reputation credit 3/3
Assume the distribution problem to be solved, in that people can now easily and reliably get the complete reputation information on an identity that interests them. What extensions to the basic system can be made to make it more useful? What will these extension do to the usability of the system? I think the most interesting extension would be to make reputations that apply only in one realm, a realm being some online community, whether that community consists of a single mailing list (Cypherpunks) or several lists, newsgroups (firewalls, bugtraq, comp.security.unix), or even a larger area, perhaps compromising mail, news, www, other interactive service. Clearly, there is some overlap between some realms (security, cypherpunks, hackers). A good reputation in one area might carry over into another, or it might lead to a negative reputation. This effect will probably arise spontaneously from the webs of interaction. Initially, I was going to propose that it be somehow formalized, but now I see that it will arise on its own accord, given a sufficiently flexible and strong system of distributing digital reputation capital on the net. This does require that negative opinions be made possible, not just low opinions. If Charlie can say "I disrespect David 90% of the time. /s/ Charlie 1 sept 94" and those opinions can spread the same way as positive ones, then most of the useful interaction between groups is possible in a decentralized, out of control sort of way. I've sort of assumed in other places that negative opinions were possible, I just wanted to explicitly state it. Another potential extension would be the addition of more varying formalized opinions than the formalistic "I respect/disrespect..." that I've been basing this on. This also has the possibility of just taking way too much work, but has the possibility, with careful design, to be a very useful tool. What if Alice can say "I think David is a fanatic. I also think David is a windbag." and she says these things in such a way that they can be automatically responded to by software? This would require a carefully chosen list of opinions that the system would support. If you had too many opinions, then the system would be worthless, because, in all probability, people would pick different descriptors, and the information would not correlate into anything useful. The list could probably be fairly short, allowing for terms like windbag, funny, fanatical, reasonable, knowledgeable, trustworthy. That would greatly expand what you could say (or hear) about someone in a simple digital format for automatic scanning and filtering. The inclusion of terms like trustworthy or reliable could act as the basis for some business. A set of 'reliable' endorsements stretching back 20 years would make me much more comfortable with a remailer business than one that sprung up yesterday and is now well respected by 300 federal agents. None of these endorsements need be formal "I'd do business with them again" statements, the objective is to give an idea of who is thought of well, and who is not. With the addition of an encrypted open books protocol then people could automatically get an idea of what businesses are stable, and liked by their customers. I've toyed with the idea of being able to rate personalities this way, which would be useful at times, since there reputations do exist in the personal world as well as the professional. But any system of personal reputations would fail, because bad mouthing someone with a digital reputation is an open act. Very few people would talk about Alice in a negative light if they know she will hear about it. And even if they do want to, there doesn't need to be an automated system to make it easier. However, this does raise the interesting idea of a private reputations system. If a group for one reason or another wants to build a reputation service that is closed; in who may add to it and who may access it, would they be able to? It would probably be fairly simple. The slander program could be modified so that no one who didn't already have some reputation capital could be discussed. Using a system that A useful bit of reputation capital can not be anonymous, although it can be pseudononymous. If it is anonymous, there is no way to give it weight. Cooperative protocols for undeniable digital signatures could probably be designed and made workable. However, I would expect that it would be far too much work to run. I prefer to design a system that requires much less effort. If you want to protect your privacy while participating, work under a nym. There you have it, an outline of a system for possibly efficient, decentralized digital reputation capital. A bunch of extensions that may or may not work. How to distribute is addressed, but needs more work, and probably a prototype. The big question in my mind is how to get people to feed enough information into it to seed the system? Once it gets started, it will run for a while on slow growth, and then explode at some random point. (Probably right after a serious design bug is discovered. :) After it explodes in terms of use, it will be self-perpetuating because of its usefulness. Please feel free to comment on what wouldn't work. How could the system be extended to make it more useful? It might be that building something would be the best way to answer these kinds of questions.
Adam Shostack writes a very interesting set of articles on a concrete proposal for reputation credentials. A couple of suggestions: maybe you should distinguish between respecting someone as a writer and respecting them as a reviewer. In the real world, we have editors, publishers, and others whose main job is to discover and facilitate the good writers. Just because you write well doesn't mean you will be good at recommending other writers, and vice versa. Adam brings this up himself when he talks about a good writer who intentionally makes bad recommendations. Creating these two different kinds of credentials would help solve this. A related point is that doing this helps remove some of the normative or reward/punishment aspects of this system. Saying that you like someone's recommendations is similar to saying that you have similar tastes to theirs. There is not so much stigma or insult associated with refusal to give a credential saying that you like someone as a reviewer. It just means your tastes differ. OTOH refusing to endorse someone as a writer is a stickier business. It may offend others and it could bring retribution upon yourself. It could be a way to create enemies. Especially if you went with numerical rankings so you said "I like John Doe's writing 5% of the time", this could be insulting. If you don't have these "negative" credentials it is not so bad but it still may be noticable if someone endorses a lot of people with a few notable exceptions. The problem, then, is that people may be reluctant to be honest with their opinions. They may find it safer to follow the crowd and add their own endorsements to those already popular than to take a chance with honest praise of some pariah. There was some discussion about this in the development of PGP. Should there be a way for people to say how much they trust another person as a signer? If you had this (in a public way) then you could have transitive trust to some extent and it would expand the web of trust considerably. But again the concern was that people would not want to expose what they truly thought of the signing policies of their friends. I suppose you could get around this by having one set of opinions for public consumption and another set used for personal message rankings, but that seems a bit extreme. Still, I think it would be a worthwhile thing to try. It would be nice if we could do some more interesting cryptographic stuff than just simple signatures, though. Hal
I am replying to a message by A.Shostack about reputation systems. I regret that I will probably be unable to follow all aspects of this thread due to "engagements" but the dialogue so far has been fascinating (is anyone archiving cypherpunks for future historians? seems like it would be *hot* material when the world transitions to a "Cyberspatial Reality" (can't remember where I saw that term...) anyway, a few paragraphs caught my eye.
What if Alice can say "I think David is a fanatic. I also think David is a windbag." and she says these things in such a way that they can be automatically responded to by software? This would require a carefully chosen list of opinions that the system would support. If you had too many opinions, then the system would be worthless, because, in all probability, people would pick different descriptors, and the information would not correlate into anything useful. The list could probably be fairly short, allowing for terms like windbag, funny, fanatical, reasonable, knowledgeable, trustworthy.
there is a lot of merit in the simple idea you write about above, and I think it deserved to be explored by some "mad programmer" with enough coding talent and free time on his hands. any takers? <g>
But any system of personal reputations would fail, because bad mouthing someone with a digital reputation is an open act. Very few people would talk about Alice in a negative light if they know she will hear about it. And even if they do want to, there doesn't need to be an automated system to make it easier.
it seems to me that a lot of good ideas are dismissed here for the wrong reasons. what is one man's junk can be another man's gold. for example, suppose such a system as you indicate is in place. I can easily imagine that people would *love* to publicly trash other's people's reputations as a way of saying "I hate his guts, and I hope everyone else will not listen to him." public *negative* reputations are very important and are already quite ubiquitous in my opinion. they are the means by which a society exerts force on the individual to conform to social norms. and as reprehensible as that sounds to some of you, you cannot deny that exactly this mechanism is employed on the cypherpunks by e.g. TCMay et.al. i.e. the way TCMay loudly *****PLONKED***** someone recently, complaining about "fools and lightweights" for the sin of sending him an encrypted message that didn't contain any interesting criminal instigations <g> so this public broadcasting, this "*****PLONK*****" is often quite public, and you are quite mistaken in thinking people would shy away from it, those with the greatest reputations use it as a method of coercion, in a sense, a kind of cyberspatial peer pressure! "if you want to be my friend, you can't be his friend". this might be called the Larry Detweiler effect, although it appears to me he has been getting far to much credit lately, maybe the cypherpunk reputation servers have been hacked <g>
The big question in my mind is how to get people to feed enough information into it to seed the system? Once it gets started, it will run for a while on slow growth, and then explode at some random point. (Probably right after a serious design bug is discovered. :) After it explodes in terms of use, it will be self-perpetuating because of its usefulness.
I was saying to A.S. in private mail that I thought it was a pity that the cypherpunks didn't invent something like WWW that has really taken off. For example, If remailers are the natural role of future cyberspace, why haven't they caught on? I think because there is no incentive for an operator to run one, and in fact quite a lot of disincentive (who want to get the message "postmaster: please yank this account for sending trash). the best cyberspatial technologies have an inherent incentive to everyone that comes in contact with them, operators in particular (example: NNTP servers are fun for news admins to read, WWW pages are easy to install and act like miniature bulletin boards to get responses, etc). maybe the all-important role of anonymity and pseudonymity could gain widespread acceptance by "piggybacking" some other amazingly desirable system (such as reputation systems). but I really agree with A.S. that the "self-perpetuating explosion" is critial to new cyberspatial technology. it is like a meme spreading, like people latching on to the latest Billboard hit. A lot of the cypherpunk *ideas* have caught on like this, e.g. PGP, privacy, etc. but I would like to see a total *cypherpunk* software creation reach the Cyberspatial Hall of Fame (the anon.penet.fi remailer comes pretty darned close, but it is just one site.. and pgp, well Phil Zimmerman has said at times he's *not* a cypherpunk, because he wears suits <g>). maybe reputation systems will be the cypherpunk magic bullet. that makes me wonder: did Julf build his server after being inspired by the cypherpunks? or did he get the idea somewhere else? well, I have dropped a lot of hints in this message, and I have asked some people to agree to nondisclosure agreements on related issues, and it would be a bit hypocritical for me to say much more, so I probably won't elaborate much further than what I've said above for awhile. Mostly I wanted to give Adam Shoestack some credit for some good ideas. bye Vladimir Z Nuri vznuri@netcom.com ``Imagination is more important than knowledge.'' (Einstein)
participants (3)
-
Adam Shostack -
Hal -
Vladimir Z. Nuri