On Fri, May 22, 2009 at 10:48 AM, Thomas Sachau <m...@tommyserver.de> wrote: > Matthew Toseland schrieb: >> On Friday 22 May 2009 08:17:55 bbac...@googlemail.com wrote: >>> Is'nt his point that the users just won't maintain the trust lists? >>> I thought that is the problem that he meant.... how can Advogato help us >>> here? >> >> Advogato with only positive trust introduces a different tradeoff, which is >> still a major PITA to maintain, but maybe less of one: >> - Spammers only disappear when YOU mark them as spammers, or ALL the people >> you trust do. Right now they disappear when the majority, from the point of >> view of your position on the WoT, mark them as spammers (more or less). > > So this is a disadvantage of avogato against current FMS implementation. With > the current FMS > implementation, only a majority of trusted identities need to mark him down, > with avogato, either > all original trusters need to mark him down or you need to do it yourself > (either mark him down or > everyone, who trusts him, so > FMS 1:0 avogato
As I've said repeatedly, I believe there is a fundamental tradeoff between spam resistance and censorship resistance, in the limiting case. (It's obviously possible to have an algorithm that does poorly at both.) Advogato *might* let more spam through than FMS. There is no proof provided for how much spam FMS lets through; with Advogato it is limited in a provable manner. Alchemy is a bad thing. FMS definitely makes censorship by the mob easier. By my count, that's a win for Advogato on both. > >> - If you mark a spammer as positive because he posts useful content on one >> board, and you don't read the boards he spams you are likely to get marked as >> a spammer yourself. > > If this is true for avogato, it is again a disadvantage. You should not be > responsible for something > you dont see and did. In FMS, this would result in a reduced Trustlist Trust, > which just means that > you are not trusted to introduce new identities, no spammer mark or similar, > so > FMS 2:0 avogato The Advogato algorithm extends (while maintaining the proof validity) to separate message and trust list trusts just fine. I'm inclined to think making the distinction is a good idea, for exactly this case. Once the distinction is present, the two should behave fairly similarly. > >> - If a spammer doesn't spam himself, but gains trust through posting useful >> content on various boards and then spends this trust by trusting spam >> identities, it will be necessary to give him zero message list trust. Again >> this has serious issues with collateral damage, depending on how >> trigger-happy people are and how much of a problem it is for newbies to see >> spam. > > Again, disadvantage for avogato, if that is true, but basicly the same as > above: This is solved via > reduced Trustlist Trust, not reducing message trust in FMS. > >> Technologically, this requires: >> - Making sure that my local ratings always override those given by others, so >> I can mark an identity as spam and never see it again. Dunno if this is >> currently implemented. > > This is possible with FMS (optional, either your vote is part of the final > trust calculation or it > overrides the overall trust result). Having that option sounds like a good idea, regardless of the underlying algorithm. > >> - Making CAPTCHA announcement provide some form of short-lived trust, so if >> the newly introduced identity doesn't get some trust it goes away. This may >> also be implemented. > > This would require adding trust to new people, As you can see with FMS, > having everyone spending > dayly time on trustlist adjustments is just an idea, which wont come true. So > this would mean that > every identity that is not very active will loose any trust and would have to > introduce himself > again. More pain and work resulting in less users. See my proposal (other mail in this thread, also discussed previously). Short-range but long-lived trust is a better substitute, imho. > >> - Limits on identity churn in any trust list (1 new identity per day averaged >> over a week or something), to ensure that an attacker who has trust cannot >> constantly add new identities. > > Only the number of identities added because of solved captchas should be > limited and the limit > number is the number of announced captchas, which should be more than around > 1/day. For added > identities from others, you will always do some basic review, maybe with some > advanced option to > remove all identities introduced by a specific identity. No, that is not sufficient. The attack that makes it necessary (which is also possible on FMS, btw -- in fact it's even more effective) is fairly simple. A spammer gets a dummy identity trusted manually by other people. He then has it mark several other identities as trustworthy. Those identities then spam as much as is worthwhile (limited only by message count limits, basically). The spammer then removes them from the dummy identity published trust list, adds new spamming identities, and repeats. The result is that his one main identity can get a large quantity of spam through, even though it can only mark a limited number of child identities trusted and each of them can only send a limited amount of spam. Also, what do you mean by review of identities added from others? Surely you don't mean that I should have to manually review every poster? Isn't the whole point of using a wot in the first place that I can get good trust estimates of people I've never seen before? > >> It probably also requires: >> - Some indication of which trusted identities trust a spammer when you mark >> an >> identity as a spammer. > > In FMS, you can simply watch the list of trusts of the spammer identity to > get this information. > >> - Sending an ultimatum to the trusted identity that trusts more than one >> spammer: stop trusting spammers or we'll stop trusting you. This would have >> to be answered in a reasonable time, hence is a problem for those not >> constantly at their nodes. > > You may note him about if, if you want (either public, or if implemented via > private message), but > basicly, why this warning? Does it help him in any way, if we trust him or > does it harm him, if we > dont any more trust him? At least in FMS it does not change his visibility, > but may change the > trustlist trust that others get for him and so may or may not include his > trusts. Having a well-connected graph is useful, regardless of the algorithm. If the reason the person trusted a spammer was that they made an honest mistake (or got scammed by a bait-and-switch, or...) then you may want to continue using their trust list but inform them of the problem. If they don't want to fix the problem, you probably don't want to continue using their trust list. Evan Daniel _______________________________________________ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
