First we would like to say thank to the community for supporting SteemStays. We have received many valuable comments, feedback and encouragement. Big thank goes to @fabien, @sneak, @smooth, @nextgencrypto, @williambanks, @joe and many more which we can't name them all here...
As a decentralized community, we are striking for a total decentralization market without any middle man, but due to the nature of the business, it's very hard to achieve that goal.
Another problem is the openness of the Steem blockchain while also trying our best to protect customers' data as much as possible. Therefore, a compromise has to be made; that's why we want to hear feedback from the community.
First, let us explain our initial design.
As we strike for as much decentralization as possible, we designed a SteemStays' listing so that all data will be on the blockchain, which also means that it will be publicly viewable, but it will be encrypted with our unique encryption method. If someone looks at a SteemStays' post, that person will see nothing but a bunch of encrypted bits. It also has an advantage that even if something happens with our server, the will be a way to reconstruct SteemStays without having to backup anything (semi-decentralization).
However, there are some concerns about any given user's privacy, e.g. listing owner's name, approximate location (we will never save the exact location in any way), pictures, and so on. Although with the initial design all of this data will be encrypted, it will stay forever on the blockchain; if the encryption is cracked in the future, then this sensitive data will be open for everybody.
Taking customers' privacy as our foremost priority, we were forced to redesign to a hybrid centralized-decentralized solution. We let users choose which part of their data will be saved in the blockchain and which part will be saved in our internal database. In essence, we let users decide what information they want public and what data they prefer to keep private.
We thought we satisfied everyone with that design, but then after some discussions with other experts, there exists the desire that third parties want to scan the blockchain, read a SteemStays' listing from it, and display the information on their site (e.g. for advertising purposes).
Since we can't hand over our encryption solution to third parties, there is only one way to move forward, namely by leaving tise basic information completely open on the blockchain, so third parties could easily scrape the data and display the relevant portions on their site (e.g. listing's location, short description, pictures and price). We are indecisive at this time because if third parties gain flexibility with our platform, then we must lose some undesirable features (privacy, being the big one), and it's not our way.
Despite this, there are some slight better solutions for this task by encrypting basic information in a different way and only give trusted third parties the way how to encrypt and decrypt the information so they could encrypt themselves. But then again it comes at the expense of third parties not being able to use certain information. It's a constant tug of war between decentralization and centralization.
A TL;DR summary:
(1) All listing's information (owner's name, approx. location, description, pictures, etc.) will stay forever on-chain (public), with encryption, of course.
- Advantage: highest form of possible decentralization, anyone could create another SteemStays marketplace
- Disadvantage: privacy lost (if encryption is hacked/broken)
(2) Some part of listing's information will be encrypted and stay on-chain (public) and the sensitive part (user choosable) will be off-chain (private).
- Advantage: guarantee privacy to some extent
- Disadvantage: decentralization is lost as we have to deal with an internal database with users' sensitive data.
(3) Some part of listing's information will be encrypted and stay on-chain (public) and the sensitive part (user choosable) will be off-chain (private). Other vital part for advertising (e.g. price, location, description) will stay without encryption forever on-chain.
- Advantage: useful for third parties, esp. for advertiser
- Disadvantage: decentralization meaning lost, privacy isn't guaranteed anymore
(4) Some part of listing's information will be encrypted and stay on-chain (public) and the sensitive part (user choosable) will be off-chain (private). Other necessary information (esp. for advertising) will be encrypted with another method and stay on-chain.
- Advantage: right balance between privacy and usefulness
- Disadvantage: decentralization meaning lost, extra works for third parties, have to give out the encryption to third parties. If they exploit or can't keep it, user's information will be exposed.
Please give us your opinion and tell us why you choose one of these options above (only one is possible).
Of course we are open to new suggestions. Thanks in advance.