Sovereign Marketplace

The Sovereign Marketplace is the economic engine of Made Open. It enables users to capture the value they create — selling their data, skills, time, and goods — on their own terms, without a corporate platform taking a 20-30% cut and monetizing their behavior in the background.

The Problem

Corporations currently extract massive value from user data without compensation or consent:

Facebook profits from your social graph
Google profits from your search history
Amazon profits from your purchase patterns
Fitbit profits from your health data

Users generate 100% of the data. Corporations capture 100% of the economic value. The marketplace inverts this.

The Vision: A Sovereign Economy

A sovereign economy has these properties:

User-owned: Users own the data and assets they sell
Trustless: Smart contracts execute transactions without requiring trust in a central intermediary
Privacy-first: The Privacy Engine strips PII before delivery; raw data never leaves the user's environment
Decentralized discovery: Listings propagate peer-to-peer via ActivityPub; no central marketplace server
Verifiable trust: Reputation is built on cryptographic credentials, not subjective platform ratings

Four Listing Types

Type	Examples
Data Product	Anonymized location data, purchase history, health metrics, social graph
Service	Consulting, tutoring, software development, design, translation
Physical Good	Used electronics, handmade items, books, tools
Digital Good	Software, templates, course content, art, music

The Data Product Framework

Data products are the most distinctive listing type — packaged datasets derived from the user's Knowledge Graph, with automated privacy protection.

4-Step Builder

1. Data Selection
   └─ Visual query builder over the Knowledge Graph
      "All my running location data from 2023–2025"
      "Messages to contacts tagged 'work' from last year"

2. Privacy Configuration
   └─ Per-field privacy rules (see Privacy Engine below)
      "Round lat/lon to 2 decimal places"
      "Remove all names, replace with pseudonyms"

3. Packaging
   └─ Output format: CSV | JSON | Parquet
      Sample data preview (buyer can see before purchase)

4. Listing
   └─ Title, description, price, pricing model
      Published to federated network

Privacy Engine

The Privacy Engine runs inside the user's sovereign environment when a data product is purchased. Raw data never leaves the user's hub. Only the privacy-processed output is delivered to the buyer.

Per-field privacy actions:

Action	Effect
`keep`	Field delivered as-is
`remove`	Field omitted entirely
`hash`	Field value replaced with its SHA-256 hash
`round`	Numeric value rounded to specified precision (e.g., lat/lon to 2 decimals)
`generalize`	Categorical value replaced with broader category ("San Francisco" → "California")
`suppress`	Value replaced with placeholder ("[REDACTED]")

Additionally, differential privacy can be applied to entire datasets for statistical plausible deniability.

Privacy policy stored per data product:

{
  "fields": {
    "lat": { "action": "round", "precision": 2 },
    "lon": { "action": "round", "precision": 2 },
    "userId": { "action": "remove" },
    "notes": { "action": "suppress" }
  },
  "differential_privacy": {
    "enabled": true,
    "epsilon": 0.1
  }
}

Pricing Models

Model	How It Works
One-Time Purchase	Buyer pays once; receives static dataset snapshot
Subscription	Buyer pays monthly; receives continuously updated dataset
Pay-Per-Query	Buyer pays per query against the dataset (API access model)

Smart Contract System

Financial transactions use smart contracts for trustless escrow — neither party can steal from the other, and disputes go to community governance rather than a corporate arbitrator.

Technology

Blockchain: Polygon (EVM-compatible, low fees) or Solana — blockchain-agnostic design
Language: Solidity (for EVM); Rust/Anchor for Solana
Wallet integration: Ethers.js

Transaction Lifecycle

Created       Buyer initiates purchase; smart contract deployed
    │
    ▼
Funded        Buyer sends payment to contract escrow
    │
    ▼
Delivered     Seller delivers data/service, marks as delivered
    │         (data products: Privacy Engine runs, output sent)
    ▼
Confirmed     Buyer confirms receipt; funds released to seller
    │
    ▼
Complete      Both parties issue Verifiable Credentials to each other
              TrustedSellerCredential ← buyer issues → seller
              ReliablePayerCredential ← seller issues → buyer

Dispute Resolution

Either party can raise a dispute at any point before Confirmed:

Dispute raised
    │
    ▼
Community Governance arbitration selected
(a community group the parties are both part of, or a public arbitration pool)
    │
    ▼
Evidence submitted (both parties, via DIDComm)
    │
    ▼
Governance vote (within configured time window)
    │
    ├─► Seller wins → funds released to seller
    └─► Buyer wins  → funds refunded to buyer
                      DisputeLostCredential issued to seller

Federated Marketplace Discovery

There is no central marketplace server. Listings propagate through the federated network using ActivityPub custom vocabulary.

ActivityPub Vocabulary

Activity	Description
`Create(Listing)`	User publishes a new listing to followers
`Update(Listing)`	User updates an existing listing
`Delete(Listing)`	User removes a listing
`Offer(Purchase)`	Buyer sends a purchase offer to the seller's hub
`Accept(Offer)`	Seller accepts; smart contract initiated
`Announce(Listing)`	User shares someone else's listing with their followers

Discovery Flow

User creates listing
    │
    ▼
Hub sends Create(Listing) to all followers' hubs
    │
    ▼
Followers' hubs store listing in their local marketplace index
    │
    ▼
Followers can Announce(Listing) to their own followers
    │
    ▼
Listing propagates virally — no central index required

Marketplace Relays

Relays are servers that aggregate listings from many users, acting as a searchable directory:

Anyone can run a relay
Relays can be specialized: data products only, geographic region, specific categories
Users can submit their listings to relays for broader discovery
Relays do not hold funds or intermediate transactions — they only index

Reputation and Sybil Resistance

VC-Based Reputation

After every completed transaction, both parties issue credentials to each other (see reputation-system.md). Reputation is built on-chain credentials, not platform-controlled ratings.

Sybil Resistance

To prevent reputation manipulation via fake identities, participation in the marketplace requires a Proof of Personhood credential:

BrightID: social graph verification
Proof of Humanity: video verification + community vouching
The hub connects to these services via OAuth; upon verification, issues ProofOfPersonhoodCredential to the user's DID

Users who create multiple identities to inflate ratings will fail the Proof of Personhood check.

Data Model

listings (
  id              uuid PRIMARY KEY DEFAULT gen_random_uuid(),
  owner_id        uuid NOT NULL REFERENCES auth.users(id),
  listing_type    text NOT NULL
                    CHECK (listing_type IN ('data_product','service','physical','digital')),
  title           text NOT NULL,
  description     text,
  price_amount    numeric(12,2),
  price_currency  text DEFAULT 'USD',
  price_type      text CHECK (price_type IN ('fixed','hourly','negotiable','free','time_credit')),
  status          text NOT NULL DEFAULT 'draft'
                    CHECK (status IN ('draft','active','paused','sold','expired')),
  tags            text[] DEFAULT '{}',
  location_pref   text,            -- 'local' | 'regional' | 'global'
  visibility      text NOT NULL DEFAULT 'public'
                    CHECK (visibility IN ('public','followers','private')),
  data_product_id uuid,            -- FK to data_products when listing_type='data_product'
  federated_ap_id text,            -- ActivityPub @id after federation
  created_at      timestamptz DEFAULT now(),
  updated_at      timestamptz DEFAULT now()
)

data_products (
  id             uuid PRIMARY KEY DEFAULT gen_random_uuid(),
  owner_id       uuid NOT NULL REFERENCES auth.users(id),
  name           text NOT NULL,
  description    text,
  query_def      jsonb NOT NULL,            -- DataProductQuery: entity types, filters, date range
  privacy_policy jsonb NOT NULL DEFAULT '{}',-- per-field transformation rules
  output_format  text NOT NULL DEFAULT 'json'
                    CHECK (output_format IN ('json','csv','parquet')),
  sample_rows    integer DEFAULT 0,
  schema_json    jsonb,                     -- inferred output schema
  created_at     timestamptz DEFAULT now(),
  updated_at     timestamptz DEFAULT now()
)

marketplace_transactions (
  id              uuid PRIMARY KEY DEFAULT gen_random_uuid(),
  listing_id      uuid NOT NULL REFERENCES listings(id),
  buyer_id        uuid NOT NULL REFERENCES auth.users(id),
  seller_id       uuid NOT NULL REFERENCES auth.users(id),
  amount          numeric(12,2),
  currency        text DEFAULT 'USD',
  status          text NOT NULL DEFAULT 'created'
                    CHECK (status IN ('created','funded','delivered',
                                      'confirmed','disputed','refunded','completed')),
  escrow_ref      text,                  -- external escrow / smart contract reference
  dispute_reason  text,
  completed_at    timestamptz,
  created_at      timestamptz DEFAULT now()
)

Use Cases

Selling Anonymized Location Data

Fitness enthusiast with 2 years of running data

1. Opens Data Product Builder
   → Selects: location_history WHERE activity='running' AND year IN (2023,2024,2025)

2. Configures Privacy Engine:
   → lat: round to 2 decimals
   → lon: round to 2 decimals
   → user_id: remove
   → notes: suppress

3. Packages as CSV with 500,000 data points

4. Creates listing: "Anonymized running routes, San Francisco, 2023–2025 — $50"

5. Urban planning researcher finds listing via relay

6. Smart contract: researcher pays $50 → escrow

7. Privacy Engine runs: processes raw data → delivers anonymized CSV

8. Researcher confirms → funds released → both issue VCs

Offering Consulting Services

Data sovereignty architect

1. Creates listing: "1-hour architecture consulting session — $200/hour"

2. Startup CTO finds listing, sends Offer(Purchase)

3. Smart contract: CTO pays $200 → escrow

4. They have video call (via Twilio Video or external)

5. CTO confirms session completed → funds released

6. Both issue VCs: TrustedSellerCredential, ReliablePayerCredential

Capability Rollout

Stage	Capability
Federation foundation	VC infrastructure ready; basic listing schema in data model
Full marketplace	Data Product Builder, Privacy Engine, service/physical/digital listings, federated discovery via ActivityPub, VC-based reputation, basic escrow (non-blockchain)
Trustless transactions	Smart contract escrow (Polygon/Solana); governance dispute arbitration; Proof of Personhood integration; marketplace relays