Operational and compliance issues facing decentralized peer to peer marketplaces

— Nothing in this article should be construed as legal or investment advice —

Peer to peer online marketplaces abound. Some are semi-decentralized, such as Craigslist or, arguably, Facebook Marketplace. These platforms merely provide a platform for buyers and sellers to connect, but no other services. It is up to the participants to verify the quality of goods, exchange payment, arrange delivery and resolve post sale discrepancies. Other platforms are fully centralized, like Ebay, Etsy and Mercari. These platforms handle end-to-end transaction flow with full identity verification and dispute resolution mechanisms. Marketplaces are not limited to goods; platforms for various services exist as well in varying degrees of decentralization: Fiverr, Upwork, AirBNB, Uber, Lyft, Angie’s List, Zillow, etc. The common theme behind all of these marketplaces, whatever their level of decentralization, is that there is a single entity in between the buyer and seller. That entity may or may not directly profit from the transactions which they facilitate, however all do profit in some way, if even indirectly.

Let’s imagine a new platform, totally decentralized, with no entity at all in between the participants. The platform is run by unaffiliated third parties, spread across the globe, none of whom know or trust each other. Listings can be placed by anyone, anywhere, totally anonymously and without review or censorship of the content posted. Buyers can view listings from anywhere and when a purchase decision is made, make immediate, anonymous, guaranteed payment. The payment can never be reversed by a third party and its release can be triggered by a time delay or some external event. Isn’t that what cryptocurrency promised us? Sounds promising, yet scary.

The above proposal is technically possible. Fullnode operators of a crypto chain can agree to servers that exchange seller listing data over peer to peer connections and host listing search services so buyers can find what they are looking for. Buyers can connect to the chain with a client, or run their own fullnode if desired, and search for listings, make offers and send crypto payments to sellers. All of this is secured by a decentralized, autonomous chain of third party miners and/or stakers who have no interest or gain from the transactions occurring on the network.

Just because it’s possible, does that mean it’s good? Not really.

The first obvious abuse of this system is the sale of illegal or unethical goods and services. Sales of firearms, revenge porn, stolen identities, child trafficking — the list of potential abuses of this marketplace is long. The listing of those kinds of items needs to be suppressed somehow, both to protect victims and the operators of the network over which those listings are flowing. The suppression mechanism needs a score system to avoid spam from attackers suppressing everything. The mechanism should also have some “trusted list” based on a published identity that fullnode operators can validate — for example, major media producers who want to protect their copyright information can publicly announce their source address for suppression notices and then monitor for violations. The same would apply to global law enforcement. Fullnode operators can then decide which subscriptions they want to connect to for suppression based on their own local legal jurisdiction, tolerance for legal peril or personal ethics.

Regarding spam, there should be a mechanism to “charge” for listings, lest malicious actors attempt a denial of service attack on the network by listing 1,000,000 rolls of toilet paper for sale over the course of a couple of seconds. However the listing fee should not go to anyone, for fear of that person or entity being classified as a broker by the relevant authorities and thus subject to myriad reporting requirements. To eliminate any connection between market participants (buyers and sellers) and market operators (fullnodes, miners, stakers), the fee paid by sellers should just disappear (e.g. be sent to a burn address or similar). Similarly, the ability to bid or purchase should result in the need for immediate payment or escrow to prevent spammers from bidding on or buying every single item for sale and then simply not paying.

One critical role that marketplaces play today is being the first arbiter of disputes. Peer to peer transaction issues abound. Purchaser didn't receive the item — was it shipped incorrectly or lost by the post office? Purchaser got the item but it doesn't work — was it working when it shipped and the purchaser broke it or was it DOA? For service based goods the issues are even murkier. The web developer did a bad job — was the developer truly incompetent or were the requirements given by the client a total mess? This issue has two potential solutions as I see it:

1 — Use the marketplace for low effort, low risk or low price items only. You pay $10 for your Funko Pop piece of plastic junk based solely on the sellers rating or other out of band verification that you perform. If it ships and arrives in good shape, fine. If not, you are out $10. Same with services — only contract what you are able to lose — so only small, one-off jobs get contracted. All the verification and dispute resolution is left to channels outside the marketplace. Payments are sent immediately or perhaps held for some number of days and then automatically released. Although simple, this strikes me as less than useful to the general consuming public who want to transact with each other.

2 — Create a built in dispute resolution service for larger jobs/sales. For example, market participants can agree to some international dispute resolution process (e.g. JAMS) via autonomous electronic contracts. For large service based projects, milestones can be created based on timeframes or information deliverables (e.g. github commit, document upload to Google Drive, etc.) and if those milestones are not met, then arbitration mechanisms trigger and the case is automatically sent for dispute resolution. The seller or vendor can be required to post a small bond up front to cover the cost of the dispute resolution service, which would be released to the buyer to cover the costs of initiating the dispute resolution. Conversely if the vendor is initiating the dispute, some amount of the buyer’s pre-paid escrow can be released to the seller/vendor to cover the costs. Although more complicated, this more closely tracks what current platforms implement, e.g. Ebay, Upwork, etc. Reality is that current marketplace dispute resolution which is administered by the centralized platforms is nearly non-existent because they always resolve in favor of the buyer. Anecdotal social media postings overwhelmingly confirm that platforms cater to those who are giving the money, not those who are rendering services or selling goods. So this solution is moderately better because it at least escalates to a known neutral at the outset of the dispute.

Listing hijacking is a common problem which I have personal experience with. A couple years ago I listed a light duty lawn mower for sale on Ebay for about $1500. Shortly after the listing, three other listings were posted with the identical picture, at about half the price. One of them was listed in the UK but they forgot to change the verbiage which offered “free delivery to 50 mile radius” of my town in Pennsylvania. Comical, but annoying. I received several DMs from Ebay users alerting me to the listings, which I forwarded on to Ebay. Unsurprisingly, no action was taken by Ebay on any of the fake listings. I began to check other listings, particularly my GPUs for sale and found many of those had been cloned as well, sometimes more than 10 copies existed. These were not stock pictures; they were pictures of the actual card, with serial number, sitting on my kitchen counter or wherever I had happened to take the photo. Ebay obviously lacked any procedure for detecting even a modicum of fraud being committed. This is likely why they side with buyers in all cases, so they can be lazy on detecting fraud by sellers.

In a decentralized environment, with no Ebay to be lazy in between, this becomes even more difficult. It could be possible to use some AI to detect image copies and flag potential fraud to buyers. However, deepfakes, procedurally generated images and simple photoshop jobs all plague the marketplace. A mechanism needs to be developed to deal with fake listings generally, however it’s unclear to me how this could be crafted.

Review bombs and review purchasing are another issue. For example, Steam has been exploited by its own clients who wish to make political statements. Users will loosely band together to “review bomb” a game by a publisher whose content the user group feels is offensive or if the company has engaged in some unpopular activity totally unrelated to the game. Fiverr, Trust Pilot and Google Reviews are notorious for purchased positive review services. A simple search on Fiverr for “reviews” will yield multiple sellers willing to harvest positive Google reviews for a fee. Overcoming inauthentic reviews is extremely difficult and may have no possible solution. In a decentralized platform it becomes even more difficult to know who is a verified purchaser leaving a positive review for a seller. In fact a single entity can create thousands of wallets and listings, posing as a whole marketplace themselves, creating tens of thousands of listings and purchases, all in a grand charade to boost their own score with no actual transactions occurring. A coordinated effort over some medium period of time (say, a couple months) could allow a single person to game the whole system and then profit by exploiting the accounts themselves or selling them off to fraudsters. If highly centralized, well funded corporations cannot adequately control review/score manipulation, it seems unlikely that a decentralized solution can be crafted.

Seller impersonation and general identity issues pose another problem. A decentralized platform provides a unique avenue for the use of stolen identities, because victims have no one to complain to. Let’s assume for a moment there is some way to confirm the identity of a single person in a decentralized and trustless way (more on the issues of that below). Lets say I upload some kind of identity documents to a local program which creates a hash that proves something (it knows I uploaded a valid California Driver’s License, just not which one). I then use that ID hash as my online marketplace identity — people know that I am “someone” just not exactly who I am. Now my identity is stolen and the hacker proceeds to list many fraudulent listings, collecting payments and never delivering goods. As the victim, who do I file the fraud report to? Can I simply mark my record as fraudulent and then the network will no longer transact on my ID? Spammers could then mark all current users as fraudulent to cripple the marketplace. There needs to be some offline way to validate a user such that their identity is never exposed, and a way to revoke that identity, only by them, in a trustless and decentralized way.

Assuming that a “trustless ID” could be created — e.g. I know that a hash is a real person, I just dont know who that person is — would people use it? Imagine the fear of the common user taking a picture of their driver’s license and “uploading” it somewhere, which is supposedly safe. The consuming public has been bombarded with hack after hack of wallets, exchanges, lending platforms, etc. Are people really going to understand that a local executable wont transmit their data somewhere? Who would host and verify this executable?

Let’s say that an accurate, trustless ID system could be built, and people actually did use it, and then buyer and seller trust scores were created based on transaction history. What legal responsibilities would fullnode operators bear to their users? If a buyer unfairly rates a seller poorly, who does the seller complain to? If someone programmatically gives themselves thousands of positive reviews, how do market participants know? Do fullnode operators become liable for known inaccurate data which they cannot themselves remedy? Are fullnode operators complicit in fraud committed by users on the network if they know fraud is occurring but have no power to stop it?

The problem with DNS: any system which relies on the standard DNS system is centralized by definition. It will be subject to censorship by ICANN or the hosting entities (Godaddy, AWS, Azure, Comcast, etc). It could be possible to create a new TLD, however that would itself be subject to the DNS consortium rules and subject to censorship by major browser producers who could simply not trust the chain certificate. This is also costly ($150,000 application fee as of the time of this article). Users could be required to download a supplemental TLD file and install it to their browser (bypassing many security warnings along the way). This would create huge barriers to usage. So either the system must be based on a non browser based solution (e.g. download a fat client similar to QT based wallets) or the system must allow browsers to connect to fullnodes via IP or perhaps proxy gateways. (something like onramp.mymarketplace.com) However, those gateways may be subject to censorship by service providers. The fundamental tension between easy to access and non-centralized creates a difficult and perhaps unsolvable problem.

Would fullnode operators be responsible for the content they pass along? Similar to website operators today, disinterested content hosting entities are generally not responsible for the content they host (in the United States) so long as they promptly respond to takedown requests. We can thank Section 230 of the CDA for that. Some jurisdictions, notably the Ninth Circuit, are starting to chip away at this, particularly if platforms encourage users to engage in illegal activities or the thing that the platform does actually enables illegal activity. Lemon v Snap is one example. However, fullnode operators would be nothing more than a mini-ebay in this case, simply hosting information and passing it along. As long as fullnode operators respond to any takedown suppressions they would be functionally equivalent to a bulletin board operator and should enjoy the protections offered by Section 230.

The final thought I will present — can this system be used for money laundering? Any system which could be viewed as an attempt to subvert KYC/AML laws could gain unwanted attention of the authorities and subsequent sanctioning (e.g. Tornado Cash). Although the system presented here is far more decentralized than Tornado Cash (which in reality was totally centralized), the concept could potentially be subject to sanction, or perhaps even the entire chain. Sanctioning the chain entirely would be a draconian step, akin to sanctioning Ethereum because it enabled Tornado Cash to exist in the first place, so I see that as unlikely, however it still should be considered in the overall design. Sanctioning the system could be possible, although its unclear what exactly would be subject to the sanction. “Anyone who uses mymarketplace” would be considered in violation of US Treasury laws? Arguably, Facebook Marketplace and Craigslist could be lumped into this group, as the platform has no meaningful identity verification process required before using the marketplace feature. More centralized platforms like Ebay, Etsy and Mercari require connection to a bank account to obtain funds and thus are already under KYC and SARS reporting regimes in the United States.

What would prevent someone from selling a pillow for $10,000 (in crypto) and using illegal funds to purchase it in an anonymous way? Not much. NFT marketplaces are already under scrutiny for this type of transaction. What prevents someone from doing that now on any number of other platforms that only facilitate buyers and sellers connecting but do not actually transact? The key difference here is that the system -would- allow the peers to transact, and thus lies in a gray area. One could argue that the laundered funds are still in crypto and thus need to touch an exit point on an exchange, at which point the requisite AML/KYC should occur. Fullnode operators need to be aware that they are potentially assisting criminals with money laundering, however that seems no different than fullnode operators on Bitcoin and Ethereum today. The extra layer of a marketplace shouldn’t make a difference but some regulator in some jurisdiction may not understand the difference or may not agree.

The promise of a totally peer to peer marketplace with no intermediary is enticing. Sellers no longer pay exorbitant fees to Ebay. Vendors no longer pay 20% of their earnings to Fiverr or Upwork. However, the path to an open, fair, honest and legal network is fraught with peril. The technology is ready; the devil lies in the details of process and compliance.