display | more...


Trust metrics are going to be one of the building blocks of future online communities. Advogato Trust Metric has the most visible example, but the concept of a trust metric is of great importance in computer security as well as in building community.

More generally speaking, a metric is a "standard of measure". For instance, my height is measured in feet - feet are the metric used. Metrics are used all the time in all sorts of situations.

Some Examples

In Unix, the metric of trust is pretty large. You either have, or have not, a certain kind of access to a resource. You might be able to only read it, or only write it, or only execute it. Perhaps all three, or a combination thereof. Based on what role you fill relative to the resource (for instance, owning a file), you get different permissions. Since the metric is so gross, and it only indicates a single persons opinion, it's not necessarily very useful.

More advanced systems (like people/society) need more complex metrics. You trust the people around you to differing extents. Joe across the street might be trusted to water your cats while you're in Cancun, but not to drive your car. But you might trust him more than Jane when it comes to, say, garden hose length estimation. The trust metric in society is much finer grained than in Unix and most other computer systems.

Advogato's Trust System

see http://www.advogato.org/trust-metric.html for the source material for this section

Advogato is an excellent example of a trust metric. Although the method they describe/use is used only to rank their community of open source developers, it's a good introduction to the concept of trust metrics.

Basically, Advogato lets people say that they either trust someone, or don't. Bonds of trust are formed when one person issues a certificate about someone else. Certificates can say anything - for instance, I might certify that ideath is female, or s_alanet is male. A gender certification system could be useful if you were running an online dating system.

By the same token, you could also certify people (in the context of our dating system) as "cute," or "intelligent." In fact, based on what people say about each other in certificates, you could build up a pretty good idea of what someone is like. You might find the mcc is "male", and "intelligent", while Klaproth is "metallic" and "distant".

So, now you can see who has said what about people. Let's also say that in our dating service, people can certify other people as "trustworthy". For instance, I might identify brainwave as a fellow of great and insightful perceptions, and certify him as "trustworthy", because he's often right. Good deal, right?

Well, yes, and you could treat certificates as votes. "Well, thefez has 8 certificates that he's male, and one that he's female, so he's probably male." "GlowingFish has 20 certificates that say he knows Japanese, and three that say he knows Australian. He probably knows Japanese and not Australian."

But say EDB gets hungry, and decides to lure all the men on E2 to the Everything Death Lair for consumption... So EDB registers a bunch of accounts and has them all certify him as "hot" and "sexy" and "female" and "trustworthy".

All of a sudden, EDB has 300 votes that he's "female"! And "hot" and "sexy"! Wow! Next thing you know, CzarKahn and PMDBoi have rushed down to see EDB and...

EDB eats CzarKahn. CzarKahn is good food!
EDB eats PMDBoi. PMDBoi is good food!

Oh no! At this rate, we won't have anyone for all the wonderful females on our dating service to date! What can we do to counteract EDB's evil multi-account schemes?

Well, we could spend a lot of effort quashing his bogus accounts (all named edb0001, edb0002, edb0003...) or we could come up with a simpler, easier solution.

We're lazy (well, I am. I don't know about you.), so we decide to go with the latter.

Well, how can we make it so that new bogus accounts don't affect our trust metrics (ie, how "hot" someone is, if they're "female", etc.)?

Simple. Instead of treating certificates like votes, we make peoples certificates "count" based on how trusted that person is. The advantage to that is that EDB now has to get people to certify that all his dummy acounts are certified... And if we set things up right, even if all his dummy accounts certify themselves, the system will recognize that there is simply an island of trust, and that no one trusts any of the dummy accounts except other dummy accounts!

(Still with me? Good. This is where I start getting clever. Or at least the Advogato people do.)

The way this works is simple.

First, you select a small group of people that are trusted completely. These people are the "seed" of the trust system. For instance, on E2, the very oldest, most respected gods would be good picks for a "seed." On our dating service, we'll just say that I am. Cuz, like, I know who all the honest people are. I can smell 'em.

(They smell like a meat pizza after a cool rain.)

Imagine that these people are little dots. For our dating example, let's say it's s_alanet and renderer that are trusted.

 |            |
Figure 1. s_alanet and renderer are the Seed.

See the + and the -? They're the "source" and the "sink". Imagine trust is like water. The + is the faucet. The little pipey characters are pipes, and names are little flow gauges. The - is the drain.

There's only one faucet and one drain. Right now, the flow of trust is split evenly between s_alanet and renderer.

Now, say that Klaproth and EDB join, in search of Live Nude Thespians or the bot equivalent. They join, and, I, seeing that Klaproth is a nice fellow, certify him as "trustworthy". Now the flow looks like this:

 |            |
 \--renderer-<|    EDB

Figure 2. Some bots join the mix.

Notice how Klaproth now gets at least part of the flow of trust (not as much as me or renderer, but still a good chunk!), but EDB gets none? Suddenly, Klaproth's opinions, as expressed in certificates, start counting on the site. When people look at EDB, they see that he is "metal", because all three of us have certified him as being so.

Even if EDB certified himself as "soft", and had a bunch of new accounts join, they still wouldn't change that, because they don't get any trust flow.

But what if Wuukiee joins, and Klaproth certifies Wuukiee as trustworthy, and then Wuukiee innocently certifies EDB, not realizing what skullduggery is afoot?

Suddenly, EDB and his dummy accounts get trust flow!

 |            |        \-Wuukiee
 \--renderer-<|         /
              |     EDB--edb dummy accounts--

Figure 4. Trust flow is compromised!

Oh dear! What will happen? Well, first off, the flow coming out of people is always less than what went in. Klaproth isn't trusted as much as s_alanet, and Wuukiee even less so, and EDB even less... So by the time the flow gets to the dummy accounts, they hardly get any trust flow at all. Their opinions are practically meaningless because of this, and (if the numbers are tweaked right), opinions of real people like s_alanet and renderer and Wuukiee will outweigh theirs tremendously.

Applications And Conclusion

So now we've got a neat-o, robust way to handle trust. Opinions can be expressed and new people can join, but bogus accounts are ignored. This is a Good Thing! But what to do with it, once we have it?

  • See who in a community is worth listening to, based on how many people choose to listen to them (ie, certify them as "listened to").
  • For any sort of P2P system, it's a great way to keep track of which files are bogus, which files are great.
  • You could implement some interesting clan systems in an online game.
  • Or an auto-muting system in forums, so that people everyone likes are heard more clearly, and spammers are ignored.

It isn't a cure all, but trust metrics are a profoundly more flexible system of tracking the shifting, complex relationships between humans than any "permission" based system. They allow much more democratic decisions to be made, and effectively keep out those who wish to abuse the system.

Further Reading

Some thing to learn about if this interested you...

And, as always, if I left something out or made a mistake, /msg me!

Log in or register to write something here or to contact authors.