Laissez-fAIRe BnB

Airbnb does a great job at providing a service.

They connect hosts and guests, track and connect reviews to users, facilitate payment, and handle disputes.

They also play by the rules. This means they try to comply with every locality in which they operate, particularly those with “hotel” taxes.

In some areas, Airbnb cooperates directly by adding the cost of the tax to the price. In others, Airbnb is compelled by legal proceedings to provide user information, and complies.

Regardless of their respect for your privacy, Airbnb is required to comply with legal subpoenas.

You don’t use Airbnb? This isn’t just about them.

There are wide and varied types of commerce that are taxed or regulated by agencies from HOAs to boards to cities to counties to states. Selling cookies at a middle school bake sale, trading baby toys on a facebook group, bartering goods or services on craigslist, all may incur fines, penalties, taxes, or legal action at one or many levels of government.

Basically, everyone wants a piece of the pie, and submitting (or selling!) who sold and bought what piece is unavoidable.

Regardless of their respect for your privacy, facebook, gmail, craigslist, and airbnb will be compelled to send the IRS, a district attorney, or police agency all your posts or messages about selling or trading items which they regard as taxable, regulated, or illegal.

Or what may, a year from now, be taxable, regulated, or illegal.

Instead of arguing about what should or should not be taxed, lets give these companies, who simply want to provide a service, a break.

Lets make them blind to our actual identities and/or transaction specifics.

Imagine Laissez-faire BnB.

Faire BnB establishes user identity a little differently, since it can’t fall back on a government ID. It would create a code of some kind that would be a failsafe recovery for your user ID.

The code could be 348915-129517-7503822, it could be “John has a long mustache,” it could be x1wGtubJUxiDwn3focfhJ4, it doesn’t matter, so long as it’s unique and difficult to guess.

You would store this code safely (possibly physically), as it would be your only means of recovering your account if you forgot your password or otherwise lost access. If you lose it, there’s no good way to reestablish identity, and you might as well start a new account. If your account is compromised, you could request Faire BnB validate your hijacked account, which would compel the hijacker to provide the code or have the account disabled.

This would allow Faire BnB to confirm your identity and feel confident associating reviews with users without fear of account hijacking for fraud.

Once your user ID is set, you can set up your profile with specifics of the room, availability, and prices. However, your personal profile and location would be less specific.

Something like: 20-something IT professional residing near the intersection of main and first in Lexington Kentucky.

Then a guest who established his account the same way, would use Faire BnB to check availability in Lexington for a certain date, find your room, look at pictures, profile, and reviews, and sends a request to rent your room.

You look at the request details, the user profile, and the user’s reviews, and accept the request.

This lets Faire BnB know that a transaction has been agreed upon and will accept complaints or reviews for this exchange.

Faire BnB now opens a line of communication between these two users by a built-in private messaging system. This is where things get a little tricky…

Because Faire BnB doesn’t need to know (or want to accept the liability of knowing) the specifics of the users’ identities, it has to allow communication that it can’t read.

This means encryption; which is basically using a code to change a message so it can only be read by people with the code.

Your message: “My name is Bob Evans, my address is 762 3rd Street. Call me at 859-223-3006.”

Encrypted with the code it becomes something like:

V2VsbCBub3csIGRvbid0IHlvdSBmZWVsIGNsZXZlcj8gSSBob3BlIHRoaXMgd2FzIHdvcnRoIHlvdXIgdGltZS4=

This is what you send across Faire BnB’s messaging system, so if they are ever compelled to submit the communications between you and your guest, this is all they will have.

To read this message you need two pieces: the code, and the encrypted message. If you have both parts, you can read the message.

But how does your guest know the code, and reply the same way easily?

Faire BnB has your encrypted message, so a different service needs to send the code over.

Now, imagine a code service that provides a code and a decrypt button.

You use Faire BnB’s messaging to send your guest a link to that page, and he clicks it and gets a page with an empty box and a decrypt button.

The guest copy/pastes the encrypted info into the empty box, clicks decrypt, and gets your message.

Since the decryption takes place on his browser, not on the code service’s server, the code service never knows what data you decrypted. It just knows your code, which expires automatically or overwrites with normal use.

If he signs up for the code service, he can read and keep a history of the conversation. If not, the messages can only be read once before they’re replaced by a new code for the next message. A kind of self-destruct.

So, your guest reads your message, and clicks reply. The code service makes a new key for the response, and he types in, “Sounds good, I’ll be in around 7:30pm.”

The result is something like this:

http://codeserv/E7wf2S8
VGhlcmUncyByZWFsbHkgbm90aGluZyBoZXJlLCBkb24ndCBib3RoZXIu

Which he sends to you via Faire BnB messaging.

Faire BnB has the encrypted data and a link that doesn’t work after someone has clicked it, and the code service only has a code.

Specifics have been exchanged between the users, neither Faire BnB nor the code service can read your messages, and it’s not possible to retrieve the specifics unless someone was actively listening to you or your guest while you were reading them.

I call this Blend-to-End encryption, because you are blending services to send the message pieces (code and encrypted message), and each service is “blind” to the readable message.

All of this would still apply if you were using the code service for chats on facebook, emails, or even broadcast tweets.

Faire BnB charges you a flat rate (or percentage since the value without identity is not compromising) for connecting you with your guest, and lets your guest write a review of your room, and you can review your guest as well. Both reviews will be published after Faire BnB receives their payment.

In the event of a dispute, Faire BnB can arbitrate but can not offer financial restitution. Instead the recourse will be an official review attached to your account, which indicates the issue, and Faire BnB’s decision of fault. Though financial restitution may be possible through a semi-anonymous escrow service, paypal gymnastics (plus lots of time to avoid chargebacks) or using bitcoin.

Speaking of bitcoin, it would allow escrowing as mentioned previously, and could double as an identification service, because bitcoin allows you to use your “account number” to prove you sent a message.

Laissez-faire BnB doesn’t exist yet, and I don’t know of any efforts to create it, but I am in the process of working on the code service described here. The simple version described here, with no history or account will be free. It’s an AES128 javascript implementation, with optional key joining with a user passphrase to eliminate the trust requirement to the code service. It is not PGP, it will not beat the NSA, but it will make reasonably secure encryption accessible to your grandma.

This is not much more than some earnest brainstorming, I’m sure there are things I haven’t thought of, so feel free to point them out in the comments.

© Copyright applies, details in sidebar

Advertisements
Laissez-fAIRe BnB

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s