Below are the contents of a document @ryan circulated with some initial thoughts as to definition of a Blockstack Appliction.
What is a Blockstack Application?
A Blockstack application:
Has you sign in with an identity you control
Stores and encrypts your personal data under your control
Uses cryptocurrency for payments
(Blockstack Transaction API)
Limits and clearly communicates the scope of behavior tracking and data logging
(Content Security Policy enforcement)
App developer doesn’t have access to your data
Lack of trusted third parties
Aspects of privacy:
Cookies that can follow me across sites
Third parties being able to see the apps I use
Companies being able to see my data in their database
I think a clear narrative is very important so that it consumers understand what they’re getting when they use a Blockstack App. A rating system makes it unclear what exactly a Blockstack App delivers. What it delivers depends on the rating and that requires investigation and thought on the part of the user.
Hypothetical: I build an app that uses blockstack auth and storage, and has enforced a content security policy, but I use Stripe because my current operations process is built around traditional payment systems. It would be a huge painpoint for me to switch to cryptocurrency for all payments. Is this no longer considered a Blockstack app?
Would definitely prefer badges with features that an app uses. A rating system implies a certain order which might lead developers to use some features the app just doesn’t need. Badges are more formal and meaningful than ratings
I like this list. I would add one point related to letting you own your digital assets and only using P2P payments. Could be something like this:
“You use blockchains for all payments and digital assets.”
Another point could be added if the app bundle is versioned and hashed and published to a decentralized domain name system. No apps on Blockstack would currently qualify for this but this is where we want to go.
Could also maybe combine the one about external API calls with the one about analytics software since they’re very similar.
Adding on to this… the four main points from my Blockstack Berlin presentation were:
Bring your own device
Bring your own ID
Bring your own data
Bring your own assets
Here’s a proposed updated set of 5:
You use Blockstack identity correctly (+1)
You use Gaia storage, encrypted where relevant (+1)
You use blockchain assets for all in-app payments and digital asset ownership (+1)
You never make external API calls that send user data to remote servers without explicit user consent (including analytics) (+1)
The app is loaded on the client as a hashed and versioned bundle that could be obtained from multiple sources (+1)