|
Blockchain was the first thing I thought about, because that sounds like an poster-child case of actually useful blockchain. But thinking again, I'm not sure, wouldn't it be rather expensive to run on a blockchain? Either you use some pre-existing blockchain with smart contracts & such: so basically, make an Ethereum DApp and burn gas. Or you would need to implement all the same PoW as other cryptocurrencies, with is an unwelcome overhead, considring people don't even like to seed torrents for too long. On the other hand, I'm not sure that incentive to fake torrents is THAT high, so maybe some very weak version of it would suffice, because very few will be ready to spend money to create fake votes for their torrents. I seriously have no idea. The second idea, which comes to mind is that there are "reputable" release groups for most of the content anyway, many with a web-page of their own, and it would suffice to make signing with a private key a common practice, or maybe even implement some sort of standard protocol to fetch these keys and verify torrents (with curated source lists). But then again, it seems practical, but not really decentralized anymore, as it often happens. Which gives me a third idea: to know that an item is trusted, you don't really have to make a decentralized reputation system. I mean, you don't need a score and many votes to mark item as "trusted": you only need 1 trusted vote. So it seems like we could have something like a decentralized certificate authority. So, something exactly like a regular certificate authority: there is a trusted CA, and it can manually sign other CAs that become trusted as well, anyone can revoke certificates and so on, but instead of 1 root CA there are possibly many, different for different nodes/people. Of course, we still have "the hard problem" unsolved, we only transformed it into a different hard problem, but the difference is I think we don't actually have to solve this one! We could be piggybacking on some pre-existing social graph, possibly decentralized and quasi-anonymous. Imagine this being built-into some federated social network, like Matrix or Mastodon! You decide to trust someone for some absolutely non-technical reasons, that have nothing to do with cryptography, and everything else is relatively easy and simple. Surely, malicious signatures would still find their way, but they would be rare enough and it would help no one if you can make tons of fake CAs, because they are not trusted by default, and if you can find a compromised CA that is trusted by somebody: well, everybody can just blacklist that CA (and all of its children) after you sign some malware with it. There is one thing I'm not sure about: if we can somehow (usefully) implement signing and revoking without revealing who of your "friends" signed it. It would seem desirable to make all activity graphs non-transparent and anonymous in a practical sense. It somehow feels possible to me, but I'm sleepy and a bit foggy right now, so maybe there's a problem with it. Of course, it still would be useful without that feature, but a bit less nice. I would surely be more inclined to mark torrents as "verified" for all my "subscribers" if all they will know is that "somebody trusted" verified it, and not that it was me. Maybe it's less of a problem if only "bad" torrents are explicitly marked as such. |
Also it sounds like you're almost suggesting some sort of zero-knowledge proof system, whereby a user could calculate the average trust rating for a given entity across all their (friends of) friends, without that result disclosing the rating given by any specific friend. There are probably already algorithms for doing that, if necessary using the techniques of privacy-preserving cryptocurrencies.
[0] https://matrix.org/blog/2020/10/19/combating-abuse-in-matrix...