Access control

[auryn-macmillan]

Who should have what level of access, and what mechanisms should be used to control access levels?

[ghost]

Personally I think a DAOs inner communication shouldn't be displayed publicly (although I can see the arguments for and against). There could be a public facing section, but to have full access there should be proof of membership.

The DAO token itself could be useful as a control mechanism. Seeing as how membership requires at least 1 token, maybe each user account could have a wallet. If user hasAccount == true && wallet balance => 1 DAO token, they get full access. If they only have an account with no DAO token, they get public access.

[FelixA]

I strongly agree with your point that there should be a minimum token amount to be able to vote. Yesterday @vmichalik described that using multiple accounts could influence or even manipulate decisions. Since the DAO tokens are extremely divisible I could perform kind of a 51% of identities attack in which I have one or two main accounts that are being supported by hundreds of dummy users with just a tiny token amount to build up false trust.

The question is, how to disincentivize such a behavior without giving the average user a high entry barrier to participate. So far I had two ideas:

1. Implement a mandatory deposit of 5-10 ether to achieve the right to comment and edit.
2. Perform a tier-like verification system like it is done in exchanges. Yet this would more or less kill the decentralized idea of a DAO Forum, since someone will gain the power to limit access to the network. Also anonymity will be gone. But on the other hand, is anonymity in an organization really necessary?

Both ideas do not sound very elegant for me, so I am eager to hear better solutions

[auryn-macmillan]

I actually think the stake weighting incentive for posts could help with this issue. If each DAO token can be registered to only one forum account and posts made by accounts tied to large numbers of tokens are carry more weight, then there is an incentive to have large pools of tokens associated with one account rather than many small accounts.

I think it is important to different size token holders to be able to have both private and public discussions. So perhaps OPs should have an option to set a minimum token limit for the right to view a thread; that limit could be any number >=0. There could even be separate sub-forums for holders of different sizes.

[vmichalik]

I don't think we should tier discussions too significantly or have private ones in this forum. there are all sorts of avenues to discuss proposals outside of the forum, but if the biggest stakeholders have discussions invisibly to other token holders you could end up with a 'tyranny of the majority' and echo chamber, not a true democracy.

[vmichalik]

I agree stake weighting is the natural solution, but we might need a flexible lower limit to participate in commenting depending on how many tokens get bought, for example if there is a new token sale.
I think a DAO proposal to contract "DAOForum" as a service provider would involve defining some of these potentially flexible characteristics.

[vmichalik]

I agree the DAO Forum should be hidden, but any token holder should be able to view.

[auryn-macmillan]

@vmichalik if large holders are going to find a way to communicate privately anyway, why not just provide an avenue within the forum. If they are the true economic majority in the DAO, then it is democratic (in terms of one token one vote) for the forum to serve their best interest anyway. This would also serve as a spam control mechanism, meaning that holders of a specific size could limit the noise of smaller holders where it suits.

Don't get me wrong here, I'll definitely be a smaller holder. I just want to make the platform best suit the needs of the DAO as a whole and as a collection of individuals with their own motives/self-interest.

[vmichalik]

yeah but that's what stake-weighting (and maybe reputation weighting) achieves, without the loss of transparency. I just think that forums/posts that are completely hidden to all but a few don't add value to this product, and encourage decisions to be made without consulting everyone.

[corpetty]

As a side note to the first post, has anyone considered legal ramifications to posting all DAO communication publicly? If posted publicly, does this increase potential liability with "insider trading" or completely negate it?

[vmichalik]

Yeah I don't think we are going to make this fully public, the barrier to viewing will be ownership of a DAO token. As far as I am aware there won't be any issues about insider trading per se, but there might be some similar issues with information about the DAO token value. If say, someone knew a proposal was about to be accepted that would reduce the token value they could sell before this info was made public. What do you think?

[ghost]

@vmichalik raises a good point about members jumping ship before the token price takes a hit. I'm not sure if there is an elegant solution to that though. From what I've been told by those in the know, it happens on wall street all the time. It may be something we have to live with.

Also, I agree with @auryn-macmillan that large holders need a way to privately communicate. That could be a two way street though, whereby we implement sections that large holders cannot participate in. It would give the 'plankton' holders a refuge for safe and open discussion free from the influence of the 'whales'. The biggest risk with that is cultural in that it might create a divide, but I think if all the important threads have no stake restrictions (contract proposals, governance meetings, mod elections, etc) that can be mitigated.

[FelixA]

To be honest I don't like the idea of a hidden community inside the community. Transparency is one of the greatest features of the whole blockchain ecosystem. Of course you can't prevent the 'whales' from shifting to another communication platform, actually I think they will be on a slack mostly anyway.
Yet I hope it will be different, since transparency is sometimes difficult to maintain, but on the long run transparency is more efficient and grants a higher satisfaction.
A compromise that would be OK for me, would be to add a feature in which creators of discussions can add a minimum token amount for write access, so that the 'plankton' at least has the ability to read what is discussed by the 'whales'

[vmichalik]

Don't know if this should be a separate issue, but I got this response from Christian at uPort when inquiring about the function of their solution:

uPort will indeed be an identity solution for dapps (similar to SSO). However it can also be used in a more traditional sense by using the private keys to log into websites using a challenge/response protocol. We have not integrated this yet, but there are a number of open-source libraries available to accomplish this, so it would not be very hard to do.

Not aware of these open source libraries or how they would function given DAO token-holding as a validator. Is there some way of querying the DAO smart contracts to enable this?