Contributors are versed in Python and we have well maintained library with Beem(by witness @holger80), it may be good for us to work with a Python-based web framework such as Django or Flask. Think this would fall under a "Nice to Have" as I know some of our friends in the abuse fighting community work with JavaScript instead. Unless there is a compelling reason for us to move to JS, I would prefer we stick to Python which will make make it easier to maintain.
Conclusion:
I hope that what I have laid out here is sufficient for my colleagues and I to work together to make the vision a reality. I'm sure we will think of more good ideas as we move forward but this should provide a basis. Looking forward to developing this website, application and pave the way for our future abuse fighters Smart Media Token.
Bigger picture is that we are building a foundation to improve the human powered self-moderation feature we provide the Steem blockchain via SteemFlagRewards. To those that see the value this provides Steem as a blogging platform and see the future potential of this project, you have our sincere thanks. Our biggest shortfall is in the form of Steem Power delegations so please consider supporting especially if you use our service.
Future updates planned in this series are:
- "SteemFlagRewards Project Update: Web App Database Buildout" (Documenting the build process of the database and ideally the steps to replicate)
- "SteemFlagRewards Project Update: Web App Front End Integration" (Document standing up the front end ...)
- "SteemFlagRewards Project Update: Web App Bot Adaptation" (Document redesigning the Python / Beem Bot flag mention processing.)
P.S.: This is a community project intended to enrich the Steem blockchain. Although I possess the SFR keys, I have no intention of ever powering down the account so, if you desire to invest in the platform for the long-term, consider "investing" in what we do. Our bot helps build the abuse fighting community.
Hey @anthonyadavisii, thank you for contributing to the anti abuse initiative.
Until now you already put lots of work into Steemflagrewards and the now introduced web application will improve the project significantly. Also the moderators will profit from the better work flow through this web application.
I really liked how you visualized digital signatures with your example of the email about the sandwich. This makes it easy for average users to understand the working of your planned application.
If you could try to stay more focussed on the post's topic in the future your contributions will be nearly perfect. It seems like sandwiches got a little bit too much attention instead of the web application.
Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.
To view those questions and the relevant answers related to your post, click here.
Need help? Write a ticket on https://support.utopian.io/.
Chat with us on Discord.
[utopian-moderator]
Thanks for the thoughtful review, @naturicia.
Yeah I was fully aware that I was going on one helluva tangent with the sandwich bit but wasn't so sure if it was an entertaining diversion or an irrelevant distraction. I was banking on the former but I hear you LC. Will try to stick to the topic but do think it's a good idea to try to throw in a little spice... But just like anything, the key is moderation!
Thank you for your review, @naturicia! Keep up the good work!
The future looks promising. Thanks for the visuals :D
This post has received a $16.76 % upvote from @siditech thanks to: @isacoin.
Here's a banana!
I will be super excited to see this roll out! Wow we have been fighting with bot upgrades since day one. Maybe this will remove that problem?
Yes, I think so. The less dependencies to discord the better.
This is one of the best initiatives at Steem Blockchain. Keep the good work up!
Posted using Partiko iOS
Hey, @anthonyadavisii!
Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!
Get higher incentives and support Utopian.io!
Simply set @utopian.pay as a 5% (or higher) payout beneficiary on your contribution post (via SteemPlus or Steeditor).
Want to chat? Join us on Discord https://discord.gg/h52nFrV.
Vote for Utopian Witness!
Congratulations,
you just received a 12.63% upvote from @steemhq - Community Bot!
Wanna join and receive free upvotes yourself?
Vote for
steemhq.witnesson Steemit or directly on SteemConnect and join the Community Witness.This service was brought to you by SteemHQ.com
Hi, @anthonyadavisii!
You just got a 7.53% upvote from SteemPlus!
To get higher upvotes, earn more SteemPlus Points (SPP). On your Steemit wallet, check your SPP balance and click on "How to earn SPP?" to find out all the ways to earn.
If you're not using SteemPlus yet, please check our last posts in here to see the many ways in which SteemPlus can improve your Steem experience on Steemit and Busy.
Congratulations @anthonyadavisii! You received a personal award!
Click here to view your Board of Honor
Congratulations @anthonyadavisii! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :
Click here to view your Board of Honor
If you no longer want to receive notifications, reply to this comment with the word
STOPCongratulations @anthonyadavisii! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :
Click here to view your Board of Honor
If you no longer want to receive notifications, reply to this comment with the word
STOP