Idea related to peer-to-peer lending, and to increase returns on investment and decrease borrowing costs
Streamline the process of lending between users heavily invested in an internet community
One problem with P2P lending is the problem of scammers, dishonest people, and general “Parfit’s Hitchhiker non-payers”. However, if you have been involved in a forum or internet community, then you’ve built up considerable “community capital”. That investment helps to establish credit among the community members, but not with formal banks. So if you could put up your community reputation/karma as collateral for the loan, you could provide stronger evidence of willingness to repay the loan, and of costs you would suffer from not doing so.
The role of the entrepreneur here would be to make it easy for intra-forum lending to happen, in exchange for some kind of fee. Services would include:
Administering the karma-reductions/deadbeat labeling
Providing pre-made, time-tested contract formats
Acting as certificate authority for digital signing of agreements
Having network of local people who can take the time to pursue legal action if someone wants to go that route.
Mediation and verification that payments happened
If you can provide a way to ensure payment through these community mechanisms, you would allow borrowers to pay a much lower rate than credit cards would charge, and lenders to get much higher returns than the market allows. (Incidentally, I recently just made such a loan to someone I had known for ten years only through internet forums, and I just got his final repayment.)
Edit: tl;dr: Basically, an internet karma pawn shop (although it’s crucial that people not see it as simply a way of cashing in karma)
I’m not sure if this is implied by your bullet list, but security is going to be a challenge,and it’s going to be worse if internet reputation becomes more valuable.
The marketplace doesn’t say “oh, you have a forum account with eight thousand posts somewhere? Here’s some money,” it allows someone on the forum with eight thousand posts to lend money to someone on the forum with six thousand posts, because the two have some shared social capital.
It seems very similar to Virgin Money, but with the emphasis on internet social capital rather than meatspace social capital.
There have been cases of scammers impersonating ebay sellers with good reputations. If a good online reputation makes it easier to borrow money, I expect there will be attempts at impersonation.
I just meant anything that would allow someone access to the target’s online bank money.
There have been cases of scammers impersonating ebay sellers with good reputations. If a good online reputation makes it easier to borrow money, I expect there will be attempts at impersonation.
Good point. Fortunately, since this relies on the people being connected through the community, they can verify themselves through separate channels, which makes impersonation harder.
Good point. Fortunately, since this relies on the people being connected through the community, they can verify themselves through separate channels, which makes impersonation harder.
If you actually start this sort of a business, I strongly recommend involving someone who’s good at thinking about security. (Sorry, I don’t know how to recognize such a person.)
If there’s substantial money involved (not to mention opportunities for malice), there are going to be some very motivated people trying to steal reputations.
The sorry state of password security—people have accounts at so many websites that they’re more likely to reuse passwords, and techniques for cracking passwords have gotten a lot more effective.
I have five tiers of passwords. I use my top-tier only on sites where the password getting stolen could cause me significant harm—only a couple of sites meet this criteria, such as my bank login. I use my second high tier where the password being stolen would cause me significant inconvenience, and yet are still conceivably of interest to somebody else—such as the e-mail attached to my bank login. My middle tier is for websites with significant inconvenience and which I cannot identify an external interest, such as my Amazon account (which has my credit card information, but won’t send anything to an address that hasn’t been sent to before without reentering that information.) My lower two tiers are for websites which either cannot cause significant harm (such as a Diablo 2 account, when I stilled played—oh no, somebody stoled my stuffs! Big whup.) but could inconvenience me, or where I literally don’t care if somebody steals the account (such as my login for a dating site, or my login to pay my electric bill online, where somebody couldn’t order additional services or indeed do anything except… pay my bills).
I change my top two security passwords relatively frequently, and are a mixture of characters, numbers, cases (and where permitted, non-alphanumeric characters); the lower three tiers generally stay the same. The top two tier passwords are also only used where the institution itself has a strong obligation to prevent cracking.
I generally recommend this scheme, which limits the dangers of a cracked password, and makes it easy to remember passwords for most day-to-day stuff.
where I literally don’t care if somebody steals the account (such as my login for a dating site
Well, someone stealing your account on a dating site might impersonate you. I can’t think of an obvious reason why someone would want to do that, but I wouldn’t consider such a site (or, more generally, sites where I can communicate with other users, including forums or social networks) as bottom tier.
Additionally, two stage password protection if you are using gmail or any other service that allows it makes breaking into an account nearly impossible even with a relatively weak password.
Also, I am curious how many bits of entropy do you allow per tier; losing control of your main email account is a lot worse than most people seem to assume- The accounts I have seen which have had regular use often include a SIN and a fairly large amount of information which can be used for much more costly or malicious attacks than online banking provides.
I used a two tiered system at and 60 and 75 bits respectively, and if you actually want something to stay secure for any length of time against a GPU assisted brute force attack then you basically cannot go under 56 bits, which still only buys you a month against a good system.
I generally assume anybody who has the resources, expertise, and access to brute-force my password against a system is going to get in regardless of what I do, so I don’t worry too much about password entropy. If my bank can’t protect me against brute-force guessing, I am not going to believe they can protect me against a hacking scheme which bypasses my password altogether.
The weakest link in the chain is the one which breaks, and it makes little sense to forge one link particularly strong in case another link is particularly weak.
(Similarly, I always assume if somebody has physical access to my hard drive, they have access to its contents, regardless of what I’ve done to the hard drive.)
You mean in terms of it being a member-restricted lending institution, in terms of existing CUs using group social pressure to encourage loan repayment (which, if true, I didn’t know), or in some other respect(s)?
Idea related to peer-to-peer lending, and to increase returns on investment and decrease borrowing costs
Streamline the process of lending between users heavily invested in an internet community
One problem with P2P lending is the problem of scammers, dishonest people, and general “Parfit’s Hitchhiker non-payers”. However, if you have been involved in a forum or internet community, then you’ve built up considerable “community capital”. That investment helps to establish credit among the community members, but not with formal banks. So if you could put up your community reputation/karma as collateral for the loan, you could provide stronger evidence of willingness to repay the loan, and of costs you would suffer from not doing so.
The role of the entrepreneur here would be to make it easy for intra-forum lending to happen, in exchange for some kind of fee. Services would include:
Administering the karma-reductions/deadbeat labeling
Providing pre-made, time-tested contract formats
Acting as certificate authority for digital signing of agreements
Having network of local people who can take the time to pursue legal action if someone wants to go that route.
Mediation and verification that payments happened
If you can provide a way to ensure payment through these community mechanisms, you would allow borrowers to pay a much lower rate than credit cards would charge, and lenders to get much higher returns than the market allows. (Incidentally, I recently just made such a loan to someone I had known for ten years only through internet forums, and I just got his final repayment.)
Edit: tl;dr: Basically, an internet karma pawn shop (although it’s crucial that people not see it as simply a way of cashing in karma)
I would like to redeem my karma for USD.
Edit: or a loan or whatever the term is.
I have bought a small number of paperclips on your behalf
You’re a good human.
Jedd (at Berkeley LW meetup) says that prosper.com you can get 16% lending, its unsecured. Before the defaults its 37% - the 16% is after defaults.
Shannon suggests having a company that arranges loans for you based on whatever information you give them to evaluate. Silas says this already exists.
Jedd asks what size of loans? He thinks smaller loans are more likely to happen.
Scott points out you can aggregate lenders.
Kaitlin asks about Linkedin networks of loans—chains of connections to establish trust through social networking.
Jedd suggests making an AI to optimize loans on Prosper.
I’m not sure if this is implied by your bullet list, but security is going to be a challenge,and it’s going to be worse if internet reputation becomes more valuable.
The marketplace doesn’t say “oh, you have a forum account with eight thousand posts somewhere? Here’s some money,” it allows someone on the forum with eight thousand posts to lend money to someone on the forum with six thousand posts, because the two have some shared social capital.
It seems very similar to Virgin Money, but with the emphasis on internet social capital rather than meatspace social capital.
You mean in terms of keeping people’s information private, or exposure of financial access codes, or something else?
I’m not sure what a financial access code is.
There have been cases of scammers impersonating ebay sellers with good reputations. If a good online reputation makes it easier to borrow money, I expect there will be attempts at impersonation.
I just meant anything that would allow someone access to the target’s online bank money.
Good point. Fortunately, since this relies on the people being connected through the community, they can verify themselves through separate channels, which makes impersonation harder.
If you actually start this sort of a business, I strongly recommend involving someone who’s good at thinking about security. (Sorry, I don’t know how to recognize such a person.)
If there’s substantial money involved (not to mention opportunities for malice), there are going to be some very motivated people trying to steal reputations.
The sorry state of password security—people have accounts at so many websites that they’re more likely to reuse passwords, and techniques for cracking passwords have gotten a lot more effective.
I have five tiers of passwords. I use my top-tier only on sites where the password getting stolen could cause me significant harm—only a couple of sites meet this criteria, such as my bank login. I use my second high tier where the password being stolen would cause me significant inconvenience, and yet are still conceivably of interest to somebody else—such as the e-mail attached to my bank login. My middle tier is for websites with significant inconvenience and which I cannot identify an external interest, such as my Amazon account (which has my credit card information, but won’t send anything to an address that hasn’t been sent to before without reentering that information.) My lower two tiers are for websites which either cannot cause significant harm (such as a Diablo 2 account, when I stilled played—oh no, somebody stoled my stuffs! Big whup.) but could inconvenience me, or where I literally don’t care if somebody steals the account (such as my login for a dating site, or my login to pay my electric bill online, where somebody couldn’t order additional services or indeed do anything except… pay my bills).
I change my top two security passwords relatively frequently, and are a mixture of characters, numbers, cases (and where permitted, non-alphanumeric characters); the lower three tiers generally stay the same. The top two tier passwords are also only used where the institution itself has a strong obligation to prevent cracking.
I generally recommend this scheme, which limits the dangers of a cracked password, and makes it easy to remember passwords for most day-to-day stuff.
Well, someone stealing your account on a dating site might impersonate you. I can’t think of an obvious reason why someone would want to do that, but I wouldn’t consider such a site (or, more generally, sites where I can communicate with other users, including forums or social networks) as bottom tier.
Additionally, two stage password protection if you are using gmail or any other service that allows it makes breaking into an account nearly impossible even with a relatively weak password. Also, I am curious how many bits of entropy do you allow per tier; losing control of your main email account is a lot worse than most people seem to assume- The accounts I have seen which have had regular use often include a SIN and a fairly large amount of information which can be used for much more costly or malicious attacks than online banking provides. I used a two tiered system at and 60 and 75 bits respectively, and if you actually want something to stay secure for any length of time against a GPU assisted brute force attack then you basically cannot go under 56 bits, which still only buys you a month against a good system.
I generally assume anybody who has the resources, expertise, and access to brute-force my password against a system is going to get in regardless of what I do, so I don’t worry too much about password entropy. If my bank can’t protect me against brute-force guessing, I am not going to believe they can protect me against a hacking scheme which bypasses my password altogether.
The weakest link in the chain is the one which breaks, and it makes little sense to forge one link particularly strong in case another link is particularly weak.
(Similarly, I always assume if somebody has physical access to my hard drive, they have access to its contents, regardless of what I’ve done to the hard drive.)
Thanks.
I posted the link in response to a reasonable business idea which I think is vulnerable to other sites’ security being hacked.
This sounds a lot like a credit union.
You mean in terms of it being a member-restricted lending institution, in terms of existing CUs using group social pressure to encourage loan repayment (which, if true, I didn’t know), or in some other respect(s)?
Group social pressure is a commonly used tool in microfinance efforts. Might be worth reading about them.