Add "expert opinions" with clear accountability

WalletScrutiny is most certainly getting under fire for every "soft" security issue. With "soft" issue I mean issues that are not obviously backdoors or broken cryptography but things like:

  • app has 80MB from custom code
  • app depends on fringe libraries that don't get much scrutiny
  • app uses dependencies from fringe maven repositories
  • app code is convoluted everywhere
  • app code is undocumented in a fringe programming language
  • ...

and not only do I expect projects to fight warnings about those, I also expect experts to disagree on them.

WalletScrutiny should not fight against wallet devs or favor some security expert opinions over others.

Security experts could submit signed lists of issues such that WalletScrutiny can load them, attribute the warnings to experts and their profiles and allow the user to filter by expert, last update, expert count, ...

Experts could agree on issues: If they sign the same warning regarding a certain wallet, the warning would get weighted accordingly, listing both/all agreeing experts.

A first implementation should be very accessible for experts in order to get them on board. Maybe per wallet just:

  • Sentiment: {I generally dislike this wallet,I generally like this wallet,undecided}
  • The Good: (list of comments)
  • The Bad: (list of comments)

The site could display the sentiment average and comment counts.

Long term it would probably be beneficial to split this into categories so that a general bad rating (due to usability) doesn't get too much weight for people who only care about security and privacy.

Edit: A TODO list from a comment below:

Implementation details:

  • Expert Opinions will be developed as a stand-alone plugin here
    • WS will embed that plugin
    • the plugin will cache calls over multiple tabs or multiple widgets in one page seamlessly without duplicating net load
    • the plugin will expose some structured data, at the minimum a score of negative/neutral/positive that we can use to rank products
  • WS maintains
    • a list of accredited experts and their affiliations
    • affiliations of the experts will be shown on all their contributions
  • The plugin allows
    • Account creation
    • Account login
    • nip-07 login
    • Rating of products negative/neutral/positive
    • Markdown commentary with generous size limit
  • Plugin implementation
    • "opinions" are stored as extended nip23 long form posts
    • the WalletScrutiny style application ID is used as discriminator d-tag: ["d","android/com.mycelium.wallet"] for parametrized replaceable events
    • The simple overall sentiment rating is given as a sentiment-tag: ["sentiment","-1"]
Edited by Leo Wandersleb