Trust & Reputation Models

Carles Figuerola, Ral D & V u az ctor Ario n May 2011

Contents
1 The importance of trust 1.1 1.2 Formal trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Informal trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 4 4 4 5 5 6 6 7 7 8 8 8 9

2 Reputation 2.1 Online Reputation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3 Trust by reputation 4 Trust & Reputation Tools 4.1 4.2 4.3 4.4 Ratings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Institutional . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5 Models 5.1 5.2 5.3 5.4 5.5 5.6 5.7 5.8 5.9 Number of hits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PageRank . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

eBay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Amazon.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Paypal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Facebook, a reality approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 OpenPGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Trust Net . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Slashdot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 17

6 Security, consistency and attacks 6.1 6.2 6.3 6.4

Sybil Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Bootstrap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Whirlwind eect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 The downfall of digg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Abstract This essay tries to explain what is trust and reputation in a computational context, particularly in social networks scenarios. Additionally several trust and reputation models will be discussed and analyzed.

The importance of trust

Before starting our discourse we should ask ourselves: is there something more important than trust? Is

the interaction among humans beings remotely possible without it? We arent just talking about social life, business or love. As Rosseau thought it, the modern society establishes a social contract by which their members accept tacitly rules for the coexistence and try to nd the compromise between the self and common benet. How could we live peacefully without knowing if others will respect or not this contract as much as we will? Every indication says that we couldnt. Human being is, to a greater or lesser extent, a gregarious mammal. Practically all his activities are developed in conjunction with the other fellows of his social group, turning trust, then, into the only bridge to lead a normal life. Hence we are able to say that life in society entails an inherent state of trust. More or less, we all assume that we can trust our parents, that nobody is going to hurt us when we walk to our job or that the violation of our rights will be punished by the law. Without this initial trust situation only the hysterical suspicion remains, the impossibility of human relation, in short, the most absolutely ostracism. In a hypothetical situation where we know everything about the world and people, we wouldnt need trust. Trust begins from the necessity of dealing with uncertainty, the future complex circumstances, to fulll our interests. In the middle of this non guarantee position, achieving our satisfaction depends on the evaluation of the environment. No matter if we are talking about the mutual trust between a couple of lovers to obtain an emotional stability, or the trust we pin on a leather company when we buy a new shoes. Anyway, trust is about bringing dierent interests together. This can bring a lot of problems, if we think about social or friendship issues, for example. In economics, on the other hand, this point is easier to describe. If a businessman wants to earn money selling a product, it needs to have a bidirectional relation of trust with its clients. Here, the terms of trust are quite clear, because they consist mainly on the combination of material interests: businessmen earn money and clients get a product. The rst one will care about the clients ability to pay. Clients will do the same about the quality of the product and the good correspondence between the quality and the price, which can be contrasted with similar products from other producers, but only to a certain extend. And again, the idea that relates the unknown and trust, position where clients need some references to make the right choice. This references, called reputation, is dened by several factors, like historical prestige of the brand or the opinion of other clients (friends, specialized websites,etc). Before dealing with reputation, its necessary to distinguish two kinds of trust: formal trust and informal trust.

1.1

Formal trust

Institutionalized mechanisms destined to guarantee mutual cooperation in trust process. There are a lot of these mechanisms, like legislations, civil and penal law, in the way to formalize the mentioned social contract. Another can example can be credit card systems, which protect shoppers against fraud. Contracts are a good example as well. Parties establish conditions, rules by which the trust relation is going to be carried out. Another case of formal trust could be marriage, document that formalizes the couple status and the promise of nancial and emotional stability (at least, that is what it is expected to be). This trust systems have some problems. As we said, trust consist in bringing interests together and the institutionalization sometimes makes a good compromise dicult. For instance, government legislations usually nd the solution relevant to the majority of people, but often they are unfavorable for a certain group of citizens. Unfavorable and, above all, inexible. And thats the point. Once the conditions are in a signed document, is dicult to change it, whether interest and needs are going to change or not in the near future.

1.2

Informal trust

Obviously, most of the social activities cant have its own explicit contract. For this reason, there are subjective factors almost always that congure the level of trust. Firmness of a handshake or body language can be important signs to trust somebody or not. A presidential candidate can lose the support of voters because a tremulous voice or an excessive perspiration, like, for example, in 1960 with the well-known television debates between EEUU presidential candidates, Richard Nixon and John F. Kennedy. Therefore informal trust is more variable than formal trust. It involves more risk and, obviously, lots of disappointments. Not in vain, as in hope, we live in trust. And the society, that precisely stigmatized distrust, always knows to recognize trust as the engine of civilization.

Reputation
Reputation is a social evaluation of a group of entities toward another entity based on certain criteria. It is

an important factor in many elds, such as education, business, online communities or social status. Reputation can be considered as a component of the identity as dened by others, i.e. reputation is then a meta-belief (a belief about another persons belief) A very important role of reputation is its transmission in the form of advice. This can be an educated advice, based on facts and both historical and current events, or just gossip, which doesnt mean it isnt useful. Gossip, although vague, may contain precious hints both to actual facts (Ive been told this physician has shown questionable behavior) and to conicts taking place at the information level (if a candidate for a role spreads defamatory about another candidate, who should you trust?). Moreover, the expression it is said that... is a reputation spreading act because it refers to a (possibly fake) common opinion and, on the other hand, the part of it is said is self-assessing because it is at least true just because the person saying it has just said it.

Reputation-based decisions
There are three kinds of ways reputation can aect the opinion we have about something: Epistemic acknowledge a given reputation. This implies a believed evaluation prevails to ones direct evaluation. Lets imagine the friend I mostly admire has a good opinion of Mr. Berlusconi. However puzzled I may be by this dissonance-inducing news, I may be convinced due to my friendship to accept this evaluation and share it. Pragmatic-Strategic use reputation to decide whether and how to interact with the target. Once I have my own opinion (perhaps resulting from acceptance of others evaluations) about a target, I will use it to make decisions about my future actions concerning that target. Perhaps, I may abstain from participating in political activity against Mr. Berlusconi. Memetic transmit my (or others) evaluative beliefs about a given target to others. Whether or not I act in conformity with a propagating evaluation, I may decide to spread the news to others.

2.1

Online Reputation

Online reputation is a factor in any online community where trust is important. It aects a pseudonym rather than a person. Online reputation is the perception that one has on the Internet based on their digital footprint. Digital footprints accumulate through all of the content shared, feedback provided and information that created online. People aspire to have a positive online reputation. If someone has a bad online reputation, he can easily change his pseudonym. This is why new accounts on e-commerce reputation-based webs are usually untrusted. If a person or a company want to manage his web reputation, he will have many more diculties. This is why a merchant on the web having a physical shop (with real name, real address) is usually more trusted. Building and maintaining a good reputation can be a signicant motivation for contributing to online communities.

Trust by reputation
During the last years, Computer Science has moved from centralised computer systems to distributed com-

puting. This evolution has several implications on the security models, the policies and the mechanisms needed to protect users information and resources in an increasingly interconnected computing infrastructure The multi-agent system paradigm and the huge evolution of e-commerce are factors that contributed to the increase of interest on trust and reputation, even recognising them as key factors for a successful e-commerce adoption. Within these scenarios, Trust and Reputation Models are used as an incentive in decision-making, when deciding whether or not to honor contracts (buy products, ask for advice, accept and agreement, etc.), and as

a mechanism to search trustworthy exchange partners. In particular, reputation is used in electronic markets as a trust-enforcing mechanism or as a method to avoid cheaters and frauds. Trust and Reputation both have a social value. When someone is trustworthy, that person may be expected to perform in a benecial or at least not in a suspicious way that assure others, with high probability, good collaborations with him. On the contrary, when someone appears not to be trustworthy, others refrain from collaborating since there is a lower level of probability that these collaborations will be successful. However, trust is strongly connected to condence and it implies some degrees of uncertainty. Therefore, there is a relation between both the concepts that should be considered in depth: reputation is a concept that helps to build trust on others, in order to decrease the uncertainty level. A reputation system computes and publishes reputation scores for a set of objects (e.g. services or entities) within a certain community, based on a collection of opinions that other entities hold about the objects. The opinions are typically passed as ratings to a reputation center which uses a specic reputation algorithm to dynamically compute the reputation scores based on the received ratings. Entities in a community use reputation scores for decision making, e.g. whether or not to buy a specic service or good. An object with a high reputation score will normally attract more business that an object with a low reputation score. It is therefore in the interest of objects to have a high reputation score. Nowadays, game theory is the predominant paradigm considered to design computational trust and reputation models. In all likelihood, this theory is taken into account because a signicant number of economists and computer scientists, with a strong background in game theory and articial intelligence techniques, are working in multi-agent and e-commerce contexts. An individuals success in making choices depends on the choices of others. [1]

Trust & Reputation Tools

There are four main methods or tendencies in order to mathematically evaluate Trust and Reputation.

Actual Trust and Reputation models combine two or more of these tools in order to enforce the security and reliability of a T&R system.

4.1

Ratings

One of the main and most seen tools used in reputation based trust models are the ratings. This enables a user (that has had a formal or informal interaction with another user) to give a rating in form of a numeric rating (or its counterpart, the typical 5-star system) or just a negative or positive point. Numeric rating system The numeric ratings describe the opinion of the user or one of its submissions or both. It is then averaged among all its ratings and the result is shown to all the subsequent users that want to interact with him/her. When the user base is large and the majority of the users the numeric rating works well because the opinion of 6

any particular user is averaged out. This means that if a rogue user starts giving out bad ratings to every user it doesnt show much on their ratings. On the other hand, when the user base is small, a mischievous user with a lot of real life friends can change its numeric rating easily. Often, the algorithms to average these ratings become more complex and give greater ponderation to trusted members or members with a good standing on the web to avoid having new users (usually created just for this purpose) overthrow a trusted old member. One of the main problems of the numeric rating system is when there are similar items on comparison but some of them have a rating based on very few users. If these users voted high, this rating is then averaged and it reects highly on the item, even though these users may be mischievous or friends of the submitter. This has been easily solved on some pages by showing the number of reviews the rating is averaged on. This combination of numeric rating and the users its based on is one of the most widely used and trusted rating system. This rating system is one of the oldest ones, based on numeric reviews like the movie reviewers before the Internet. Positive/Negative rating system The other main rating used in web pages is the +1, -1. When a user is thinks a user or one of its submissions to the community is relevant, it approves it. On the other hand, when it thinks it isnt appropiate, it disapproves and the submission may be held back for revision by a higher level user. These these ratings arent averaged but added up, the higher the result the better. This way, bad submissions are given a negative rating and are often discarded or kept in a separate section of the page. Theres benets for the user with this system because its very obvious when a user is not to be trusted. Some pages even give the percentage of positive/negative ratings which form to a kind of numeric rating out of 100. This rating system is the most adopted by web pages because its easy to understand for the end user and easy to manage by administrators.

4.2

Feedback

The other major tool there is to create reputation is feedback. Feedback is a written opinion from peer to peer. Unlike the ratings, a feedback can be more elaborate and tell detailed opinions and not just an impersonal number. It gives security and credibility to other users who can form an opinion of the opinion giver. The downside of this system is that users seek to get the most positive feedbacks from their peers so they are very positive on their own feedbacks. This creates a feedback loop and means that the majority of the reviews arent 100% true.

4.3

Institutional

Trust and Reputation can also be Institutional, this is, to base the trust to entity on the name of the entity or a third party which veries the quality of a certain product or service. 7

There are institutions which seal/verify some services and products and whose seal makes the user (e.g. an interested buyer) feel trustful. A clear example on this is Paypal which online payment service ensures condentiality and correct money exchange between parties (Paypal will be further described below). A user who is interested in buying something in an not trusted online shop may be more trustful whenever it knows that a secure payment by a third party like paypal can be done. There exist other Paypal-like services, the trust or not on them depends on the reputation that the companies hold during their lifetime, so a user may accept one but may be doubtful of another which services had been once security compromised. Another example of Institutional Trust is a Certicate Authority. Whenever a user visits a website or uses a data-sensitive online service, it must be sure that the communication cannot be seen by anybody else. This can be ensured by (e.g.) an SSL certicate, however some certicates are also signed (even double-signed) by a third party authority which ensures that the certicate belongs to the named company. This provides the consumer a higher degree of trust than using a self-signed certicate which also depends on the reputation of the third party shareholder.

4.4

Security

The trust through Security is sometimes close to Institutional Trust. This mechanism bases the trust that an entity has to another on the fact that the rst really knows that the second is who says it is and the messages and data-exchange cannot be altered while the communication process. Thus, can be summarized as: Agent Validation Integrity and authenticity of messages Trust to Security approach ensures a certain information is valid and can be trusted if both of the upper premises are successful.

5
5.1

Models
Number of hits
This is the most simple model of the ones we are commenting, it only computes the number

Description

hits an entity receives. Examples are: Number of views of a website. Number of reads of a Blog post. Number of given opinions of a certain forum member. Number of users of a certain service.

The higher these numbers are, the most relevant (or even trustful) their services are considered by this model. There is also an algorithm named HITS (Hyperlink-Induced Topic Search) precursor to PageRank, but it has no relation with this one. We explain this Number of hits as an introduction to Trust And Reputation models. PageRank will be described in section 5.2 as well as more advanced algorithms. Reputation The Reputation is proportional to the number of hits an entity receives.

R = k Nhits Trust Trust is usually proportional to the reputation of a certain entity. Thus, in the case of a search engine

the most visited entities will appear rst in the search results (which is a common practice in many search engines), this is because the S.E. trusts more the results that have higher reputation, which means a larger number of hits.

T = c R = mNhits Troubles In most cases the user tends to visit the rst results of a search query however they might not be

the right ones. Despite that, these receive the most number of hits, so the wrong results might keep appearing at the top of the charts for some time.

5.2

PageRank
PageRank is a link analysis algorithm, named after Larry Page, used by the Google Internet

Description

search engine that assigns a numerical weighting to each element of a hyperlinked set of documents with the purpose of measuring its relative importance within the set. The algorithm may be applied to any collection of entities with reciprocal quotations and references. The numerical weight that it assigns to any given element E is also called the PageRank of the page i and denoted by P R(pi ). The name PageRank is a Google trademark, and the PageRank process has been patented (U.S. Patent 6,285,999). However,even though the patent is assigned to Stanford University and not to Google, Google has exclusive license rights on the patent. Nowadays this is not the only algorithm Google is using to rate the websites or documents, though. They combine more than 200 algorithms (including PageRank) which they update on a weekly basis in order to reach the most accurate page rating, and consequently the best and most relevant search results.

Figure 1: PageRank example Google describes PageRank as: PageRank relies on the uniquely democratic nature of the web by using its vast link structure as an indicator of an individual pages value. In essence, Google interprets a link from page A to page B as a vote, by page A, for page B. But, Google looks at more than the sheer volume of votes, or links a page receives; it also analyzes the page that cast the vote. Votes cast by pages that are themselves important weigh more heavily and help to make other pages important. [8] In other words, a PageRank results from a ballot among all the other pages on the World Wide Web about how important a page is. Relevance (Reputation) The relevance or reputation is the PageRank itself, dened recursively and depends on the number and PageRank metric of all pages that link to it (incoming links). A page that is linked to by many pages with high PageRank receives a high rank itself. If there are no links to a web page there is no support for that page. Originally the PageRank was dened as: 1d +d N P R(pj ) C(pj )

P R(pi ) = where: P R(pi ) is the PageRank of the page i.

pj M (pi )

d is the damping factor, usually set to 0.85. C(pj ) is the number of links going out of the page j. M (pi ) is the set of pages linking to page i. N is the total number of pages linking to page i. 10

Trust

The trust is usually proportional to the reputation of a certain entity. Thus, the most rated pages will

appear rst in the search results. And users will trust the search engine as it shows on top of the search results the more likely results for a certain query. Troubles Numerous academic papers concerning PageRank have been published since Page and Brins original

paper. In practice, the PageRank concept has proven to be vulnerable to manipulation, and extensive research has been devoted to identifying falsely inated PageRank and ways to ignore links from documents with falsely inated PageRank. This is one of the reasons Google combines the use of PageRank with about 200 other algorithms. Spoong A previous aw was that any low PageRank page that was redirected, via a HTTP 302 response or a Refresh meta tag, to a high PageRank page caused the lower PageRank page to acquire the PageRank of the destination page. In theory a new, PR 0 page with no incoming links could have been redirected to the Google home pagewhich is a PR 10and then the PR of the new page would be upgraded to a PR10. This spoong technique, also known as 302 Google Jacking, was a known failing or bug in the system. Any pages PageRank could have been spoofed to a higher or lower number of the webmasters choice and only Google has access to the real PageRank of the page. Manipulation For search engine optimization purposes, some companies oer to sell high PageRank links to

webmasters. As links from higher-PR pages are believed to be more valuable, they tend to be more expensive. It can be an eective and viable marketing strategy to buy link advertisements on content pages of quality and relevant sites to drive trac and increase a webmasters link popularity.

5.3

eBay
eBay is an American internet company devoted to e-commerce. All kinds of users buy and sell

Description

a great variety of products using its online auction system. Theres three dierent kinds of auction in eBay: 1. Typical auction: sellers oer one or more items for sale. It sets the initial price and the length of the oer. Then registered users can bid for the product. At the end of the previously established period by the seller, the highest bidder gets the product, paying not his last bid, but the second-highest bid. 2. Buy it now: sellers oer the product at a xed prize. If theres a buyer who agrees to pay this prize, it obtains the product immediately. 3. Best oer: the possible buyer submits a best oer. If the best oer is not satisfactory, the seller presents a counter oer to the buyer. It ends when seller and buyer agree to a nal price. Its important to have in mind that the buyer has no physical access to the product and usually only has a picture and a brief description of the product written by the seller. To mend this, eBay proposes several trust and reputation solutions. 11

Trust

eBay gives several guarantees of trust to the buyer and seller. Firstly, sellers can choose the type of

payment (credit card, bank transfer, PayPal, etc), which helps prevent a possible fraud. Besides, eBay oers buyer protection, a service that covers a certain amount of the buying price in case of fraud. Each claim addressed to eBay for this reason costs 30 euros. Also seller and buyer may decide not to commit the transaction, if one of them is not satised with the conditions. To facilitate all this mechanisms, all the information remains on eBay servers. Reputation eBay provides an easy system of reputation. Although its not mandatory, buyers and sellers

evaluate each other after transactions. This evaluation consists in a short comment and a rating. There are three kind of ratings: positive (+1), neutral (0) and negative (-1). This tool gives each eBay member a reputation, that is the sum of all the numerical evaluations. In the next sales and from the reputation of the seller, buyers will be able to know if the oer is to be trusted or not. Advantages and Troubles Some positive points of eBay are the simplicity of the whole process and the

great capacity to receive millions of users. In addition, the more users, the more robustness the system will have. Even so, reputation and its rating procedures are quite manipulable. Weakness lies also in the interpretation of the reputation. It is dicult to dene exactly what is a high or low reputation and the textual comments become, most of the times, indispensable to know if the seller is trustful or not.

5.4

Amazon.com
Amazon.com is an online store and reseller of both new and used items. It uses its institutional

Description

reputation to sell items from less trusted or known online shops at a premium. Its trust model is based on the reputation its products gather on the form of ratings and feedback from its buyers. Reputation Theres two kinds of reputation on Amazon.com the rst is the reputation of the item to be

bought itself and then theres the reputation of the online shop (if the item cannot be sold directly by amazon or if the user chooses not to) from which the user may purchase the item. On every item page, theres a summary in the form of a numeric rating and the number of reviews its based on. Then, at the bottom, all the reviews can be found and read. It goes even deeper than that because each review can be marked as useful or not by potential customers. That last part is shown above every review in the form of 8 out of 10 people found the following review helpful. This doesnt change the numeric rating of the whole item, but helps the users know the reputation of each single review. When a user has chosen whichever item he or she wants to buy, it can go to a page showing all the potential sellers of this item, including amazon itself. This page has a list with the dierent prices and a percentage of users that have had previous positive transactions with the seller. Then if a user clicks on a particular rating is then brought to a detailed page showing the average based on the last 30, 60, 90 or 365 days and written feedback from its customers.

12

Trust

The trust the user has of the whole page is based on the reputation of its items. Each item is trusted

individually by its numeric rating, but its trust can be lost by a single bad review, as most of the time there are very similar products available and the user can choose freely one or another. Most of the seller ratings are pretty high so users usually choose depending on other aspects (such as shipping price, availability, processing time, etc) provided the rating surpasses a minimum threshold. Troubles Amazon.com assures its neutrality saying that bad reviews arent and its mostly true but there

have been cases in books about Scientology. This means that all opinions on the page could be superseded by Amazon.com if they dont follow its guidelines. There was a case in 2004 when a glitch in Amazon.cas review system temporarily revealed that some wellestablished authors were anonymously giving themselves glowing reviews and rival authors terrible reviews.

5.5

Paypal

PayPal is an e-commerce business, property of eBay, and constitutes a trust system by itself. Every day more people decide to do their shopping through the internet, which creates several doubts, not only about the state of products or services that they want to obtain, but also on the security of the payments. Many people still refuse internet shopping because of this reason. They fear fraud when the website asks for the credit card number or the account. This is why PayPal performs payment processing for online transactions, like auction sites, and charge a fee. In fact, the most part of its users come from eBay, its owner and one of the biggest e-commerce platforms. PayPal is used like an intermediary, an account where the user can deposit its money and from which it is able to do the transactions. For security, PayPal blocks the access to the incoming money during 21 days. However, it doesnt have any mechanism to control the success and legality of the transaction which represents a problem to security.It diers from credit cards -which charging similar fees-, who control and deal with transaction problems. Nevertheless recently this was in question, when Wikileaks revealed U.S. State department diplomatic cables and PayPal decided not to accept transactions to Assanges organization. It seems that in case of supposedly illegal procedures the company is perfectly capable to take part on it. This system could seem like a bank, but it really works quite dierently. For example, the owner of the account doesnt receive any interest for the deposit and all the cash movements, like transactions to physical bank accounts or payments, are charged by the company. Actually, PayPal doesnt use its own money and doesnt back up the transactions either.

5.6

Facebook, a reality approach

Facebook model for Trust and Reputation is the most similar to reality, the user is able to see

Description

how many users are friends with other users, so the measure of reputation is how popular are they.

13

Reputation

The Reputation is, in this approach, the number of friends a user has. So the higher the

number of friends, the higher the weight of its reputation. However, it is not directly linked to Trust, as we will see in the next paragraph. This is the only mathematically computed value we can have gured out of a certain entity. Trust The trust in facebook, relies in many variables. The reputation (number of friends) is one of them and

maybe the most important for many users (people tend to trust the ones that look cool or trendy), however the grade of mutual friendship or particular opinions might also compute in the equation. Troubles Social troubles such as hypotheses like the ones who have more friends are the ones who deserve

to be trusted, and prejudices.

5.7

OpenPGP
OpenPGP is an encryption standard dened on RFC 4880, an open implementation of Phil Zim-

Description

mermanns original PGP. It is then a non-proprietary protocol for encrypting email using public key cryptography, actually based on PGP, and denes standard formats for encrypted messages, signatures, and certicates for exchanging public keys. Like PGP, it uses a serial combination of hashing, data compression, symmetric-key cryptography, and public-key cryptography, where each key is bound to a user name and/or an e-mail address. The procedure is the following: The message is encrypted using a symmetric encryption algorithm, which requires a symmetric key (session key) which will be used only once. The session key is encrypted with the receivers public key thus ensuring that only the receiver can decrypt the session key. The encrypted message along with the encrypted session key is sent to the receiver. PGP also supports message authentication and integrity checking. The sender uses PGP to create a digital signature for the message with either the RSA or DSA signature algorithms. To do so, PGP computes a hash (message digest) from the plaintext, and then creates the digital signature from that hash using the senders private key. Reputation The Reputation of the Protocol is pretty wide. Its well known for being a secure encryption

method though. On the other hand, it has some weaknesses on the public key exchange methods (like the most of public-key encryption methods). This can be solved through what is called Web of Trust and Trust Signatures. Web of Trust Users must ensure by some means that the public key in a certicate actually does belong to

the person/entity claiming it. PGP products have an internal certicate vetting scheme a trust model which named Web of Trust. Mr. Zimmermann was aware of this issue:

14

As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault-tolerant web of condence for all public keys. [9] Web of Trust is a decentralized trust model of a public key infrastructure (PKI), which relies exclusively on a certicate authority (or a hierarchy of such). As with computer networks, there are many independent webs of trust, and any user (through their identity certicate) can be a part of, and a link between, multiple webs. In the web of trust you have a key ring with a group of peoples public keys. The web of trust mechanism has advantages over a centrally managed public key infrastructure scheme but has not been universally used. Users have been willing to accept certicates and check their validity manually or to simply accept them. No satisfactory solution has been found for the underlying problem. In contrast, a typical PKI permits each certicate to be signed only by a single party: a certicate authority (CA). The CAs certicate may itself be signed by a dierent CA, all the way up to a self-signed root certicate. Trust signatures In the (more recent) OpenPGP specication, trust signatures can be used to support creation of certicate authorities. A trust signature indicates both that the key belongs to its claimed owner and that the owner of the key is trustworthy to sign other keys at one level below their own. A level 0 signature is comparable to a web of trust signature since only the validity of the key is certied. A level 1 signature is similar to the trust one has in a certicate authority. It is able to issue an unlimited number of level 0 signatures. A level 2 signature is highly analogous to the trust assumption users must rely on whenever they use the default certicate authority list (like those included in web browsers); it allows the owner of the key to make other keys certicate authorities. Revokation What if a user loses its private key or its access is compromised? PGP versions have always

included a way to cancel (revoke) identity certicates. A lost or compromised private key will require this if communication security is to be retained by that user. This is, more or less, equivalent to the certicate revocation lists of centralized PKI schemes. Recent PGP versions have also supported certicate expiration dates, which ensure that a fake identify will not use the certicate for a very long time. (See Troubles). A key owner may designate a third party that has permission to revoke the key owners key (in case the key owner loses his own private key and thus loses the ability to revoke his own public key). Mean Shortest Distance In statistical analysis of the PGP Web Of Trust the mean shortest distance (MSD) is one measurement of how trusted a given PGP key is within the strongly connected set of PGP keys that make up the Web of trust. 15

MSD has become a common metric for analysis of sets of PGP keys. Very often you will see the MSD being calculated for a given subset of keys and compared with the global MSD which generally refers to the keys ranking within one of the larger key analyses of the global Web of trust. Final Trust According to the previous description of OpenPGP systems, the trust level a user experiences

mostly depends on: How sure is the user that the certicate used to encrypt the message belongs to other end. This is how trustworthy is the certicate itself, and the Web of Trust ring it is part of. Troubles The OpenPGP web of trust is essentially unaected by company failures, and has continued to

function with little change. However, a related problem does occur. Users, whether individuals or organizations, who lose track of a private key can no longer decrypt messages sent to them produced using the matching public key found in an OpenPGP certicate. Early PGP certicates did not include expiry dates, and those certicates had unlimited lives. Users had to prepare a signed cancellation certicate against the time when the matching private key was lost or compromised. Later PGP, and all OpenPGP compliant certicates included expiry dates which automatically preclude such troubles when used sensibly.

5.8

Trust Net
A Trust Net is a decentralized and iterative trust model that relies on the relation of what a

Description

user says and does. Reputation Reputation can be gained by fullling promises made. When a users is promised something but

it isnt then carried out, the reputation on the eyes of the receiving end is decreased. This reputation can be then passed on to other users which can make the process quicker. A practical example of this model can be in game theory. In a semi-competitive game, its players can share their planned strategies with its rivals but if they arent carried out, their rivals (who may have planned their strategies accordingly) might not trust the next announced strategy. Trust The trust value of a user A towards B is: number of honest rounds number of total rounds

T (A, B) =

But the aggregated trust based on both the direct experience and the reputation shared by fellow users depends on probabilistic functions based on the lying factor. Troubles As it has been just said, the system depends on a certain degree on the lying factor. If a large

enough user base lies about a certain user, he or she can deceive others because the trust model isnt working.

16

After a decent amount of time, the direct experience should even out this particular problem and the users reputation should fall accordingly, but a proactive protection system can be dicult to maintain.

5.9

Slashdot
Slashdot is a news web page that relies heavily on the reputation of its users and to sort and

Description

make visible relevant comments about news. Reputation Slashdots reputation system is based on a threaded comments section tied to each news item

that the site editors have posted. These comments have a reputation system based on the +1, -1 ratings but are comprehended from -1 to +5. These votes can only be cast by moderators and each vote can have a short comment attached to it such as normal, otopic, amebait, troll, redundant, interesting, informative or funny. These comment votes are then aggregated to a personal reputation, resulting in a user level of high, normal or low karma. Higher karma means that the users comments start o with a higher default score. When a user has had high reputation for a period of time, it can randomly gain access to a limited number of moderation points. These are then used to vote on other users comments. Users cannot comment and moderate in the same discussion so as to maintain objectivity on the matter. Trust Trust is based on the moderators rating of a given comment and its written feedback. Default options

on the page automatically hide comments below a congurable threshold meaning that in the moderators point of view, that comment isnt relevant to the discussion but it isnt deleted to allow users to see and judge by itself. Troubles Paid sta editors on the page have an innite amount of moderation points which means that the

reputation is basically based on the opinion of a handful of people and can be biased.

6
6.1

Security, consistency and attacks

Sybil Attack

A Sybil attack consists in an attacker who subverts the reputation system of a trust network by creating a large number of online entities, using them to gain a disproportionately large inuence. A reputation systems vulnerability to a Sybil attack depends on how cheaply identities can be generated, the degree to which the reputation system accepts inputs from entities that do not have a chain of trust linking them to a trusted entity, and whether the reputation system treats all entities identically. The Sybil attack takes its name after a book written about the subject of the book Sybil, a case study of a woman with dissociative personality disorder. This case is notorious because it involved 16 personalities (counting the main one) ranging from auto-critical to very emotional personalities and even including two male

17

personalities. Sybils selves gradually became co-conscious of their counterparts and were able to communicate between each other and even published material under their own names. In the context of human online communities, such multiple identities are known as sockpuppets. One of the most recent sockpuppets of an online celebrity is plannedchaos. plannedchaos is a sockpuppet of Scott Adams, writer of one of the oldest webcomics (its been running daily since 1990) called Dilbert. He used the sockpuppet to talk high about himself and was his so called biggest fan on pages like metalter, tumblr or reddit. Protection against Sybil attacks Validation techniques can be used to prevent Sybil attacks and dismiss masquerading hostile identities. Two types of validation can be used, direct and indirect validation. The rst one relies on a central authority, which takes queries and ensures a one-to-one correspondence between an identity and its counterpart. It may even provide reverse lookup, which consists on querying for the counterpart and looking if it matches the identity to be validated. Indirect validation relies on already accepted identities which then vouch for the validity of the new identity in question. Identity-based validation techniques generally provide accountability at the expense of anonymity, which can be an undesirable tradeo especially in online forums that wish to permit censorship-free information exchange and open discussion of sensitive topics. One of such examples might be the Blizzard Real Name Forum Policy initiative that wanted to tie every World of Warcraft account holder to a real life person. This caused a huge uproar on the forums and on the whole video games blogosphere. Blizzard backed o on its proposition and the policy was never mandatory. A validation authority can also attempt to preserve users anonymity by refusing to perform reverse lookups, but this approach makes the validation authority a prime target for attack. Alternatively, the authority can use some mechanism other than knowledge of a users real identity - such as verication of an unidentied persons physical presence at a particular place and time - to enforce a one-to-one correspondence between online identities and real-world users.

6.2

Bootstrap

One characteristic of the rating systems is the importance of participation. The example to explain how this can be a problem has been taken from lmanity.com. There, registered users are able to evaluate all kind of movies, premieres, classical lms, etc. The rating system is based on a ten level scale, each one tied to a textual expression: 10 Excellent 9 Great 8 Very Good 7 Good 18

6 Interesting 5 Decent 4 Regular 3 Poor 2 Bad 1 Awful Automatically, the system calculates the average with all rating, which is the main indicator to know what is the opinion of the other users. Lets imagine a particular case: website administrators add a new lm by John Smith. There is a low participation, because people havent seen it yet. Besides, practically all the initial rates are from loyal fans to John Smith and his amazing thrillers. The average rating is, in this case, 8,7. Are these results trustful? The answer is clearly not. The problem of this rating system is that when there is low participation (a new lm or one that appeals only to a minority group) the results presented are false, thats to say, theres a considerable bias of the information. This means that the more participation, the more reliability the reputation value will have. Filmanity has a reviews section, where users can write at length their considerations about the movies, which is, at the end, the best tool to nd the nuances of the opinions and their references.

6.3

Whirlwind eect

The Whirlwind Eect is a common issue in rating systems, where users vote each others behaviour or actions. In these scenarios user reputation is usually linear with the number of votes it receives for certain actions. Thus, usually the rest of users trust the ones with higher reputation as it seems that more people voted for them and trusted them. So if a group of malicious users manage to be able to vote one another in a circular order, their reputation will increase easily and in a genuine manner. Albeit this attack is more dicult to detect when the group of implied users is bigger, a way to try to stop it may be to limit the number of user ballots an user can cast in order to judge a peer. However it is really dicult to detect without an specic algorithm.

6.4

The downfall of digg

Digg is a news aggregation website that is based on a community model to vote and comment on news to show the most relevant articles to its users. It is based on Slashdots model although more elaborated and less based on appointed moderators. Digg was launched by Kevin Rose on 2004, when the Web 2.0 was getting popular and the site grew in users, which submitted new content and made the website very popular. The number of users involved on the sites was so large that when a little but interesting website, which usually ran on underpowered servers as bigger ones were unneeded for its everyday trac, was linked and dugg 19

to the front page, its servers were knocked over by the inux of trac. This was quite common because its large user base searched for unknown content to gain reputation on the site and it was commonly called the Digg Eect. As the site grew, online companies saw the potential of Digg as a way to have a large number of visitors. Several social media professionals sold its services that included having a customer section of a website dugg to the frontpage of Digg. This was done by a large-scale Sybil attack often in the range of thousands of dierent identities controlled by algorithms to vote and comment to make a submission grow in reputation to the eyes of its users. This game was outed by its users on the website but the administrators wouldnt (or couldnt) stop entirely this attacks. In this state, users couldnt trust entirely new submissions as the reputation it had reaped might be false, and the only way to sort real submissions was to look the comment history of the commenters and decide if the comments were by a real and honest person or were semi-automated and only directed to certain domains or certain kind of content. This scenario trailed on until it became clear of the owners preferences when on August 2010 a new design restyle of the site, Digg v4, was launched. This redesign treated company sponsored submissions dierently to user submissions and most of the front page content was from popular websites, diering from the core Digg idea which was based on its distinctiveness from the popular. This led people to not trust anymore the reputation system instated and ed the website to similar social news aggregators.

Figure 2: Visitor decline on the launch of Digg v4

The CEO Kevin Rose was replaced within a week of the Digg v4 update and resigned from its position entirely a year later. This example shows that users have to trust the reputation method that has been established. Reputation was being forged a lot of time before the release of Digg v4, but it then surpassed thresholds that its users would not tolerate.

20

References
[1] Myerson, 1991. [2] Cryptography and Network Security, Principles and Practices, William Stallings, International Edition (013-111502-2). [3] Wikipedia.org, http://en.wikipedia.org/wiki/Reputation [4] Wikipedia.org, http://en.wikipedia.org/wiki/Reputation_system [5] Wikipedia.org, http://en.wikipedia.org/wiki/Computational_trust [6] Wikipedia.org, http://en.wikipedia.org/wiki/Trust_law [7] Wikipedia.org, http://en.wikipedia.org/wiki/Game_theory [8] Google Inc., http://www.google.com/corporate/tech.html [9] Wikipedia.org, http://en.wikipedia.org/wiki/Web_of_trust [10] Wikipedia.org, http://en.wikipedia.org/wiki/Pretty_Good_Privacy [11] Wikipedia.org, http://en.wikipedia.org/wiki/EBay [12] Wikipedia.org, http://en.wikipedia.org/wiki/PayPal

[13] Thenextweb.com, http://thenextweb.com/socialmedia/2010/09/23/diggs-traffic-is-collapsing-at-home-and [14] Metalter.com, http://www.metafilter.com/102472/How-to-Get-a-Real-Education-by-Scott-Adams# 3639512

21