There are plenty of systems of reputation capital already in existance out there. (RepCap to shorten it.) In this post, I will use several fictional examples, though the names may or may not resemble actual Nyms, within the context of this post, they are fictional and any such resemblance is purely coincidental (or halucinational in your case), and "you" refers to another Nym, not necessarily the reader, as "I" does not refer to the author, but yet another Nym. Ditto for actual named Nym's. In the finance world funds always have disclaimers stating that past performance is not a predictor of future growth, but in practice past performance is always used or at least taken into consideration. Reputations are built based on interactions of individuals with others who communicate references about their experiences. For the longest time your credit record has sufficed. Previous to that, your riches or your actions, (or breeding - a poor solution) or the esteem that others have for you that the viewer is acquainted with show (or at least hint) your reputation to those who are unfamiliar with you. New examples include things such as slashdot's karma points for insightful postings, and ebay's feedback profiles that allow a buyer to rate a seller numerically once per transaction with positive, neutral, or negative, and a comment. The seller can also rate the buyer and warn other sellers that this guy pays on time or was a hassle, or a dead beat. Anyone can view a nym's repcap and see all the comments along with the items that were sold, etc. Sellers can prevent those with negative or low rep-caps from posting bids, or can state that those with less than a certain amount must pay by certified check or credit card since they aren't trusted - or that their personal checks must first clear, etc. I actually like this model, but it can be expanded. Reputation capital can however be abused. In a Cypherpunk reputation capital environment, Mallet can set up two nyms and use them to defraud others. Here I will present a way around this. Mallet creates Alice and Bob, and has them perform some transaction over and over again, on each transaction posting postive repcap to each other. As Adam Shostack and Wei Dai's comments have pointed out, there are possible abuses to such a system: For the ebay model: Alice can sell Bob a used piece of toilet paper for $0.01, and on completion both Alice and Bob post positive repcap's for each other. Of course both Alice and Bob are Mallet's Nym's, so Mallet runs this process repeatedly until both Alice and Bob have high repcap's. This attack can be extended by Mallet over several hundreds of Nym's to make this less obvious, and can be randomized somewhat, etc... If a high rep-cap Nym is sold, the old owner can reursup the Nym if the buyer doesn't revoke the old public key and issue a new one. The old owner can even have a predated revocation certificate causing confusion. But in this case, fraud has been commited, so the buyer must have some recourse. Perhaps the buyer can then disclose their identity (or rather their original nym) and the signed messages between themselves and the fraud. Money may be perhaps reclaimed, or not depending on how the Nym was sold. RepCap's should certainly not just have a single dimension stating positive or negative, but rather a set of vectors. Certainly repcap metadata about a sale is different than that of an essay posting, or that of a social interaction. (Choate might for example have the best bbq's in the entire country and he might have huge successful parties, but perhaps his posts leave something to desire.) Perhaps XyzzY is a genius when it comes to her knowledge of perl scripts, but she's notoriously in debt, so I might not want to accept business from her, though when I read the perl mailing lists, I would happily see her messages. In a posting model such as Cypherpunks I believe I have an idea for a decent system. I'm not suggesting we implement this as there would be too much resistance to a fully working restrictive repcap based mailing list here, but, rather this can serve as a theoretical example. We swipe a bit of the Slashdot system, a bit of the ebay system, and add digital signatures. Let's start with a post. Say Tim posts a very brillian post about something. The readers of the post can if they chose to sign a hash of that message along with their vote for postive, neutral, or negative and a small comment (not a reply to the message, but a comment about the character of the post.) This message does not make its way onto the list as a message, but rather as metadata. That is your special mail client won't display them to you, so you won't see a flood of metadata emails, but your client will process them after authenticating their signatures. RepCap archive servers will collect and cache these for anyone to see. Individual clients can do the same. (You don't want a central server or a set of central servers as these can be destroyed, etc. and then the system fails.) Suppose that in my client, I hold Declan and Sandy in high reputation. That is my cache of their repcap is high and positive in relation to others. Now suppose that Tim posts a message and suppose they both vote that Tim's post was brilliant - thus give it a positive vote. Instead of adding just "2" points to my cache of Tim's rep, since I trust Sandy and Declan as non-nutcases, their votes are weighed against their own repcap's in my cache. Say Tim has a repcap of 600, say Declan has 500, and Sandy has 400. Then I add +1 * 500/X from Declan's repcap and +1 *400/X to Tim's repcap, so now my cache of Tim's repcap might jump to 620. Now this is not Tim's true reputation capital which came from individual votes, and can be downloaded from any archive by any new user at any time, it's rather my view of it. For example, say Jim doesn't like Tim, Jim can change the weight of Tim's repcap, or even the actual repcap in his own cache to something low, and then Declan and Sandy's vote won't make any difference. Further, if I or anyone else choses to, we can ignore posts by those with repcap under a certain threshhold. Doing so would also stop spammers from getting their message displayed (but not necessarily the bandwidth hogging.) Any time I chose to, I can change my own cache of someone's repcap, thus overriding public opinion. Perhaps this personal setting for each Nym I see would be locked either for a specific duration (so further votes can change it later on -- see below example of Aimee and Faustine), or forever. These should only override the tallied up ones from the servers, not replace them. Perhaps I can also share my views of a certain Nym, stating that "Vulis is a nutcase" or "Eric Hugh's is cool" and some sets of values, if I chose to. These can be the same as the weights I privately use to filter out things, or they can be a different set - should I chose to be two faced. But what about a new user who doesn't know Tim from Jim? Simple. They can talk to the archive servers and get either a count of positives and negatives or download the last six months worth of votes and optionally comments, or even download all that the archives have for a particular nym, including their public key, and any signatures on that key (pgp web of trust, etc.) Alternatively (or additionaly) the new user might want a query of what Declan and Sandy think of this guy and perhaps average them to build the cache. How does a new Nym build repcap? Lurkers who only read will be invisible, so they won't have a reputation. As soon as they post others can vote one way or another, and based on the weight of the repcap of the voter, a quick rep cap can be built. As each person can decide to change their own weights for that new Nym, this can be settled quickly. For example both Faustine and Aimee had initially interesting posts, but over time cracks appeared, lowering their repcap, etc... Their repcaps would have initially jumped up and then dropped. Of course those that choose to opt out, should be able to do so by simply not opting in the first place, though they might find it hard to do business with those that do... Note that everyone should be able to read all postings, and repcap metamessages at any time without participating. Flaws of course are that trust is not transitive (however, a system of personal weights can ameliorate this), and that past behavior is not a guarantee of future behavior (Nym's can go insane, or be cured of insanity, can relapse, can sell/buy Nyms.) Any other flaws? Again, this is a ficticious example of a reasonable system. It will likely never work here on this mailing list, though another mailing list like system can be created, though it would require both clients and reputation servers. The examples of people I used are entirely ficticious any resemblance to real humans is coincidental, parental discretion advised. This message will burp itself in ten seconds, though you will have to change its diapers all by yourself. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\ \|/ :aren't security. A |share them, you don't hang them on your/\|/\ <--*-->:camera won't stop a |monitor, or under your keyboard, you \/|\/ /|\ :masked killer, but |don't email them, or put them on a web \|/ + v + :will violate privacy|site, and you must change them very often. --------_sunder_@_sunder_._net_------- http://www.sunder.net ------------