You can login if you already have an account or register by clicking the button below.
Registering is free and all you need is a username and password. We never ask you for your e-mail.
There's several practical concerns with peer-to-peer. The internet has a bunch of things that make it kinda poor at peer-to-peer for things that need to be fully nonymous and verified. A person can have multiple IP addresses or accounts. An IP address or account can be controlled by multiple people.
When dealing with things like file sharing, this is generally ok- you can focus on the data itself being correct, and prove that with a very small subset of the data. You still run into problems with denial-of-service, but that is at least usually illegal (doesn't make it not happen, but if it were legal the internet would be shut down by the first guy who could profit from doing so), and can end up with parts of the DDOS bot not being as effective as others, etc.
So lets say it was peer-to-peer. I open the program, you open the program, they make a connection- either directly to each other, or through a few peers that pass the message along. You state that you are offering your services as a driver in location A, and I'm looking for a driver in location A. How do you know I'm legit? I could be, for instance, a taxi company looking to waste your time- a bot that generates random requests. You could also be a taxi company looking to waste my time- registering fraudulent drivers to destroy the service. The fact that there's no "central guardian" of this creates a big problem, because there's no one to basically ask the cops to patrol their network. There's also no "trusted agent" in this- someone to validate (and later exclude) me in some fashion if I'm malicious, and certainly no one to do a background check on a driver ahead of time. Also, what prevents an informational type actor from gathering up all the information that network has on every driver and customer? As it is peer to peer, compromised nodes can be used to make some kind of network attack.
Some of these problems could be mitigated, but never really eliminated. If you look at how many peer-to-peer networks were attacked- with spam (fake drivers, fake customers), faked connections, etc., you see a situation where one bad actor can have a disproportionate effect. In the cases of stuff like file sharing, you can at least generally automate the verification and blacklisting to some degree. Maybe that's just a technical problem in cases like this, but I suspect its somewhat of an insurmountable one.
[–]collegetoker0 points
0 points
0 points
(+0|-0)
ago
(edited ago)
Couldn't you resolve this with accounts attached to cryptographic signatures to ensure that users aren't abusing the system? Also if you're using credit cards as the payment method, couldn't you blacklist a card that has been shown to exhibit fraudulent activity? This same principle could be applied even if you are using a payment processor to convert dollars into bitcoin.
As to the first, no. If I can have one anonymous account, I can have hundreds. If I can share one with someone, I could share one with hundreds.
If credit cards are involved, SURE, that would absolutely work. Now you have a central location though, a repository. It's not peer to peer any more. Still, a credit card is unique enough that if you could find a way to use that in a way that was peer to peer without revealing the card info to everyone, like those encryption methods that allow transformations to be applied... hrm. Honestly, there COULD be a way to make this part peer to peer.
As for the code based tech check, I'm sure there's somebody who has a way around that stuff. Your second part seems doable and really great though.
view the rest of the comments →
[–] Vailx ago
There's several practical concerns with peer-to-peer. The internet has a bunch of things that make it kinda poor at peer-to-peer for things that need to be fully nonymous and verified. A person can have multiple IP addresses or accounts. An IP address or account can be controlled by multiple people.
When dealing with things like file sharing, this is generally ok- you can focus on the data itself being correct, and prove that with a very small subset of the data. You still run into problems with denial-of-service, but that is at least usually illegal (doesn't make it not happen, but if it were legal the internet would be shut down by the first guy who could profit from doing so), and can end up with parts of the DDOS bot not being as effective as others, etc.
So lets say it was peer-to-peer. I open the program, you open the program, they make a connection- either directly to each other, or through a few peers that pass the message along. You state that you are offering your services as a driver in location A, and I'm looking for a driver in location A. How do you know I'm legit? I could be, for instance, a taxi company looking to waste your time- a bot that generates random requests. You could also be a taxi company looking to waste my time- registering fraudulent drivers to destroy the service. The fact that there's no "central guardian" of this creates a big problem, because there's no one to basically ask the cops to patrol their network. There's also no "trusted agent" in this- someone to validate (and later exclude) me in some fashion if I'm malicious, and certainly no one to do a background check on a driver ahead of time. Also, what prevents an informational type actor from gathering up all the information that network has on every driver and customer? As it is peer to peer, compromised nodes can be used to make some kind of network attack.
Some of these problems could be mitigated, but never really eliminated. If you look at how many peer-to-peer networks were attacked- with spam (fake drivers, fake customers), faked connections, etc., you see a situation where one bad actor can have a disproportionate effect. In the cases of stuff like file sharing, you can at least generally automate the verification and blacklisting to some degree. Maybe that's just a technical problem in cases like this, but I suspect its somewhat of an insurmountable one.
[–] collegetoker ago (edited ago)
Couldn't you resolve this with accounts attached to cryptographic signatures to ensure that users aren't abusing the system? Also if you're using credit cards as the payment method, couldn't you blacklist a card that has been shown to exhibit fraudulent activity? This same principle could be applied even if you are using a payment processor to convert dollars into bitcoin.
Also, you can check for mock locations (in android), preventing automated abuse.:
[–] Vailx ago
As to the first, no. If I can have one anonymous account, I can have hundreds. If I can share one with someone, I could share one with hundreds.
If credit cards are involved, SURE, that would absolutely work. Now you have a central location though, a repository. It's not peer to peer any more. Still, a credit card is unique enough that if you could find a way to use that in a way that was peer to peer without revealing the card info to everyone, like those encryption methods that allow transformations to be applied... hrm. Honestly, there COULD be a way to make this part peer to peer.
As for the code based tech check, I'm sure there's somebody who has a way around that stuff. Your second part seems doable and really great though.