[dane-pgp]

Someone needs to solve online identity and reputation (in a privacy-preserving way) so that you can accumulate trust on one site/service and carry that over to another. Ideally such a system shouldn't devolve into trusting just a few large American corporations to decide who is and isn't allowed an online existence.

It feels like we can't have nice things because if you want to put a user-editable resource online, you first have to solve the Sybil attack problem. The more valuable the resource is, the more friction you need to put in the way of users to make them prove their humanity and divulge more of their offline identity, and this takes up engineering time which could have been devoted to making the resource itself more useful.

By "resource" I mean anything that accepts and displays user input from the internet, whether that's a wiki or a poll or a form or a multiplayer game or an online review or some completely new type of content that hasn't emerged yet because innovative creators have given up after their first bot raid.

[webmaven]

> Someone needs to solve online identity and reputation (in a privacy-preserving way) so that you can accumulate trust on one site/service and carry that over to another.

The problem is that most of the existing ways of transferring reputation (or the appearance of it) between contexts result in opportunities for arbitrage: celebrity endorsements, scientists supporting theories outside of their field, con artists leveraging social proof escalation, phishing, etc.

We've seen some of the strictest mechanisms of reputational transference leveraged for illicit purposes:

https://cromwell-intl.com/cybersecurity/pki-failures.html

Everything that makes reputation and trust transfers useful and convenient for users creates a huge attractive nuisance for illicit actors, from state level APTs on down to 419 scammers and everyone in between.

[dane-pgp]

> transferring reputation ... between contexts

The problem is, the systems we have today don't put walls between contexts but between implementations.

If someone is a famous actor, and they have millions of followers on Twitter, then they can tweet out some hot take on vaccines and all their followers will see that. However, if a scientist has a lot of followers on Twitter, but wants to move their account over to Mastodon, they have to start from scratch and lose their audience.

[webmaven]

And yet, the actor can far more easily leverage their Twitter following to establish an Instagram audience, to post the same hot takes.

Conclusion: Celebrity reputation is more transferable than science reputation.

Which is beside the point, because the ability to migrate between services doesn't affect the issue I was pointing out that the potential of making social media followers, Academy Award nominations, and academic citation metrics all fungible with an "Internet points" abstraction even in principle is almost certainly a disaster waiting to happen.

I'm commenting on the "trust and reputation" aspect in the bit I quoted, and you're replying on the topic of identity and federating the social graph (where I actually don't disagree with you).

[dane-pgp]

Thank you for clarifying. I still think the situation isn't quite as bleak as you're suggesting.

> making social media followers, Academy Award nominations, and academic citation metrics all fungible with an "Internet points" abstraction even in principle is almost certainly a disaster waiting to happen.

I don't recommend that any community makes a social media follower equivalent in value to an academic citation metric, but there may be specific cases where, for example, having more than 1000 social media followers grants you the same allowance of a resource (e.g. compute cycles, or disk space) as having 1 research paper cited in a prestigious journal.

The important thing is that it would be up to each community to decide for themselves how much each type of reputation is worth. (They could even decide that having an Academy Award nomination should give negative reputation, although if identities are anonymous then a user would have plausible deniability).

It's also worth noting that social media followers are, in some sense, already fungible. For example, some monetisation programs require at least 1000 followers, and some brand deals require a specific audience size. Obviously that is treating one follower as completely interchangeable for any other follower.

[webmaven]

> I don't recommend that any community makes a social media follower equivalent in value to an academic citation metric, but there may be specific cases where, for example, having more than 1000 social media followers grants you the same allowance of a resource (e.g. compute cycles, or disk space) as having 1 research paper cited in a prestigious journal.

Okay, let's explore that. Now a researcher has an incentive to go buy social media followers as a hack to get compute resources.

The problem with these sorts of equivalencies is that they are often transitive ($ = followers, followers = compute, therefore $ = compute). I've exploited some myself in a small way (eg. created Gmail accounts to generate 'referrals' to get more free storage), but many developer services have recently had to discontinue their free tiers due to exploitation for mining bitcoin, and there is a whole subculture of travel points and credit card reward hacks, eg. https://www.npr.org/sections/money/2011/07/13/137795995/how-...

Formalizing a mechanism for reputational equivalencies could lead to an explosion of exploitable edge cases similar in spirit to privilege escalation in a security context.