if this were a blog post, what would the title be? what's the theme?

here are our guesses for why this should exist. here are some obstacles (that we can think of) to getting it exist.

more notes about cydia stuff

so an idea for bazaar-like results on jailbroken ios: set up a package like "iRepo" (linked above) that includes a lighttpd configuration file and depends on lighttpd ( http://cydia.saurik.com/info/lighttpd/ ), ask people to turn on "personal hotspot" ( http://support.apple.com/kb/ts2756 ) to share over bluetooth, and then ask people to add the device as a repository. if they have a phone that doesn't already have personal hotspot (some carriers don't support it), they can install a package that enables personal hotspot, like tetherme (which is $5). also possibly vaguely interesting for prototyping: https://code.google.com/p/cydia-ios-lighttpd-php-mysql-web-stack/

Could be interesting to document how to do this and share the link in the jailbreaking community (such as by linking it on http://www.reddit.com/r/jailbreak/ ), to see if people are interested in it and have ideas for how to use it - cheap customer validation.

fitting what people want

How do we encourage the use of Bazaar?

one friend is interested in easy developer-to-phone app distribution (along with easy friend-to-friend app distribution)

Who can we find to talk to who would actually want to use this, to find out what they would find useful? (informal customer validation)

Seems hard to find people to interview who have limited internet access, since they have limited internet access - argh. Or people who only have access to sketchy app stores, since they probably don't speak English - argh.

User stories: https://dev.guardianproject.info/projects/bazaar/wiki/User_Stories

Promote it as a safe alternative to sanctioned/blocked app stores (contextual) and the sketchy sites, which most users already suspect of being filled with malicious apps (or maybe they dont). A few examples of malicious apps dowloanded from random webistes might promote users to use Bazaar. Connecting with trusted groups in the diaspora with community outreach to promote and vet Bazaar. Use cureent trust networks in the diaspora.

Bazaar can also be used to distribute apps that are no longer on the app store but are still installed on some user's devices. The FlappyBird use-case?

Encouraging the uptake of "run your own" F-Droid repositories:

Cydia has a distributed community with 1000+ individual repos. Repositories as a first-class feature of the cydia app. F-Droid repository support is largely vestigial, and as a result few individual repositories have been created.

A lot of the large independent Cydia repositories are language-specific; the default/core Cydia repositories are fairly English-specific, so jailbreakers who speak other languages self-organize and run their own repositories and forums.

explanation for why we care about the below social/technical trust questions

Decentralized peer-to-peer app distribution introduces lots of room for people to modify and distribute apps with malware added. We want people to be able to check, with some reasonable amount of confidence, that they're using an app that hasn't been tampered with to add malware or evil government stuff. Bazaar requires users to allow "installation from third party sources", exposing them to threats not otherwise present if the user only installs applications from the Google Play store.

Assuming that some of the current apps are malicious (downloaded from random websites do to sanctions and censorship), this could enhance promotion and trust in Bazaar as an Alternative.

social forms of trust

What are the existing social structures + social media sources that people will be using alongside Bazaar? (How do we build on existing trust networks?).

How can we exploit the "trusted techie" angle. If one technically sophisticated individual is bootstrapping friends it is likely those friends defer to the technical user for questions of trust/safety.

Using trusted networks and organizations in the diaspora. Students and individuals travlleing back to home countries.

What does the "information" page for an app look like?

Examples of already established social structure and practices of peer to peer sharing. Especially offline methods that are more accessible and widely used to exchange other forms of information.

Where does this information come from?

Will Bazaar run some kind of centralized web site to help provide information? (languages)

Maybe a guidline that can also be shared among users, emailed?

technical forms of trust

How do users verify that an app is one they can trust? (What kind of signature checking/verifying is readable/usable for people?) How do we deal with people having different legitimate versions of the same app, causing different signatures?

How to solicit information about app signatures/sources?

An issue from many other projects: signature mismatches are usually innocent technical errors with setup for repositories and packages, so users learn that these errors should be ignored, even if they have scary language. (On Android it isn't possible to install apps without a signature, but debug keys will often be used accidentally)