[PG WG Proposal] Crypto Twitter login with ENS

Overview

Social media is a gold mine for scammers. Since 2021, more than 46,000 people have reported losing over $1 billion in crypto to scams and crypto makes it attractive to scammers.

There are many Twitter accounts claiming the “vitalik.eth” on Twitter, but Twitter Blue still cannot fix it. Behind the scene of “Not giving away ETH”, there are victims of the social media scam.

What we do?

We move a step forward the open Internet. We will not say “Don’t be evil”, keep detecting and blocking these kinds of scams. Instead, we move to “Can’t be evil”, trusting “good users” is replaced by cryptographic ownership of digital assets and mathematical proofs of security, secured by ENS.

The water3 team is building a crypto twitter based on ENS - name ThePlaza. This will bring three advantages to ENS:

• Reduce Scam: ThePlaza is secured by ENS account and verified on-chain: This will also eliminate fake accounts and reduce spam.
• ENS profile verification: we connect web3 identities in social networks, the real ENS identities. A lot of ENS users are looking for verification ENS on Twitter. CryptoPlaza will help connect real ENS holders. ENS is not just a display name, it will be verified in more DAPPs.
• Account ownership: The user logs in with ENS. The account belongs to the user, and no one can tamper or ban it. Recently, many ENS related Twitter accounts were suspended, e.g. Furyan.eth. Therefore, account Ownership is Crucial.

Scope of work

The crypto twitter includes the following core functions:

• ENS login (verified on Ethereum Mainnet)
• Plaza: explore content of ENS user
• tweet (off-chain for v1.0)
• social function: follow, like, comment
• user profile: (next step support NFTs)

Product Preview

CryptoPlaza1920×1438 147 KB

Web3RegisterLogin1578×1114 81 KB

Timeline

Our team started development in September. We’ve done most of the work in the past 11 weeks.
The project will go live on December 15th.

Our Team

Water3 is a project team of volunteer developers, and our members are ENS users. We are committed to developing Web3 applications that meet the needs.
Freedom means we are free to choose. And we will develop decentralized applications to give users more options.

Budget

We’re looking for a 8 ETH grant from the Public Goods WG to optimize this effort and #shipit. 50% upfront, 50% on completion. Any means of checking work progress are welcomed. We seek a small funding amount to make sure the working group find it worthwhile and to have a small budget to cover infra costs, etc.
Although we have done most of the development work, we welcome anyone from ENS DAO to join us, especially marketing and operations, and distribute compensation based on contribution.

Thanks for reading! Looking forward to any questions or comments. @AvsA @theanthonyware @ceresstation

FAQs (Updated on Nov 18th based on community feedbacks)

1. Open source

We are open-sourced with BSD 2-clause license.
Github: Water3 Dao · GitHub

2. Business model

Donations by users. The business model will be similar to Wikipedia.

Advertisement is the business models on web2, and it’s not suitable for our platform (web3). In other words, if I do not follow Tesla’s account, the promoted Tesla ad will not be shown on my timeline. There will be no advertisers here. Selling users’ attention to advertisers is not our business model.

3. Account Bans and Moderation Policy

(a) account ownership (account bans): There will be no account bans on CryptoPlaza. In Version 2.0 (blockchain backed), any ENS name owner can send message on chain directly, even without our web UI. On the backend, we follow the same rules as Ethereum and ENS accounts. If the ENS account can still send message on Ethereum, the message will on be saved on blockchain and database.

(b) moderation policy(censorship): Instead of moderation by a centralized company or team, we propose a customized UI and users decide who to follow and what they want. The Web UI of CryptoPlaza will be open sourced. The client UI (apps or webs) could have its own moderation policy.

It’s meaningful to take more effective measures on the front end (UIs). But the ban rules should not be made by the Water3 team. We will implement the separation of powers:

• DAO: Criteria and methods for determining ban or moderation policy
• Developers: Enforce the decision by DAO; implementation by code auditing
• Everyone: Monitor and report cheating that does not follow the policy

4.Go to market

For the first 10K users, we will target three audiences for early adopters:

• ENS accounts is about 600k accounts(unique address) with 2.7M names. Most of the users are familiar with twitter, and ens. We assume we reach out to 10% of those users, and 10% of them are willing to try on our platforms, this will get to another 6K users. (v1.0)

• Twitter suspended account is more than 70 million in two months. We will target those suspended who are banned by mistakes. Assuming 1% of those are real accounts and still active, and 1% will be converted to our platforms. This will get to around 7K early adopters. (next step)

• Based on the social network, 15% of whom will invite their friends and family to join the social network, so we will have 7K * 15% = 1 K new users to the ENS domains. They will register ENS names, giving revenues 1 K x 3 Years x ($5 / domains / Years) = $15 K back to ENS! (next step)

5. Others

Thank you @Illiad for the feedback. Thats’ a good point! We will remove the buzz word and rename to “ThePlaza” for now. And yes, we are secured by SIWE.

Is this open-source licensed (and if so, which one)?
Account ownership and bans seem like separate issues. Bans are about what other people want to see/hear, and on Twitter especially about what type of content advertisers would like their ads to run alongside. Are you proposing a complete lack of moderation?
What business model are you proposing for infrastructure sustainability?
Are you proposing that every posted message be signed for the purpose of verifying name ownership?
Writing some database-API-backed interface software is just the first step…even 8ETH seems like it might not be nearly enough to achieve your stated goals.

Hi unblockreceipts.eth, thanks for the feedbacks! Here are our thoughts and let us know if you have any further questions!

Q1: Is this open-source licensed (and if so, which one)?

A1: Yes, this will be open-sourced with BSD 2-clause license.

Q2: Account ownership and bans seem like separate issues. Bans are about what other people want to see/hear, and on Twitter especially about what type of content advertisers would like their ads to run alongside. Are you proposing a complete lack of moderation?

A2: There are three concepts mentioned here: account ownership (account bans), moderation policy（censorship), and advertisement.

(a) account ownership (account bans): There will be no account bans on CryptoPlaza. In Version 2.0 (blockchain backed), any ENS name owner can send message on chain directly, even without our web UI. As long as the address owner can send a transaction on Ethereum.

(b) moderation policy(censorship): Instead of moderation by a centralized company or team, we propose a customized UI and users decide who to follow and what they want. The Web UI of CryptoPlaza will be open sourced. The client UI (apps or webs) could have its own moderation policy.

(c) advertisement: Advertisement is the business models on web2, and it’s not suitable for our platform (web3). In other words, if I do not follow Tesla’s account, the promoted Tesla ad will not be shown on my timeline. There will be no advertisers here. Selling users’ attention to advertisers is not our business model.

Q3: What business model are you proposing for infrastructure sustainability?

A3: By donations. In our Version 1.0, the business model will be similar to Wikipedia.

Q4: Are you proposing that every posted message be signed for the purpose of verifying name ownership?

A4: Not necessary. ENS name owner will signed once for logged-in, for Version 1.0.

We think ENS name account will cut out the vast majority of spam and bots, so signature for each message would not be necessary at this stage.

Q5: Writing some database-API-backed interface software is just the first step…even 8ETH seems like it might not be nearly enough to achieve your stated goals.

A5: API-backed software is the Version 1.0. The budget is mostly for the infras. Our team is made up of volunteers and no engineering hire costs at this stage. The infra budget is estimated by 3 months duration with 10000 monthly users and 2000 daily active users (DAUs).

One thing, we are creatures of habits and humans tend to repeat history, shouldn’t there be preventative measures for any future events that would require the ban of a compromising character? because there are data elements on the backend that can be masked by private browsers or extensions of them that provide and alternative routes to obtain different identities and even impersonate. Backdoors to otherwise immutable systems jeopardize the entire system, finding an approach to solving the issues of account banning, moderation and business model, as it reenforces the on-chain knowledge, demonstrating the ongoing proof of work in many ways highlighting the benefits and potential impacts it could have.

We welcome you to ENS DAO Discourse
First and foremost, we are glad to see this is your first post!

So I will start off by saying—
If you have not done so already, please take the time to review the process in of proposals in the governance docs

You project that you describe is complex. I would like to see more information about your project.

What is this business model?

You are asking for the DAO to fund 8 Eth for your project but you also have not stated any current or past costs for anything. the first 100,000 users is a hard sell and you are competing against twitter. On that note, extensive strategic planning documentation is a must. for something of this caliber

Do you have a current working GitHub Repository?

Other than noting that the leap from v1.0 to v2.0 is a big step which may or may not be completed and shouldn’t be assumed as part of the value proposition to funding v1.0, I still think independent concepts are being conflated here.

Account ownership is about who can use the account name. For example, in Twitter, someone else might be able to guess my weak password or snag a login token (the latter of which would be an issue in your platform too) and tweet as me, or Twitter could reassign my handle to someone else, either as an abuse of their power or because the hacker convinces their support team that they and not I am the authentic user. I’m not personally aware of that happening much (especially in the “abuse of power” category) though it clearly could. However, you might have a bit of an uphill battle on this value proposition point solving a problem that lots of folks don’t really perceive as a practical problem. Also, that solution seems to flow from the use of ENS/web3 rather than being a core contribution of your tech.

Bans are about preventing whatever an account might say from reaching an audience. You could have strong or weak account ownership and still have bans, or not. Also, requiring each user to manually build up their own blocklists is not very tenable or scalable, and the bad actors will win that race. You would at least need to enable a delegation system for that kind of decisions, similar to some of the tools added on around Twitter (e.g. “block anyone who is blocked by any of these specified accounts”).

Fantastic! Is there a timeline for this? Sorry to be skeptical, but lots of projects claim they’ll do that at some point in the future and then rug donations received in good-faith trust that would’ve been contingent on this. (To be clear, I don’t think open-sourcing should always be a prerequisite to donations/support, but it can affect decisions in some cases, and getting the benefit of the claim without ever actually delivering is not very nice.)

@unblockreceipts.eth thank you for articulating the appropriate need for a strategic plan of possible measures for the prevention of the “XYZ message” to reach an intended target. However, something that i forgot to mention, and I should rephrase i mentioned before there are current elements to consider and further discuss in a deeper dive into the what it takes to accomplish banning an account.
Today websites can link new social accounts to already existing ones, why this matter is because in this same fashion is how accounts can be banned. Like noticeable inconsistencies in the browser fingerprint and is a set of data elements such as:

• Profile name
• Proxy
• OS
• Timezone
• Geolocation
• WebRTC, etc

By masking these data fields, anyone can easily mask themselves into a different identity, using incognito or private-mode browsers. So the challenge then becomes determining the true data source of the aforementioned elements, then the question still remain can account banning ever be a possibility?

On the backend, we follow the same rules as Ethereum and ENS accounts. If the ENS account can still send message on Ethereum, the message will on be saved on blockchain and database.

It’s meaningful to take more effective measures on the front end (UIs) to solve the problem of compromising character. But the ban rules should not be made by the Water3 team. We will implement the separation of powers:
- DAO: Criteria and methods for determining ban or moderation policy
- Developers: Enforce the decision by DAO
- Everyone: Monitor and report cheating that does not follow the policy

Thanks for the suggestions! Yes, it’s our first post. We wrote the proposal based on rfp-template, and wanted to publish under post on “Temp Check”. We submitted a Participant Request Form, and are waiting for the permission. Is it the right approach?

• Donations from users.
• If donations do not cover the infra cost, we might charge a monthly fee.

• for the past few months, we spent 1.5 ether on smart contracts deployments, 1 ether on server costs, and 0.5 ether on other ops services.
• We estimate the infra servers costs (servers and rpc providers) will be around $1300 each month for the next 3 months, which covers the the capacity of 10K users. The production contract deployments and setup for 1 eth. And 1 eth is for other ops services.

Totally agreed. Currently we have plans for the first 10K users, while growing from 10K users to 100K users plan is on our v2.0 version, which we will share more when we are close to 10K. For the first 14K, we will target three audiences:

• ENS account accounts is about 600k accounts(unique address) with 2.7M names. Most of the users are familiar with twitter, and ens. We assume we reach out to 10% of those users, and 10% of them are willing to try on our platforms, this will get to another 6K users. (v1.0)
• twitter suspended account is more than 70 million in two months. We will target those suspended who are banned by mistakes. Assuming 1% of those are real accounts and still active, and 1% will be converted to our platforms. This will get to around 7K early adopters. (next step)
• Based on the social network, 15% of whom will invite their friends and family to join the social network, so we will have 7K * 15% = 1 K new users to the ENS domains. They will register ENS names, giving revenues 1 K x 3 Years x ($5 / domains / Years) = $15 K back to ENS! (next step)

Yes. Github : Water3 Dao · GitHub

Yes. In this proposal we focus on V1.0, to verify whether a Crypto Twitter is what users need.

The problem you mentioned is the account security problem, not the ownership problem. If your private key got hacked, you ENS and ethers are gone, and hackers can tweet as you.

• Our contribution is to provide a decentralized social platform, where accounts are not controlled by the platform, but belong to the users.
• The spirit of Web3 is building blocks. It is not a good thing that the core contribution belongs to an individual or a party. Layer1 and Dapp are equally important. We hope to become a part of ENS by providing more usage scenarios for ENS, and get more new users to ENS.

A quick housekeeping note:

Just FYI, this is a bit out of date, e.g. referring to the airdrop claim site which is now more about selecting a delegate. Reinforcing the question by @water3_eth, the participant request form doesn’t apparently work, even after waiting a while longer than the stated processing duration.

Thanks @water3_eth for answers!

Who determines if the developers complied in the second step, and what if they don’t (even unintentionally, e.g. with bugs)?
Who reads and handles the reports from that third step? If it’s a rules-based algorithm, what’s to stop an army of bad-faith flaggers from using reports to silence those whose views they disagree with, or for other harassment purposes?

Do you have a marketing plan for that?

As an update to my prior post on account ownership, stories like this one (paywall warning) might help you make the point that account ownership is pretty important.

That is true; I was mostly making the point that your solution helps with the weak-password risks but didn’t say so very elegantly.

Have you solved this issue (also discussed in a forum that allows replies here)?
Do you allow users to log into a single account using multiple different device-bound keys?

You are waiting to be approved?

Yes. We’ve submitted the airtable form and @Serenae.eth is helping on our ticket. Hope it will get approved this week.

Hi UR, thanks for the comments! It’s good that you mentioned those topics. We have not covered most of them in V1.0, due to the limited resources.

The go-to-market for the 10K early adopters are added to the main docs.
The developers implementation will be further secured by code audit.
Our dapp will not cover account security, and we inherits from the account infrastructure of Ethereum and ENS.

You are aware that you are opening up this proposal for open bidding for other similar projects, correct?

Yes, we’ve read the rule and it’s open for bidding. We will also bid for it.