DSNP.org Weekly Spec Discussion 2022-04-14: Banning, Delegation, User Deletion

Spec Meeting Notes 2022-04-14


  • Banning services: should it be at service level or protocol level?
  • DIP for Delegation: Add delegate to an account without delegate’s permission?
  • Continued conversation on GDPR requirements for user deletion

Service vs Protocol level banning:

Discussion: Should banning be at the protocol level?

  • Group consensus is leaning towards No

    From the perspective of a user, it’s added effort to have to block/unblock each service. A possible solution is to use activity streams to record block/unblock messages to ensure users’ blocks are respected when switching services.

  • Is banning really a social network-related activity - is it fundamental enough to keep at the protocol level?

    The answer to the above questions and the solutions’ pros/cons will determine the next steps. It’s best to keep blocks/unblocks as far from the chain as possible to give people the flexibility.

Design doc - Delegation Shannon Wells

  • Should we be able to add a delegate to an account without the delegate’s permission?

    There will be a wallet app feature that allows for browsing and selecting delegates for self - the wallet owner. This feature opens up the question of can you force a delegate to make announcements for you?

    Providing an end point where a service can be delegated to the users without the service’s knowledge, and can therefore be forced to send announements on the users’ behalf.

    Really, we want the service to decide which users can be delegated to it.

  • Why should a user pay to add a delegate?

    If the user opts into the service’s delegation, there could be a mutual benefit.

GDPR Requirements - User deletion

  • How to implement user deletion?

    The overall implementation of DSNP uses the pattern of ‘event sourcing’ where you have a list of events that we replay to get the end state.

    Event sourcing: Our system consumes the event, creates a view of the database, and the final state is computed for a display to the user.

    A possible hack: Essentially, any PII is stored as encrypted keys, and when a user wants to remove their information, we remove the relevant keys.

  • Need more information from the legal team to figure out what that means for our implementation