Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Immutable Account Names, Account Traceability #342

Open
pwdel opened this issue Sep 24, 2024 · 7 comments
Open

Immutable Account Names, Account Traceability #342

pwdel opened this issue Sep 24, 2024 · 7 comments
Labels

Comments

@pwdel
Copy link
Member

pwdel commented Sep 24, 2024

From this MR discussion:

#299 (comment)

Problem:

In a scenario where any user is free to create a market under a, "free for all gaming scenario," ... a troll user could create a string of markets, resolve them incorrectly, and then delete their account, leaving bettors unaware that this original user was unreliable, just showing perhaps a, "null," username on a very attractive, high-volume market. There are different ways to solve for how the resolution will be done on the administration side.

That being said, the question may have been posed unreliably in the first place, and allowing for traceability of what a particular user handle may have done in the past could be useful information to bettors to decide whether to even engage on a particular market.

Or, the user might have simply left, even though they had good markets, and those markets should stay open with the volume that they had. Users might want context to other markets they created and resolutions in the past to display reliability and show consistency.

Solution:

Having a, "null," username might be a typical solution in social media platforms where the user wants to delete their account. Rather than deleting accounts, we could allow for, "archiving," of accounts, which could delete the personal information while keeping the handle.

Usernames should be immutable to maintain traceability of market activities. Allowing users to delete their accounts would remove critical records of the markets they created and how they resolved. Instead, we can implement an archiving system that retains the username but removes sensitive personal information like the display name. This would help prevent users from creating unreliable markets and then disappearing without accountability, ensuring the integrity of the platform.

Caveat - there may be a scenario where a user might want to delete their account, including the handle, for safety or reputation reasons. They may have used their real name in their account and made some bad decisions, or might have a stalker, or something. If we want to protect for this case, then rather than having a, "null," username we might want to fill in a fake handle, perhaps even with our stock prefix attached, "archive_x2jd2h" or something like that, so bettors can at least look at strings of previous markets and decide how to bet.

We already use github.com/brianvoe/gofakeit so we coulse use that library to generate new archived usernames presumably.

@pwdel pwdel converted this from a draft issue Sep 24, 2024
@pwdel pwdel added the decision label Sep 24, 2024
@pwdel
Copy link
Member Author

pwdel commented Sep 24, 2024

@j4qfrost and @ajlacey ...

Also @briantedwards and @astrosnat as well as @jg-you if you have time.

@astrosnat
Copy link
Collaborator

Just got to this...I like the idea of giving them randomly generated fake handles.

A thing that admins operating in the EU, with European users, or users in "third countries" such as the UK should know is that, under GDPR, users have the right to request their data be deleted. Admins don't have to comply but they should be aware of the legal basis for keeping the data: https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/dealing-citizens/do-we-always-have-delete-personal-data-if-person-asks_en

So we should give admins tools to delete user-created markets while also giving them documentation explaining the pros and cons of deleting user data. That way admins with EU-based users can stay GDPR compliant. If you have any questions about GDPR regulation, compliance and enforcement just ping me

@j4qfrost
Copy link
Collaborator

I think as an open source product, we aren't forced to comply with GDPR because we aren't collecting the data, but as Osnat mentioned, it would behoove us to make data deletion and retrieval easy for an admin. It incentivizes adoption in the EU.

@briantedwards
Copy link
Collaborator

Well in certain contexts it might also be important that the data be automatically preserved and undeletable. For instance, in the US any internal communications at an SEC regulated firms must be preserved for some number of years. So perhaps initial instance creation could start with a regulatory context toggle or something?

@astrosnat
Copy link
Collaborator

@briantedwards I really like this idea of toggling settings on/off

@pwdel
Copy link
Member Author

pwdel commented Sep 25, 2024

@briantedwards and @osnat currently we have a form of a, "toggle," which is, a setup file, setup.yaml which is used to set all of the game settings at the start of the game.

https://github.com/openpredictionmarkets/socialpredict/blob/main/backend/setup/setup.yaml

That being said, it's less of a, "toggle," which might imply a database setting that can be switched on and off on the fly, and more of a, "permanent setting," designed to set up the game rule operations. Of course we can pull some of these settings out to be adjustable in the future.

But at the very least for now we could set it as a, "permanent setting," and we could develop logic that, given that setting, allows accounts to either be fully deletable under GDPR, fully never deletable under SEC regulations, or some kind of, "archive-able," SocialPredict mode which replaces the user name and information.

If we are really worried about GDPR, I would lean toward seeing if it would be GDPR compliant if everything could be archive-able and see if we can have users at the start of the application agree that any markets that they create are property of the server. It really seems like it would be unfair to an admin to have them set up an instance of SocialPredict, curate that under the understanding that they are paying to allow users to share information, and then users just pull up and delete all of their community information, including market titles. On the other hand, let's say that the market titles themselves contain personal information, "Will I buy a house at 123 Fake Street in Fakersville, California?" ... which, arguably they should not have done, but they did it -- they should have the ability to at least hide if not delete that information it seems.

There is clearly a balance between user protection and admin community development incentives that need to be built in.

@astrosnat
Copy link
Collaborator

@pwdel I'm with you on developing some kind of logic.

GDPR says you can make data archive-able (or even fully deletable to comply with SEC laws) under a specific lawful basis. The lawful basis has to be something like:

  • the user gives informed consent (this is the weakest lawful basis given that consent can be retracted at any time)
  • the user has signed a contract with you to do this
  • you're legally obligated to collect and keep the data (e.g. SEC compliance is a legal obligation and a lawful basis)
  • you need this information to save someone's life
  • you need to keep the data in the public interest
  • you need to keep the data as a legitimate interest for yourself, the user, or a third party (e.g. "we need this for the software to work" counts as legitimate interest)

Here's a bit more info on the lawful basis: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawful-basis/a-guide-to-lawful-basis/

Anyway, yeah, "legitimate interest" (i.e. "we need this to make the software work") and "legal obligation" both mean it's fine to keep important stuff archive-able. But things like market titles are a bit of a greyer area in terms of arguing whether it's in the public interest to keep market titles rather than scrubbing them. I think in practice an admin could reasonably argue that keeping the market titles available is "legitimate interest" because deleting community information degrades the usefulness of the prediction market as a tool. "Reasonably" is doing a lot of heavy lifting here, though.

I do agree that there should probably also be a consent basis, but having to click extra buttons annoys users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Development

No branches or pull requests

4 participants