Creating local marketplaces with OpenBazaar

OpenBazaar is a global online marketplace for anything and everything. Unlike centralized marketplaces such as Amazon, Alibaba, Craigslist, eBay, Mercado Libre, and nearly every other online marketplace you can think of, OpenBazaar is a decentralized marketplace. Being decentralized means that there is no single company or web host that controls OpenBazaar. It also means that there is no single company or web host that can be targeted to shutdown OpenBazaar. This has some interesting benefits for buyers and sellers who choose to use OpenBazaar.


One benefit – perhaps the most important – is that there is ultimate freedom regarding what people can buy and sell on OpenBazaar. While centralized marketplaces are forced by law to have policies that restrict the types of items that people can buy and sell, and will often take down listings to enforce these policies, OpenBazaar has no such policies. In fact, OpenBazaar fundamentally can’t have such policies; even if the developers of OpenBazaar tried to build such policies into their software, the policies could easily be circumvented by end-users because the code that runs OpenBazaar is open source and freely modifiable. So in theory and in practice, users can create listings to buy or sell anything they want and the only way that their listings can be taken down is if their internet goes down or the computer they use to run the OpenBazaar software is turned off. And even then, there is a possibility that the listings stay online. OpenBazaar is very resilient against censorship and downtime.

Another benefit is that OpenBazaar users have a lot of creativity regarding how they use the marketplace to promote and discover products. Listings on OpenBazaar can be given tags such as “books” or “gardening” so that they show up in searches for these types of items. If users add the “Local pickup” shipping option and also put their location as a tag on their listings, for example tagging with a zip code and the name of their city or state, then it makes it easy for people in their area to find their listings, contact them, and plan to meet up for a local sale.

This turns OpenBazaar into an unstoppable alternative to popular local-focused marketplaces such as Backpage and Craigslist.

Here is an example of what such a local marketplace listing could look like with the appropriate tags:


With this, anyone looking for the book “An Agorist Primer” by the author Samuel Edward Konkin III in the Beverly Hills, California area could easily find it and meet up with the seller to buy the book in person with cash.

Although this use of OpenBazaar is not currently officially supported, OpenBazaar developers could develop this concept further and give users the ability to search for similar listings within a certain distance from their location, such as all zip codes or cities within 10 miles. This way users would only need to enter their location and a search term to pull up all similar listings near them and connect with their local buyers or sellers.

There are some products or services that may be legal in various jurisdictions but are still suppressed by centralized marketplaces for one reason or another. With the previously mentioned benefits of OpenBazaar in mind, here are a few ideas for local marketplaces for otherwise suppressed goods and services that could thrive on OpenBazaar if users add these tags and their location tags to related listings:

#bookfair – a local marketplace for buyers and sellers of books and comics

#glassmarket – a local marketplace for buyers and sellers of functional glass art

#localcoins – a local marketplace for buyers and sellers of digital currencies

#gunshow – a local marketplace for buyers and sellers of firearms, ammo, and accessories

#redlight – a local marketplace for buyers and sellers of sexual products and services

#silkroad – a local marketplace for buyers and sellers of cannabis and entheogens

… and many, many more local marketplaces like these are possible. Give it a try and let me know what you think about this idea in the comment section below.

P.S. OpenBazaar is not the only decentralized marketplace out there. Check out the full list I maintain of other decentralized marketplaces that you can try this out with. You are also welcome to add any decentralized marketplaces to the list that you think are missing by creating an issue or sending a pull request.

Tornado review

Last December I published “The State of the Art in Cryptocurrency Privacy“, based on a lightning talk I gave at an Aragon One offsite providing an overview of the latest and greatest cryptocurrency privacy techniques at the time. I was disappointed to report at the time that the privacy story for Ethereum, the blockchain used by Aragon, was not good:

the state of the art in cryptocurrency privacy(18)

I quoted geth core developer Peter Szilagyi, who said in his Devcon4 talk: “Privacy on ethereum is bad, really, really bad.” And I asked the question: zk-SNARKs when?

Well friends, less than eight months after publishing that blog post, I’m happy to provide a positive update: zk-SNARKs now.

Enter Tornado

A few weeks ago a tweet crossed my feed and grabbed my attention:

I was intrigued. The clean, minimalist interface seemed to have the important elements expected. But as it was a work in progress, I would have to wait to try it out. Then, a few weeks later, the Tornado touched down:

You can now mix ETH with zk-SNARK-based privacy at

The announcement blog post has some additional information about the app. My own caveats and feedback follows. Tornado also mentions some of the following points in their blog post and in the app itself, but it’s worth mentioning again here to drive the points home. Stay safe and remember this is beta software.

How to protect yourself when using Tornado

  • Don’t use the same IP address to withdraw as you used to deposit*
    • Worst is to use your personal IP address. Better is to use a VPN and switch servers. Best is to use Tor and reset the circuit.
  • Don’t use the same Ethereum address to withdraw as you used to deposit*
    • Use a new, unused address instead.
  • Don’t use Infura or another centralized node provider with your wallet*
    • Always connect your wallet to your own full node, or else your deposit and withdrawal addresses will be trivially tied together by the node provider and anyone who gains access to their data.
  • Don’t make a withdrawal via wallet and pay gas with an account connected to your deposit address.*
    • Save yourself the trouble and potential privacy leak, use the Tornado Relayer.
  • Don’t lose your note or you’ll lose all your money
    • Save the note in your password manager (you are using a password manager, right?)

* Doing things that damage your own privacy also damages the privacy of all other Tornado users by shrinking the anonymity set. Seriously, don’t do these things.

Some feedback/ suggestions for the Tornado devs

  • The app looks great. Seems intuitive enough. The essentials are there. Great job with everything so far. That said I think more can and should be done to prevent users from damaging their privacy and the privacy of others.
  • Consider using aragonPM to beef up security on your dapp deployments. (Read how we use it at Aragon here.)
  • If it must be web-based, consider running exclusively as a Tor hidden service (better for anonymity and security).
  • Ditch Infura. Run your own node (and auto-delete logs). Although Infura shouldn’t be getting any useful data from your users if they’re using Tornado properly, it’s better to not even give them the opportunity.
  • Reject entering the same withdrawal address as a previously used deposit address. Users should know better, but sometimes they need saving from themselves.
  • Open up the higher deposit amounts. At 0.1 ETH deposit amount, total fees to deposit and withdraw added up to 3.734% of the mixed amount when I paid the standard gas price.
  • User privacy is compromised by allowing users to connect with a centralized node provider like Infura on both sides of the mix (e.g. if their wallet uses an Infura backend for both the deposit address and the withdrawal address). I’m not really sure how to solve this. But it makes for an easy foot-gun scenario, so worth thinking about how to fix this, or at least warn users about it. Worth looking at how Wasabi deals with this.
  • Since there are other Ethereum providers than MetaMask (for example I use Frame as my daily driver) I suggest using “Ethereum provider” in place of “MetaMask” in the app copy to keep it generic. Or “Ethereum signer”, or “Ethereum wallet”… whatever more generic term makes the most sense to you. (We use “Ethereum provider” throughout the Aragon client.)

Remaining questions

  • Is there any advantage to using one’s own wallet vs Relayer for withdrawal? Might be easiest / safest to just remove the “wallet” option.
    • Answer: “It is there to make sure that users can withdraw their funds even if relayer is down.” (source)
  • How were the parameters for the zk-SNARK generated?
    • Answer: “For this beta version the setup was done on a single build machine, so you kinda have to trust that we didn’t save toxic waste… Currently there is no way to make a trusted setup for Ethereum BN256 curve, as soon as Gnosis and Matter finish working on it (soon) we will redeploy the mixer with a proper multiparty trusted setup.” (source)
  • When desktop app with local node + Frame support? 😀

Link: r/ethereum discussion

Email is probably the most popular decentralized messaging protocol. Add yourself to my email contacts if you would like to stay in touch!


A better app store

What would a new and improved app store look like? The Aragon App Center is in development so I’m excited to think about how we can improve on existing app store designs.

There are three new features I’d love to see:

Decentralized publishing

Today only one person is required to push the “publish” button, and this creates a central point of failure. What if multiple devs and community members had to sign off before a new app update was pushed? This could prevent problems like devs going on power trips or burning out and giving their publishing rights away to hackers. With a decentralized package manager it would be possible to require multiple sign-offs before a new app update is published. This update could then be cryptographically verified to be published by the correct author (see the next section).

Trusted publisher profiles

When I look at an app download page in an app store, how do I really know it’s being published by who I think it is? I might look at how many people downloaded it, or go to the download page straight from the publisher’s website (the address of which I got from another trusted source, etc). What if there was a way to trust the download page no matter how I arrived at it?

With trusted publisher profiles, that becomes possible. Publishers could publish proofs to their profile showing that they control certain website domains, social media accounts, and crypto keys. They can sign app install files using these keys so that I can trust that the file came from the right publisher. Various solutions like this exist but they aren’t adopted consistently and no app store that I’ve seen has been able to blend the freedom of decentralization with the security of trusted publisher profiles.

Cryptocurrency payments

I want to pay for good software. But I don’t want the app store to know who I am and I don’t want to worry about whether it can actually secure my credit card data. Besides, credit cards are an ill-suited medium for the <$0.99 payments I imagine for software installs and updates. It might not seem like much, but multiplied by thousands or millions of users and a developer (or team) that puts out consistent and consistently good app updates could make a good living off these small payments alone, not to mention any in-app monetization mechanisms.

I want to pay for good software and I want it to be fast, cheap, and private. Cryptocurrency is a great fit for this.

The State of the Art in Cryptocurrency Privacy

An abridged overview of production systems.

At a recent offsite with the Aragon One team, I presented a lightning talk about state-of-the-art systems for privately buying, selling, and using cryptocurrency.

A PDF of the slides is published here. The slides are pretty self-explanatory, so I’m sharing as-is. If there are any questions or feedback about the content, I’m happy to discuss in the comment section.

This slideshow requires JavaScript.

Email is probably the most popular decentralized messaging protocol. Add yourself to my email contacts if you would like to stay in touch!

Hundreds of media accounts were just deplatformed. The need for a decentralized web is greater than ever.

Over the past few days Facebook and Twitter have deplatformed hundreds of accounts with millions of followers in total under the guise of fighting “clickbait” and “spam”. The Washington Post reports:

Facebook said on Thursday it purged more than 800 U.S. publishers and accounts for flooding users with politically-oriented spam, reigniting accusations of political censorship and arbitrary decision-making.

In doing so, Facebook demonstrated its increased willingness to wade into the thorny territory of policing domestic political activity. Some of the accounts had been in existence for years, had amassed millions of followers, and professed support for conservative or liberal ideas…

Just one day after the Facebook purge, Twitter followed suit, deplatforming the accounts of alternative media outlets Anti-Media and The Free Thought Project. Sputnik International reports:

Anti-Media and TFTP aren’t automated bot accounts or spammers. They are run by US citizens who used the internet applications Twitter and Facebook to exercise their First Amendment rights. For that they have been punished — first by Facebook, now by Twitter.

I have friends who were caught up in these purges. Their audiences have been significantly reduced because of this deplatforming. I am generally opposed to “censorship” by media platforms, preferring that readers use their power to mute or block content they do not like rather than have their web browsing experience curated by paternalistic algorithms and “content moderation” teams.

That said, we have to recognize the reality of the situation we find ourselves in: Facebook and Twitter are platforms owned by private companies who have the freedom and the right to deplatform any content they do not like.

The alternative is website owners being forced by the State to host content they disagree with, which seems even worse than the status quo. Hypothetical Lockean squatters rights aside, today’s legal regime supports a company’s right to moderate content off of their platform. So what can we do to protect ourselves from sudden deplatforming by social media administrators?

We get rid of social media administrators.

The future of social media, and the web itself, is decentralized. The same way bitcoin is a decentralized, open protocol that enables anyone to send and receive money without intermediaries, social media platforms will become decentralized protocols that enable anyone to publish and read without intermediaries. The web gets us most of the way there, but there are still vulnerable choke points, such as centralized servers that host content and the ICANN-owned domain name system that routes web requests.

The decentralized web is removing these choke points and replacing them with open protocols that advance the vision of the web’s inventors and early pioneers. Platforms like Blockstack and Ethereum are taking the vision of the web and building in censorship resistance that is stronger than anything possible with the technology of prior generations.

Using BNS and ENS, you can own a domain name that no corporation or government can take away from you. Using Gaia and Swarm you can self-host and back up your content on multiple geographically diverse hosts, preventing take-down by would-be censors. And rather than rely on the good graces of payment processors like PayPal to earn your keep on the web, you can get paid for your content directly by your fans using Lightning and Connext.

Putting this all together, what does the decentralized social media platform of the future look like? It could look like Afari, a Twitter-like application built on Blockstack:


Or it could look like Akasha, a Medium-like application built on Ethereum:


To be sure, it’s early days for these platforms, so they’re not quite ready for prime time yet. And in all likelihood, they could go the way of previous decentralized platforms that attempted to take on the centralized social media giants: at best a niche curiosity, at worst abandon-ware that gets buried in the graveyard of failed projects.

But what this new breed of open protocol-based platforms represents is a turning technological tide, where users don’t have to be sysadmins to take control of their data, where interfaces are familiar and functional, where censorship and deplatforming are nearly impossible. In this world, publishers can post without fear and have a direct relationship with their audience, secure in the fact that no third party can unilaterally take away their online voice and reach.

If you have any motivation to help – whether with design, development, documentation, or testing skills, or even just providing moral or financial support to these projects – I urge you to get involved. The decentralized web wasn’t mature enough yet to save the hundreds of accounts that were just purged by Facebook and Twitter and the many that have been purged before. But maybe, with your help, we can prevent something like this from ever happening again.

Reach out any time through my contact page or the comment section below, let me know how you’d like to help, and I’ll try to point you in the right direction. You can also click through any of the links to projects mentioned above to get in touch with them directly.

Thanks to all involved with organizing and supporting the Decentralized Web Summit.

Email is probably the most popular decentralized messaging protocol. Add yourself to my email contacts if you would like to stay in touch!

Blood money

Modern society has an uncomfortable, often contradictory relationship with “blood money”. Here, I use the term “blood money” to describe money that is either gained through the use of violence/ threats of violence (coercion), or comes directly from an individual or organization that employs such tactics as a matter of course. For example, money from a kidnapping ransom or money that comes from a murderous crime syndicate.

At first glance, the issue would seem to be without controversy. Most people would probably say that blood money shouldn’t be knowingly accepted by people who want to keep their conscience clean. There are even laws in place that reflect these values, such as “Know Your Customer” and “Anti-Money Laundering” laws that exist to prevent criminals from using the financial system.

And yet, upon investigation it would appear that society’s aversion to blood money is more rhetoric than reality. This is perhaps due to how deeply blood money has penetrated society, how thoroughly violence and coercion have permeated society’s customs and norms, to the point where in response to breaking the law, as Mike Gogulski has pointed out, “the penalty is always death“. Thus blood money becomes inescapable as it circulates through the economy. Nobody’s hands are completely clean.

This blog post was prompted by a tweet that came across my feed criticizing Elon Musk for suggesting that he could finance taking Tesla private again using money from Saudi Arabia.


Already well known for their public executions and stifling of dissent within the Kingdom, Saudi Arabia is currently under investigation for allegedly sending a “killing team” to Istanbul to murder a Washington Post journalist inside of the Saudi Consulate.

As a primarily deontological ethicist, I sympathize with the point of view expressed by the tweet’s author towards Elon Musk. Back in 2016, I myself took a similar jab at Uber:


And yet at the same time, I also sympathize with the Elon Musks and Ubers of the world, at least when it comes to this specific issue. It’s easy to fall into the trap of coldly calculated consequentialism when you’re making big decisions that affect millions of people and involve the cooperation of thousands of others.

How discerning can you be about the moral purity of your employees, your partners, your investors when you’re dealing with numbers that big? In a world where society runs on blood money, the only choice it appears we have is how dirty we allow our hands to get. It’s impossible to completely isolate oneself from evil, given the totality of modernity. This is evidenced by the vanishingly small number of “uncontacted peoples” left on Earth.

Thus it seems that no one can be pure, and at best we can only negotiate about how bloody we allow our hands to get before we invoke the moral judgement of our peers. As much as we want the issue of blood money to be clean and simple, black or white, it would seem that all of ours hands are dirtied by shades of gray.

Faced with such a reality, the best choice appears to be a mix of deontological ethics and consequentialism: commit to a limited number of specific values (for example, don’t murder, don’t steal, the “golden rule”) and then try to optimize for the best outcomes. Sometimes that may mean tolerating or even partnering with others whose actions run counter to those values, as in the case of Tesla taking money from Saudi Arabia. While Elon Musk might never murder a journalist with his own bare hands, he will tolerate taking money from someone who has in pursuit of a larger goal. For Musk, the ends would justify the means.

I’m reminded of a quote from philosophy professor Will MacAskill on the 80,000 Hours podcast. He says:

…[I]t seems like given the obvious analogy with decision making under empirical uncertainty, we should do something like expected value reasoning where we look at a probability that we assign to all sorts of different moral views, and then we look at how good or bad would this action be under all of those different moral views. Then, we take the best compromise among them, which seem to be given by the expected value under those different moral views.

Elon Musk might make the decision that, while he would prefer not to finance his company with blood money from an organization that murders people, he expects that the outcome will be a net improvement over the outcome if he didn’t take the blood money. He can’t do nothing – everyone has to act, action means decisions, decisions mean consequences, and so we must try to act in a way that leads to the best possible outcomes.

So Musk decides, I’m not directly harming anyone by taking the money, in fact I’m using the money to help people, and I’m not responsible for how the Saudis use the returns on their investment in Tesla, so I will take their blood money and use it to make the world a better place. (Of course, this is hypothetical; I’m not sure what Elon Musk’s real justification for taking the money would be.)

In a poll I started in response to this issue, respondents were nearly evenly split on the question of whether it is morally wrong to accept blood money in the pursuit of noble goals, with those answering “no” only narrowly coming out ahead and about a third of respondents abstaining from the question altogether:


Written responses ranged from “Yes it is morally wrong because it legitimizes bad behavior” to “No it is not wrong to take the money but it is wrong to pay it back” and finally “The ends justify the means”; essentially samples across the whole spectrum of possible answers. And I’m not sure any one of them is the “right answer”.

I ask myself if I would take the blood money. Regardless of what I’d intend to do with it, I feel certain that the answer would be “no”. But then I wonder, what about blood money two or three steps removed from the source? How faded would the blood on the money have to be for me to feel comfortable taking it?

And for that question, I don’t have a good answer.

Email is probably the most popular decentralized messaging protocol. Add yourself to my email contacts if you would like to stay in touch!

New year, new job 2018 edition

I have some exciting – if somewhat belated – news to share. As you could probably tell from the title of this post, I have a new job. In November I accepted an offer to join the Aragon team as their new Community Lead!


Aragon is a project that I have been following since I first met the co-founder Luis Cuende at a Blockstack meetup in San Francisco. I was excited when they released the alpha version of their testnet client in early 2017 and blown away when they went on to raise $25 million later that year in the fourth-largest crowdfund and the second-largest token sale at the time.

After leaving Abra in July 2017, I took a few months off to explore the cryptocurrency space and see what other opportunities were out there. I considered several offers but kept my options open. The market had changed significantly since my last job search less than a year earlier. One significant change was that there were many projects outside of the Bay Area hiring for remote positions. Aragon was one of those projects.

I reconnected with the Aragon team while I was attending the Crypto-Economic Security Conference in Berkeley, CA. Zooko Wilcox, CEO of Zcash, knew I was looking for a job and had generously offered me one of the tickets his company was given for sponsoring the sold-out event. I accepted the ticket and went to the event, looking forward to meeting new crypto people in the Bay Area and watching interesting talks by the presenters.

I was surprised and delighted to meet María Gómez, Strategy and Operations Lead at Aragon, in person at the event (we’d previously met online while I was working at Abra). María asked what I was doing at the time. I told her I was looking for a new full-time gig, something in a marketing or community role. She told me that Aragon was hiring a Community Lead to replace their then-Community Lead Tatu Kärki, who was transitioning into a Communications Lead role. The rest, as they say, is history.

Within a few weeks, I had gone through several rounds of interviews and flew to Finland to do a trial week with Luis and Tatu. We worked on several community projects throughout the week, and on what would have been Thanksgiving day in the US, they offered me something to be extra thankful for: an opportunity to join the Aragon team as their new Community Lead. I gladly accepted, and have been dutifully serving the Aragon community ever since. Join us!

P.S. Aragon is hiring!

New job FAQ

Congrats on the new job! What does Aragon do?

Thanks! Aragon is building a platform that makes it easy to create and participate in Decentralized Autonomous Organizations, or “DAOs” for short. In the future, the Aragon project itself will be run as a DAO on the Ethereum blockchain. The Aragon DAO will be governed by holders of Aragon Network Tokens (ANT), an ERC-20 token that was sold in mid-2017 to raise the funds needed to develop the Aragon software.

Is $ANT a good buy?

Maybe! DYOR.

What’s it like being part of an Ethereum project?

Although I’ve been following the Ethereum project since its inception in 2013, I haven’t been closely involved since the very early days. After leaving Abra I took some time to explore all the projects that have formed in the ecosystem in the intervening time. Many of the smart contract applications that first got me excited about Ethereum have begun to come to fruition, including p2p prediction markets, asset exchanges, gambling platforms, and, my personal favorite, DAOs. This, along with the amazing team that Luis and Jorge have assembled, is what led me to join Aragon.

Now is a very exciting time to be involved in the open-source cryptocurrency community. There’s no shortage of funding for extremely ambitious projects, including important blockchain research and development work. It seems like the only limitation right now is the supply of engineering talent and the imagination necessary to build the p2p future so many of us envision. I’m excited to help Aragon overcome these limitations in our own community and share what we create with the broader p2p ecosystem.

Are you still working with Bitseed?

Yes! I think 2018 will be a big year for Bitseed. We have started shipping orders for Bitseed 3, the next-generation version of our plug-and-play bitcoin full nodes. And we’ll also soon be relaunching our developer community so that devs who are interested in helping us improve Bitseed have an easy way to get involved and work together.

The kind of projects I’m really excited to work on with the Bitseed community include adding support for Layer 2 protocols such as Blockstack and the Lightning Network. Then Bitseed owners could have a node that not only secures their bitcoin transactions, but can also resolve decentralized domain names for them or even earn bitcoin by providing liquidity to the Lightning Network. Future work could even include using the node as a decentralized storage device or a crypto-incentivized mesh router. The possibilities are endless.

If you’re interested in helping us with any of these projects, please get in touch.

So what’s next for John Light?

Bitseed 3 ships this month, the Bitseed developer community relaunches shortly after, and Aragon goes live on Ethereum mainnet sometime in Q1/Q2 2018. I’ll probably be traveling a lot for Aragon community events this year, so if there are any cool crypto events you think I should be at let me know in the comments below or ping me on Twitter or @light in the Aragon Chat.

Email is probably the most popular decentralized messaging protocol. Add yourself to my email contacts if you would like to stay in touch!