As a Gitcoin Grants user, I would like to be able to verify my identity on BrightID, so that I can contribute to Sybil Resistence of the application, and be assured that Gitcoin Grants is not sybil attackable. #7125
Comments
|
Some UX thoughts. To make the experience a joy rather than a hassle, we need to prep users to find BrightID-ready communities so they can be verified by the time they're ready to check out. I'm not sure how much of this community finding can be encouraged through the gitcoin UI, but it could be a natural place. Off the top of my head, project pages could display a link to a community gathering spot where BrightID connections can happen, and we could have a one-time, dismissable info message mentioning that BrightID verification can mean extra matching--find out how, so that people can start thinking about it as early as possible. That could lead to an instruction page with lots of tips on how to get verified and links to communities. We could also provide an integrated gitcoin gathering space for meeting other contributors and making connections towards verification. |
|
The API for BrightID has been improving a lot. The docs are not caught up, but I'm working on it. Expect some nice API docs and guides at api.brightid.org soon. Here is a somewhat outdated guide that outlines integration with BrightID and links to another somewhat outdated API spec We still support API v4, but v5 is better, so for gitcoin integration we'll use that. We may end up with the start of a python SDK that comes out of this integration 🎉 . There is the potential to port the entire capability set of the reference mobile app to a web SDK. I think this is ideal and should be our eventual goal, because then no one has to leave the comfort of Gitcoin, but creating the SDK including all the web components, plus figuring out the best way to manage key pairs for users, and doing that in time to actually integrate seems very optimistic for 6-7 weeks given our (BrightID + Gitcoin) resources. |
|
What we will need specifically from the API/SDK/BrightID nodes is:
|
|
ok @adamstallard @PixelantDesign @willsputra here is the lo fi prototype i promised
basically i am proposing adding a then on the grants checkout flow. if you are low trust youll get a little warning that says "warning, you are currently "low" trust score. click here(link to your profile trust tab) to increase your trust score + matching multipler" we can then build in brightID + other services over time into this connection flow feedback? |
|
From a standpoint of keeping out sybils, we need to make sure we don't
create a situation where someone can control multiple accounts to maximize
the bonus: for example, an either-or situation where either BrightID or SMS
gets you the bonus. Then you'd be able to split your fund between two
accounts and verify one with SMS and one with BrightID.
If you allow `m` of `n` methods to suffice, then sybil attacking is
profitable for me if I have some help. If I need to do 2 of the 3 methods
to qualify, I should get a friend to help me, and between the two of us we
can qualify 3 accounts. For example, we could use: 1. Person a's sms +
brightid, 2. person b's sms + twitter, 3. person b's brightid + person a's
twitter to form 3 qualified accounts.
One solution is to allow only BrightID this round.
Another solution is to choose 70% of projects to be eligible for BrightID
bonuses and the other 30% to be eligible for SMS bonuses. This is interesting for A/B testing. We could see
how willing and able people are to get verified with each method.
Yet another solution is require all methods, but that doesn't seem great
because one of the benefits of BrightID is to make it so you don't have to
do SMS verification.
…On Wed, Jul 29, 2020, 3:50 PM Kevin Owocki ***@***.***> wrote:
ok @adamstallard <https://github.com/adamstallard> @PixelantDesign
<https://github.com/PixelantDesign> @willsputra
<https://github.com/willsputra> here is the lo fi prototype i promised
[image: Screen Shot 2020-07-29 at 4 47 31 PM]
<https://user-images.githubusercontent.com/513929/88861462-3f575900-d1bb-11ea-92b0-8cfaa8203971.png>
basically i am proposing adding a /trust tab to the user profile, wherein
users can connect various external services (brightID, twitter, SMS, etc)
and for doing certain actions on the site (send a tip, do a bounty, etc) to
their gitcoin profile to confer more trust. we can algorithmically come up
with a trust score (for now very simply, +1 for each service/action, and
that can translate to low, medium, high on the UI)
then on the grants checkout flow. if you are low trust youll get a little
warning that says "warning, you are currently "low" trust score. click
here(link to your profile trust tab) to increase your trust score +
matching multipler"
we can then build in brightID + other services over time into this
connection flow
feedback?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#7125 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABSHYFVWQBM5W3TR7MBDZLR6CRTNANCNFSM4PDTFWUA>
.
|
|
call notes:
|
|
Ed will work on this from a scopelift perspective. Will sidebar with Adam on the tech stuff. |
|
kevin/adam to sidebar on marketing for this |
One other important note by @UBIpromoter is that we can tell people at checkout that they still have 2(?) weeks to get verified after they've checked out to receive the brightid bonus match for their chosen projects. There are two ways to know if you've been verified for gitcoin specifically--one is from the apps tab on the brightid mobile app (it clearly shows "not verified for this app" next to the app if you're not), the second is on the gitcoin website--it's easy to make a BrightID api call to check a user's verification status and display it. |
|
@adamstallard do you have the list of steps? How many people are required to be considered as verified? I'm showing 3, will is showing 5, we are both unverified. |
We're working on finding a high-confidence method for getting verified. Our best so far is: find a community, make connections, if not yet verified find another community, make connections. |
|
some design drafts cc @PixelantDesign
additional stuff that might be needed:
lemme know if I missed anything! |
|
Awesome! Agree. ....could be something like this: Promo on Gitcoin Grants homepage > take users to do bright ID up front > once verified >get an email> checkout. Hmm, wee really need to do bright ID upfront, even before then grants round starts if possible. |
|
The "additional stuff" you outlined sounds good. There is one step I don't see: linking BrightID to Gitcoin. The way it works is user clicks somewhere (if viewing the site on mobile) or scans a QR with their phone (if viewing the site on desktop) and that opens up the BrightID app and asks them if they want to link their account. This step can be done any time after downloading the app. There's a visual cue that would be helpful. We can show a user whether or not they're verified (by BrightID). I see there's a blue checkmark. There could also be an orange checkmark (or a BrightID logo). I have questions about the screens that maybe @owocki can answer.
|
|
These look really good! I dont have any immediate comments rn; but will fish around for more comments. I agree we need these.
the first and third email are most important i think. |
|
keep an eye on twitter ppl! https://twitter.com/owocki/status/1295419437806313472 |
|
from twitter: https://twitter.com/itspublu/status/1295422251710451713 |
|
So @owocki for round 7, are we stacking bonuses? So you get the maximum bonus if you do both SMS and BrightID? This works, by the way, from the standpoint of punishing sybils because it's AND and not OR to get the max bonus. |
|
For our current meet calls, we have registration pages. (Check out one of the links on https://www.brightid.org/meet .) They will email you reminders and add it to a calendar. It's pretty ok. |
|
I need to think this through first. Feedback welcome
…On Mon, Aug 17, 2020 at 2:34 PM Adam Stallard ***@***.***> wrote:
For our current meet calls, we have registration pages. (Check out one of
the links on https://www.brightid.org/meet .) They will email you
reminders and add it a calendar. It's pretty ok.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#7125 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAD5PCNUFYFHTBJ64KB6NF3SBGH4HANCNFSM4PDTFWUA>
.
_________________________________________
gitcoin is live and has generated over $5mm for Open Source Software - see
our results <https://gitcoin.co/results>
|
i need to think this through: @frankchen07 can i just add a 'bonus multipler' on the contribution object, that you can feed into your grants/clr.py code? |
@adamstallard noted! will add this.
@owocki workin on it :) |
|
some email drafts:
grants thank you email: |
|
Looks good!
…On Tue, Aug 18, 2020 at 8:20 AM William S. Goi ***@***.***> wrote:
some email drafts:
an email to announce Trust Score feature to users
[image: trust score intro]
<https://user-images.githubusercontent.com/19514207/90524619-df901480-e1a0-11ea-9776-3a7c80f3596e.jpg>
some way to inform users that they can verify within X weeks after funding
a grant and still get a match (maybe in the grants thank you email?)
grants thank you email:
[image: contribution success email]
<https://user-images.githubusercontent.com/19514207/90524701-f9315c00-e1a0-11ea-8f9b-7fa83005cad6.jpg>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#7125 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAD5PCKDR6MPJCMOSP5NUOTSBKE3ZANCNFSM4PDTFWUA>
.
_________________________________________
gitcoin is live and has generated over $5mm for Open Source Software - see
our results <https://gitcoin.co/results>
|
|
Hey @owocki @willsputra @PixelantDesign, do we want the "Trust Score" tab to be visible for users viewing someone else's profile, or only for your own profile? |
|
just your own profile for now pls |
|
Here are the flows as we understand it from a product perspective - does this seem accurate to everyone? We do need more clarification on the steps and how many users are required to be considered verified.
|
|
looks right to me; ill let @adamstallard comment on the "how many users required" bit |
We can check to see if they linked BrightID (@wildmolasses and @apbendi know how to check this). If they already have linked their BrightID, we shouldn't send them back to the screen that asks them to download BrightID. To me, the ideal experience for being verified will be
We could skip the making connections with project communities part, but to me it's a side-benefit of BrightID verification that you get to meet other people interested in the same projects / causes. It could be another side benefit if we (Gitcoin) offer to set up regular meets for any project that wants their communities to get to know each other. What do you think? I'm trying to think of ways to make Gitcoin more social, because this helps BrightID verification, and helps it be more integrated. I think everyone wants that in future rounds, so you won't have to install a separate mobile app--the socialization required can happen from Gitcoin. There's also the follow feature which includes a link to start a chat. Did you know you can connect in BrightID by sharing something in a chat? This works for individual or group chats up to 30 people. That could be another integration point. |
|
OK so here is my proposal after our convo this week lets change TrustScore to TrustBonus, and just say that
does that work? this collapses the trustcore and the bonus into one metric, greatyly simplifyin gthings |
I really like the sound of TrustBonus. |
|
Love this @owocki. |
|
@apbendi here is the banner to get users to increase trust bonus. https://www.figma.com/file/GLvOGLbovtU8scAnIHochM/Grants-Round-7?node-id=1%3A2
|
|
what kind of estimate should we provide with the +x% amount? I was thinking of running some scenarios tomorrow to see the effects on average, but it really depends on 3-4 variables. It'll be a bit difficult to control. I was thinking the average of differences of all clr rewards by grants between all unverified and all verified by brightID, which would give us the biggest differences |
depends on the computational complexity of providing the estimate on the fly. i think maybe just +25% if we want to keep it simple. did we ever build the code to pass through the trustscorebonus on the contribution object/profile objects? we could re-use that code path if so |
User Story
As a Gitcoin Grants user, I would like to be able to verify my identity on BrightID, so that I can contribute to Sybil Resistence of the application, and be assured that Gitcoin Grants is not sybil attackable.
Why Is this Needed
Summary:
QF is sybil attackable
BrightID is a solution to that.
Description
Type:
Current Behavior
Only github, SMS auth
Expected Behavior
User is prompted for BrightID Auth when they contribute
A page that shows all the diff levels of verification I can go through (SMS, Github, Twitter, Idena, etc) and shows my sybil score.
Definition of Done
See Above
Data Requirements
comment: # (How will we measure the success of this feature? What kind of tracking is needed for this feature (clicks, impressions, flag)?)
How many users have BrightID? What is their BrightID Score?
Additional Information
Need to confirmw ith Bright ID whether we do this with their SDK or app.
The text was updated successfully, but these errors were encountered: