On Friday 22 May 2009 18:59:47 Evan Daniel wrote: > On Fri, May 22, 2009 at 12:39 PM, Thomas Sachau <mail at tommyserver.de> > wrote: > > Evan Daniel schrieb: > >> On Fri, May 22, 2009 at 10:48 AM, Thomas Sachau <mail at tommyserver.de> > >> wrote: > >>> Matthew Toseland schrieb: > >>>> On Friday 22 May 2009 08:17:55 bbackde at googlemail.com wrote: > >>>>> Is'nt his point that the users just won't maintain the trust lists? > >>>>> I thought that is the problem that he meant.... how can Advogato help us > >>>>> here? > >>>> Advogato with only positive trust introduces a different tradeoff, which > >>>> is > >>>> still a major PITA to maintain, but maybe less of one: > >>>> - Spammers only disappear when YOU mark them as spammers, or ALL the > >>>> people > >>>> you trust do. Right now they disappear when the majority, from the point > >>>> of > >>>> view of your position on the WoT, mark them as spammers (more or less). > >>> So this is a disadvantage of avogato against current FMS implementation. > >>> With the current FMS > >>> implementation, only a majority of trusted identities need to mark him > >>> down, with avogato, either > >>> all original trusters need to mark him down or you need to do it yourself > >>> (either mark him down or > >>> everyone, who trusts him, so > >>> FMS 1:0 avogato > >> > >> As I've said repeatedly, I believe there is a fundamental tradeoff > >> between spam resistance and censorship resistance, in the limiting > >> case. ?(It's obviously possible to have an algorithm that does poorly > >> at both.) ?Advogato *might* let more spam through than FMS. ?There is > >> no proof provided for how much spam FMS lets through; with Advogato it > >> is limited in a provable manner. ?Alchemy is a bad thing. ?FMS > >> definitely makes censorship by the mob easier. ?By my count, that's a > >> win for Advogato on both. > > > > I dont think you can divide between "spam resistance" and "censorship > > resistance" for a simple > > reason: Who defines what sort of action or text is spam? Many people may > > mostly aggree about some > > sort of action or content to be spam, but others could claim the reduced > > visibility censorship. > > And i dont see any alchemy with the current trust system of FMS, if > > something is alchemy and not > > clear, please point it out, but the exact point please. > > And FMS does not make "censorship by a mob easier". Simply because you > > should select the people you > > trust yourself. Like you should select your friends and darknet peers > > yourself. If you let others do > > it for you, dont argue about what follows (like a censored view on FMS). > > Yes, the spam and censorship problems are closely related. That's why > I say there is something of a tradeoff between them. The problem with > FMS should be obvious: if some small group actively tries to censor > things I consider non-spam, then it requires a significant amount of > effort by me to stop that. I have to look at trust lists that mostly > contain valid markings, and belong to real people posting real > messages, and somehow determine that some of the entries on them are > invalid, and then decide not to trust their trust list. Furthermore, > I have to do this without actually examining each entry on their trust > list -- I'm trying to look at *less* spam here, not more. The result > is a balkanization of trust lists based on differing policies. Any > mistakes I make will go unnoticed, since I won't see the erroneously > rejected messages. > > In FMS, a group with permissive policies (spam filtering only) and a > group that filtered content they found objectionable can't make > effective use of each other's trust lists. However, the former group > would like to trust the not-spammer ratings made by the latter group, > and the latter group would like to trust the spammer ratings made by > the former. AIUI, the balkanization of FMS trust lists largely > prevents this. Advogato would allow the permissive group to make use > of the less permissive group's ratings, without allowing them to act > as censors. > > IMHO, the Advogato case is better for two reasons: first, favoring > those who only want to stop spam over those who want to filter > objectionable content is more consistent with the philosophy behind > Freenet. Second, spam filters of any sort should be biased towards > type II errors, since they're less problematic and easier to correct. > > Essentially, I think that FMS goes overboard in its attempts to reduce > spam. It is my firm belief that limiting the amount of spam that can > be sent to a modest linear function of the amount of *manual* effort a > spammer exerts is sufficient. Spam is a problem in both Frost and > email because spammers can simply run bots. The cost of FMS, both in > worry over mob censorship and work required to maintain trust lists, > is very high. I think that the total effort spent by the community > would be reduced by the use of an algorithm that took more effort to > stop spammers, and less effort to enable normal communications. We > need to be aware of what we optimize for, and make sure it's really > what we want. > > I've explained why FMS is alchemy before, but it's an important point, > so I don't mind repeating it. FMS has some goals, and it performs an > algorithm. There is no proof that the algorithm accomplishes the > goals, either in whole or in part. An algorithm that does not come > with a proof that it works is alchemy, whether it is for routing > between nodes, spam filtering, or a simple sort of an array of > integers. In contrast, the Advogato algorithm has a mathematical > proof that the spam is bounded linearly by the confused identities > (legitimate identities that mistakenly trust spammers). > > >>>> - Making CAPTCHA announcement provide some form of short-lived trust, so > >>>> if > >>>> the newly introduced identity doesn't get some trust it goes away. This > >>>> may > >>>> also be implemented. > >>> This would require adding trust to new people, As you can see with FMS, > >>> having everyone spending > >>> dayly time on trustlist adjustments is just an idea, which wont come > >>> true. So this would mean that > >>> every identity that is not very active will loose any trust and would > >>> have to introduce himself > >>> again. More pain and work resulting in less users. > >> > >> See my proposal (other mail in this thread, also discussed > >> previously). ?Short-range but long-lived trust is a better substitute, > >> imho. > > > > I would call it censorship because those that see you because of captcha > > announcement can themselves > > say what happens, > > -if they dont give you trust, most wont see you => you are lost, are > > censored > > -if the give you trust, everyone will see you => not censored > > > > This would give a small group of people the chance to censor newly > > announced identities (also the > > group may be different for every identity). > > Then use a more permissive capacity:distance function. There is no > requirement that you use a shorter range function, or that you use the > same function as everyone else. IMHO, the default should be somewhat > shorter range, in an attempt to balance the number of people that see > new identities. As you observe, too few leads to censorship > possibilities (out of malice or just plain laziness). Too many means > that an identity with CAPTCHA trust only can spam and have everyone > see that spam, which provides the spammer a reasonably efficient way > to send spam.
So it's a tradeoff which can be easily configured by the user. I agree with pretty much all of the above, but the medium-term worry is that we will start to have to worry about those who trust spammers, and those who trust those who trust spammers. By eliminating negative trust, Advogato forces us to either tolerate a certain (and unclear) amount of spam, or spend a lot of effort on hunting down those who trust spammers, resulting in massive collateral damage. > >> > >> Also, what do you mean by review of identities added from others? > >> Surely you don't mean that I should have to manually review every > >> poster? ?Isn't the whole point of using a wot in the first place that > >> I can get good trust estimates of people I've never seen before? > > > > In FMS, there is currently a simple page, where the latest added identities > > are listed and how they > > where listed. So if you get many spamming identities and they are all added > > from 1 trusted peer, > > just remove his trustlist trust and all those new spamming identities wont > > reach you. We want to make it easy, or nobody will do it. Poring over your trust list day after day is not most people's idea of fun. There are three approaches, given positive trust only. Depending on the level of effort exerted by the spammer, we move from one tradeoff between spam resistance and censorship resistance to the next. IMHO the last stage involves significant risk of censorship or at least collateral damage, while obviously having the strongest spam resistance. The first approach is to mark spammers as spammers, and limit the capacity of trusted identities to create new spammers by for example limits on the number of identities that can change in a trust list in one day. This means that everyone will have to mark all the spam identities as spam, much as in Frost with the Alice bot. It will deter newbies, but it should be usable for the determined. Note that it is *essential* on a positive trust only network that our spam markings override others' positive trust levels. The second approach is when we mark an identity as spam, WoT realises that an identity trusting that spammer also trusts a lot of other spammers, and proposes that we mark the parent identity as a spammer, at least for purposes of trust list trust. Hopefully this will be enough. The cost for every user will be to mark a few spammer posts as spam, and then accept WoT's recommendation to mark the parent as spammer. "A few" will be an arbitrary parameter that will have to be argued about, higher means less chance of marking non-spammers as spammers, but at the cost of seeing more spam. The third approach is that when we mark the parent identity as spam, WoT suggests marking those who trust the parent identity also as spammers for purposes of trust list trust (if we trust them; if we don't, it's not our problem; we are trying to optimise the network *for other people*, particularly for newbies, here). We can try to be polite about this using ultimatums, since it's likely that they didn't deliberately choose to trust the spam-parent knowing he is a spam-parent - but if they don't respond in some period by removing him from their trust list, we will have to reduce our trust in them. This will cause collateral damage and may be abused for censorship which might be even more dangerous than the current problems on FMS. However, if there is a LOT of spam, or if we want the network to be fairly spam-free for newbies, the first two options are insufficient. :| > > Having the review mechanism available makes sense to me, so long as it > is not required. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090522/cd1a437b/attachment.pgp>
