question about reputation
In an economy based on positive reputations, how does one acquire a reputation capital? One way may be to initially perform services at a price below cost, but this has some problems. For example, Alice starts a anonymous consulting service, and announces that she will answer the first ten queries for free. Upon hearing this, Mallet immediately starts another consulting service, and announces the same offer. At this point Mallet can simply forward his customers' queries to Alice and Alice's answers back to his customers. Thus, he gains reputation at no cost. On the other hand, this "man-in-the-middle" attack can also work against conventional True Name based services, but perhaps with less effect. Has anyone ever heard of this being done? Is there a better way to acquire a good reputation? Wei Dai
Wei wrote: |> In an economy based on positive reputations, how does one acquire a |> reputation capital? One way may be to initially perform services at a |> price below cost, but this has some problems. |> For example, Alice starts a anonymous consulting service, and announces |> that she will answer the first ten queries for free. Upon hearing this, |> Mallet immediately starts another consulting service, and announces the |> same offer. At this point Mallet can simply forward his customers' |> queries to Alice and Alice's answers back to his customers. Thus, he gains |> reputation at no cost. A) There is a real cost (some combination of reputation and other capital) involved in attracting customers. B) This is emphatically _not_ an "abuse" of reputation capital. Mallet will acquire a reputation based on the quality of the service he provides. Suppose that Bob also set up a service like Alice. Some people would go directly to Alice, some to Bob, and some to Mallet who chooses which ever of Alice and Bob offers the best deal for the customer. By choosing intelligently, Mallet could acquire a better reputation than either Alice or Bob. This would not be inaccurate. By using Mallet, (now a consulting services broker) the customers are geting a better deal. (i.e. MAX(A(x),B(x)) is greater than or equal to both A(x) and B(x)). JWS
Good question, but a quick modification allows for effective bootstrapping. If I want to start consulting for Amalgameted Consolodated, I can offer them a 10 free questions deal to bootstrap things with. Mallet can only cheat if my offer was broadcast. (I presume that Amalagated' keys are somehow strongly verified, and the negotiantions are kept secret from Eve and Mallet.) There might also be fingerprinting technologies that allow me to embed a signature in the documents returned to clients that would allow me to show that Mallet stole them. (Which might, incidentally, get Mallet a job in some circles...If thats known, Bob and Alice can collude to make it appear that Bob was Mallet, and thus forge a reputation. Wei wrote: | In an economy based on positive reputations, how does one acquire a | reputation capital? One way may be to initially perform services at a | price below cost, but this has some problems. | | For example, Alice starts a anonymous consulting service, and announces | that she will answer the first ten queries for free. Upon hearing this, | Mallet immediately starts another consulting service, and announces the | same offer. At this point Mallet can simply forward his customers' | queries to Alice and Alice's answers back to his customers. Thus, he gains | reputation at no cost. | | On the other hand, this "man-in-the-middle" attack can also work against | conventional True Name based services, but perhaps with less effect. Has | anyone ever heard of this being done? | | Is there a better way to acquire a good reputation? | | Wei Dai | -- "It is seldom that liberty of any kind is lost all at once." -Hume
On Sun, 10 Sep 1995, Adam Shostack wrote:
Good question, but a quick modification allows for effective bootstrapping. If I want to start consulting for Amalgameted Consolodated, I can offer them a 10 free questions deal to bootstrap things with. Mallet can only cheat if my offer was broadcast. (I presume that Amalagated' keys are somehow strongly verified, and the negotiantions are kept secret from Eve and Mallet.)
This scheme doesn't quite work. (Let's call Amalgameted Bob, to keep names short.) Bob can create a new, unlinkable pseudonym and give the same offer to Carol under the new pseudonym. Then, Bob acts as Mallet and passes messages back and forth between Alice and Carol. At the end of the 10 free questions, Bob terminates its contract with Alice, leaving Alice with nothing and Bob's pseudonym a certain amount of reputation with Carol.
There might also be fingerprinting technologies that allow me to embed a signature in the documents returned to clients that would allow me to show that Mallet stole them. (Which might, incidentally, get Mallet a job in some circles...If thats known, Bob and Alice can collude to make it appear that Bob was Mallet, and thus forge a reputation.
Fingerprinting may be useful in some situations, but is clearly not a perfect solution to this problem. Alice may be able to prove to Mallet's customers that she originally wrote the answers, but if their communications with Mallet are private, how does Alice even know who those customers are? Also, I'm not too familiar with fingerprinting technologies, but Mallet may be able to remove the identifying marks by translating the answers to a different form while preserving the meaning. Wei Dai
Adam Shostack writes: # Good question, but a quick modification allows for effective # bootstrapping. If I want to start consulting for Amalgameted # Consolodated, I can offer them a 10 free questions deal to bootstrap # things with. Mallet can only cheat if my offer was broadcast. Wei Dai writes:
This scheme doesn't quite work. (Let's call Amalgameted Bob, to keep names short.) Bob can create a new, unlinkable pseudonym and give the same offer to Carol under the new pseudonym. Then, Bob acts as Mallet and passes messages back and forth between Alice and Carol.
If all Alice's prospective customers are also resellers on the side, then I agree that she has a problem. But how realistic is a market scenario in which a new supplier cannot positively identify some legitimate end consumers of a product or service ? (I'm ignoring cases in which the market for the product or service is only just being forged.) This strikes me as rather implausible, although I don't claim to have devoted a great deal of thought to it. -Futplex <futplex@pseudonym.com>
Wei Dai writes:
On the other hand, this "man-in-the-middle" attack can also work against conventional True Name based services, but perhaps with less effect. Has anyone ever heard of this being done?
Undoubtedly -- this is a factor in the abundance of "no sales to dealers" and "limit N per customer" in sales advertisements. -Futplex <futplex@pseudonym.com>
participants (4)
-
Adam Shostack -
futplex@pseudonym.com -
solman@MIT.EDU -
Wei Dai