About the "Factomize Forum Content" Add-On

Secured
#1
Securing the content that is posted to online forums like this one is extremely important. For example, just think of the value of securing bitcointalk.com's content so that we can be assured that Satoshi's posts have not been altered by a bad actor. Considering this forum is a communication medium for the Factom ecosystem, it was critical that the protocol designed to secure the world's data be employed to secure the content of this site. As such, a partnership between Factom Authority Node Operators Factomize LLC (owner and operator of this website) and Canonical Ledgers LLC was formed and the result is this "Factomize Forum Content Add-On". How it works:

When you create a new thread you will see the following "Pending" image within the thread:



The software add-on is designed so that each thread on the forum has a chain within the Factom protocol. The pending image means that chain is in the process of being created and confirmed by the next block in the protocol. Once that happens, if you were to refresh the forum page, you would see the following "Secured with Factom" image:



A chain for the thread has now been created on the Factom protocol. You can see that by clicking on the "Secured with Factom" image which will show the following thread chain link:



Select that, and you will be sent to the corresponding chain on the Factom Explorer for the thread. When replies are made within the thread, those are turned into entries within that thread's chain. In addition, every time a post is edited, a new entry is made within that thread's chain and also shows the userid of who edited the post. You can see the status of every post within a thread as shown by the following two images (notice the "pending" and "secured" and logos by the post timestamp):



And then...



If you click on the "Secured" link, a box with a substantial amount of information including links to the thread's chain and the specific post's entry on the Factom Explorer will open up:



While we have identified a substantial number of features that could be added to this add-on, this software serves as a proof of concept for securing the world's forum and blog posts, and all published communications.

Please let us know if you have any questions or find any issues.
 
Last edited:
Secured
#7
Very cool guys. One question I have is what is to stop a moderator posting content under someone's account on here? For example DChap could post something contentious under my account and then claim it was me (obviously I don't believe DChap would do that but it's just an example). Doesn't this mean factomizing comments only proves something was posted at a certain time but not who posted it, necessarily? My follow on question would be then what problem is this solving?

@DChapman your example above for the value prop would be that using this, we could be sure that Satoshi's posts hadn't been altered by a bad actor. To accomplish this, wouldn't each comment need to be digitally signed by a private key the user controls - that is associated with their digital identity? Also this allows a user to prove that they posted something (by signing something with the same key) but it doesn't allow you to prove a user didn't post something—they could have used a different private key to sign the comment. To get around this you could verify the user's identity as the forum owner, but that then relies on you to be trusted.

I don't mean to detract from what you guys have built, I think it's awesome; but I'd like to understand the problem and the reason it exists better (beyond a PoC of how Factom works).
 
Secured
#8
@FactomKiwi -- You're correct. For new content, we'd need users to have their own digital identity. The initial idea was to create a digital identity on Factom for each new user to the forum (or have them validate their existing identity on registration) that would then be tied to each thread and post they created and subsequent entries on the Factom blockchain. However, as you can see by this post and the discussion after, digital identities on Factom aren't... quite ready. If we were to release this as an addon for any forum or blog to use, that digital identity functionality would fall under what I stated in the first post when I said
While we have identified a substantial number of features that could be added to this add-on, this software serves as a proof of concept for securing the world's forum and blog posts.
With the current state of the Protocol, we decided the extent we would take that type of functionality would be to show who edited an existing post. As you know, I asked your permission to edit your "test" post above and the entry for that edit can be found here. You'll notice the userid for that edit is mine (userid 2), not yours.

As for Satoshi's existing posts, if they had already been edited by a bad actor, as we all know, Factom doesn't solve the garbage in problem. But once they were Factomized, if they were changed thereafter, we would know.

Yes, this addon would have no way to verify that you didn't register a second account and post something as a sock puppet unless the digital identity system it tapped into was sufficiently robust. Hopefully that happens at some point as that gives me all kinds of new ways to utilize the Protocol...

I'm sure Adam Levy of Canonical Ledgers will be along to provide additional technical insight.
 
Last edited:
Secured
#9
@FactomKiwi You are spot on in your observations.

The add on does not authenticate a user's posts. Since the site is making the entries on behalf of the users anyway, establishing keys for each user doesn't add any security unless the users themselves are signing the content of their posts locally on their machines before posting, much like you would add a GPG signature to an email before sending it.

Additionally, if a malicious admin wants to manipulate post content, there is nothing stopping them. However, with this add-on it will be much harder to do so without leaving a trail. The original entry made by the user's initial post will still exist on the blockchain. If the user can produce the original content of the post, then they can use the Factom entry to prove that their version existed before the edited version and they can claim foul play.

It is best to think of this add-on as an immutable receipt/audit trail of what happens on this forum. As long as the add-on is enabled, every post, edit, and deletion has a corresponding entry on the blockchain. A receipt only proves that something happened. A purchase receipt preserves the details of the transaction: date and time, contents of the transaction, the store that the transaction took place at, sometimes the cashier and other details. A purchase receipt generally doesn't include proof of identity. For example someone else could have used your card at the time of the purchase while you were not present. However, in the case of an audit, purchase receipts add a lot of credibility to the record of accounts.

Similarly the entries for users' posts don't prove who made the post, but they add credibility to the fact that the post has not been altered since its creation. This makes it much harder to change the record of what happens on the forum. The forum admin can prove that they haven't tampered with anyone's posts since the posts' corresponding Factom entries were made.
 
Secured
#10
Very cool add on @DChapman and Factomize! I especially like the logo's saying "secured" by the posts. I'm not sure if it would apply but Rivetz Corp. is close to releasing an SDK that enables access to the TEE of certain mobile phones which can help verify that a certain device was used in a transaction. It may be able to help prove identity for your add-on feature. I think there are a bunch of other things the SDK can help with such as a TEE based authenticator for logging into the website. I hope it helps!