-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Meeting Notes / Project Diary #1
Comments
Profile will be stored on the client side. This makes it possible to gather more relevant details. How to transfer the profile to the advertiser without revealing too much details. Ways to
Exposé,
|
https://www.adex.network https://adbank.network/ |
Research proposal as expected. Presentation:https://www.snet.tu-berlin.de/fileadmin/fg220/theses/master-snet_169.potx |
Feedback on slides: Problem & statementDefine definitions MotivationExplain problem with current systems, EvaluationAdd performance Related workMaybe crypto paper |
Some feedback from Prof. Dr. Küpper:30 minute agressive monologue about:
Current considerations:
Questions to Philip:
|
|
Discuss with Philip the possiblities of the Lightning protocoll. The problem is that there is no web based implementation of the lightning protocoll (yet). So for now we will use the node-launcher project which will run a lightning node on the computer of the user. This client is accessible via a REST API and features a lightning wallet. In this new approach, we will stick to the existing infrastructure, but our javascript library will talk to the node-launcher instead. This makes it possible to build a fully working prototype, however, we need to drop the zeroconf idea and turn it into a 0.5 conf prototype. |
Did some further research on the Lightning protocol. Current decision. Generate the invoice on the fly using the macaron of the publisher. |
Invoiceless payments. |
Coming feature to LND Accounting-based macaroons, which can make an instance of lnd act almost like a bank for apps: for example, an app that pays to consume APIs whose budget is limited to the money it receives by providing an API/service |
Discussion points Philip:
|
The fact that this prototype will work with the bitcoin mainnet is a major advantage. Plugin or website -> none of them. Decided that we will built upon the node-launcher system and just expose an arbitrary http port in order to communicate with the publisher. |
Problem IDiscussed the problem with keysend and gRPC. We can use the standard CLI as a fallback. Possible solution to prevent batch domainname fraud could be the mandatory use of real SSL certificates (non let's encrypt). |
Further research on certificates: Domain is like, Letsencrypt only validates that someone is the owner of the domain name. Certificate validation can be performed easily by doing a cURL request from Python. |
Problem I with gRPC solved. Turned out that the preimage can be created by generating 32 random bytes and the payment_hash is just a hash of the preimage. Now a simple flask web server is running with one endpoint that supports requesting 10 satoshis |
Questions to Philip:
|
iightning-sprinkle-server is now working with the adjusted reward system. Reward systemSet a The bucket is filled every minute with the This system makes it impossible to steal all your coins, but only up to the Localhost and port numberThe webservice in bind to Next stepsThe next step will be to implement the publisher-library, which will be written in vanilla JS, in order to keep it small and it won't affect the page speed that much. |
Problem IICurrent problem has to do with mixed content. We are not allowed to request our http service, if the publisher domain is on https. There might be a couple of possible workarounds:
I have verified the trick from number 6 on github pages, which works, so that we don't have to setup a separate server and everything can stay on github. |
Attack vector IRight now the system relies on an image that is requested on localhost. However, someone might spam an embedded image of the url all over the internet in order to get paid themselves, not the publisher. Possible solution ARequire the publisher to register a subdomain containing the pubkey, e.g. spiegel.de has to register: Possible solution BAdd a TXT record to the DNS which contains the pubkey. Therefore an empty request is enough and Python can find out the pubkey using a Domain Information Groper. This limits the authorization to request a payment to domain-owners.
DNS records can easily be fetched using: |
Feedback Philip:
|
Problem IIIReferer is not sent if the publisher's website is accessed over https. Edit: solved: |
Just created the certificate checker. Turns out that the type of certificate is stored in the Certificate Policies extension. If there is a '2.23.140.1.2.2' or '2.23.140.1.1' property present, we are dealing with an OV or EV certificate. This is now embedded in the |
Last night I was thinking about the approval of the payment. Right now: I would go for something like this:
|
Attack vector IIClickjacking: Iframes are vulnerable to clickjacking. Possible solution. Show the message from Python with QT, however this makes the experience less seamless. |
Just requested a real Google Adsense account in order to create a working example. It seems to be possible to hide adsense in a later stage: |
Now we are communicating via an iframe, it might also be possible to communicate via messages, which makes the hack from Problem II not needed anymore. myIframe.contentWindow.postMessage('hello', '*'); window.onmessage = function(e){
if (e.data == 'hello') {
alert('It works!');
}
}; |
Setup ads on the example page. However somehow my browser is also blocking adsense with my adblocker disabled. In the VM it works perfectly. Never been so happy to see an ad. Next step is checking if we can disable the ads after pageload. |
$('.adsbygoogle').remove() Seems to do the trick Next step is to setup an example publisher website. Considering Wordpress or just some static HTML. |
Stumbled upon a nice template, but it was not licensed. Asked the owner for permission: Later on, I found the original template, which has a MIT license: Will go with the WTFNews template, thanks @imshashikantdev |
Packed homepage full with ads, thanks @google |
Problem IVChrome does block mixed content, which means we cannot load an iframe with localhost embedded. Possible solutions:
Will go for the new window now. Seems to work fine. function requestPermisison() {
const y = window.top.outerHeight / 2 + window.top.screenY - ( 500 / 2);
const x = window.top.outerWidth / 2 + window.top.screenX - ( 400 / 2);
return window.open('http://localhost:28373/request-permission', 'Lightning-Sprinkle', 'toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, noreferrer=no, width='+400+', height='+500+', top='+y+', left='+x);
} and <meta name="referrer" content="origin"> In order to find out the hostname of the publisher. Next steps:
|
https://github.com/lightning-sprinkle/lightning-app Seems to be much more easy to use, because it does use neutrino as a bitcoin node, so that a real btc node is not needed anymore, if I understand it correctly. Let's see if we can translate everything that we have in Python to JS and bundle it nice to an appimage and .exe |
Wil check if we can run an express app inside the lightning-app. If yes, will discuss it will @philip-raschke next week. Then it will just be a matter of translating the flask application to express. Edit: |
Right now, I will focus on the the JS lib for the publisher. So that we have a working prototype. |
https://gist.github.com/bellbind/f65f78a35bbbd4917a8ae4a6b18c5012 Electron supports apps in tray, so this makes it even better. |
i still think the electron tray application would be a cool proof of concept. However, is is a lot of work because you need to implement a complete wallet. Even things like setting it up an presenting the recovery passphrase are required to run a lightning node. One possible solution would be to just fork the lightning-app and bake it all into that app. But that means that you need to run an extra app. Right now I am exploring the possibilities to kind of link the tray application to the lightning-app so that they can work both simultaneously with the same wallet. |
Something that came to my mind right now: Why not extend this system to any type of media and also embed it into the piracy "industy"? You could even lauch a decentral Spotify. Something else: It might also be very interesting how Spotify determines the amount that is being paid to the artist. They follow a similar model where you pay an x amount per month, which is distributed across all artist of the songs that have been played. |
The moment you realize that the paper about paywalls that you are trying to read... is behind a paywall. |
Reached out to the thesis director of this thesis and asked for the PDF: Seems to be the only scientific paper about the Basic Attention Token that is written by a third party. |
Feedback related work: Rule of thumb 50 papers Focus on the other chapters first. Timeframe: one chapter per week Performance: Quality of experience usability 2 systems: node launcher und other client |
Decentralized revenue sharing |
What's next:
|
Thesis defense structure:
|
Feedback Philip A lot of bullet points, max 3 Problem statement & motivation Disruptive technology Explain big picture in design beginning |
https://hackernoon.com/datx-a-blockchain-powered-decentralized-advertising-ecosystem-71fb944b02ea
https://www.petsymposium.org/2011/papers/hotpets11-final3Bilenko.pdf
http://adresearch.mpi-sws.org/privad-performance.pdf
Click fraud
The text was updated successfully, but these errors were encountered: