Pseudo Anonymity and Reputation Systems
Session topic: Reputation System (W3G)
Convener: Darius Dunlap
Notes-taker(s): Gam Dias
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Definitions: Anonymous Can’t be traced Knnown ID Declared, True ID Obscure ID Anonymous but traceable Pseudo-Anonymous Verified (Authenticated) but not traceable
Pseudo Anonymous – where I want to use a service, but I don’t want to necessarily be ‘found’
Running a non-profit, we are interested in certain things (e.g. teenage pregnancy). As the non-profit, we want to use sites without revealing the person
For a Federated Reputation system to be able to Authenticate a person without actually identifying the user themselves
Can I visit a site and allow the organization know ‘about me’ rather than ‘of me’
Users would include Organizations who also want to use a service, so organizations that are using services as would a person
Not trying to solve the security problems of the internet
Today ISPs are not allowed to sell the mapping of your IP address to NGOs
What do we do about reputation and how can we separate users different personas that use different sites
Another use scenario – I want to review a hotel.. and the reader wants to know that the reviewer is a person and not a shill
If that pseudonym has got positive reviews on their content, how
This has been discussed at IIWs in the past, when you talk about psuedonymity you need to discuss reputation:
- I am not a robot
- I am not a shill
- I write good reviews
The application can have game attributes (gamification) that will ensure users value their reputation
Pseudonymity should be the default in all Authentication systems (Steve William SBW.org)
In a federated and distributed system, a person can have 5 online personas
Facebook by nature aggregates multiple identities rather than maintaining a separation
Pseudonymity is very difficult to maintain in the real world – online because of the IP address, the ISPs can join these up
We have trained unsophisticated users to not manage separate online personas
EFF has a tool to identify users on a browser
How can we help users to manage their online identity better
Facebook is a good tool for training people to be non-anonymous
The natural most convenient action should have the good online identity management practice for the individual
Are you proposing a building block for helping to solve this?
Solving these problems starts with a good reputation system
As well as segmentation whatever system needs to integrate – so a family id or a company id
Is reputation portable? How can reputation information be transferred between communities
Although two people are acting via pseudonyms, they need to discover each other or not
Reputation as a movable ‘currency’ when is it transitive (not a fungible currency)
And NOT (so an individual can hide one aspect of their persona from another)
The currency should not be gameable
There should be a granular aspect to the reputation with all the permissions
If the reputation is faulty you should be able to change that
Marketingdouchebag on Twitter has a higher reputation and he maintains the reputation of that persona. He maintains this reputation more than he does the online persona
Even if all we did was to enable pseudonyms to be used in context e.g. Facebook, that would be a step forward
Most people treat their identity as one thing, on the internet, servers are managing
Facebook believe that if you are on facebook as you, you will behave better.
This is isomorphic to what the VRM community is saying a free customer is more valuable than a captive one
The right reputation system will make the internet a better place
Will it take a catastrophe (e.g. Playstation credit card occurrence)
If you want to transfer your reputation and have this follow across personas you end up tying them together
With Whuffie, it works like eCash
Although we are already here with Facebook the emergence of Agent technology will give us the
About 10 years ago, Rich (from data people) build this reputation management – like a roaming agreement for personas. The WTO has a set of global agreements for patents, this brokedown and has been replaced by the ACTA
In the same way each community can see a different view of a person’s persona
(google “Addapt”) There are practical communities (e.g. distinct private bittorrenting communities) are practicing this today
Drummond is working on a model like this for Connect.me
As I am listening to people talk about the login experience – they don’t need to know who I am, they just need to know the IDP I am using
The missing piece is the reputation manager
How do they all link up?
What is the biggest most successful reputation on the internet right now? Google Page Rank for pages
Pseudonoymity should be the default, it should be built upon a strong set of building blocks with the right granular permissions on access or usage.
We are not starting from scratch, where do we start from?
We can start from the ID systems – and people need to walk away from everything they currently have?
Anything that a IDP does for you adds value and creates stickiness for users
If you take the argument that ‘privacy is dead’ and allow the system to track us completely – it allows all acts to be trackable and gives fraud consequences. If one person steps outside of this (because people don’t want to be tracked) – then that person cannot be tracked.
What we are training people today harms them, and we should really be stopping those behaviors. Can we build these in to richer experiences.
A system that prevents all evil means that there is no room for an offline experience. A system should be essentially empty for reputation and should be able to rebalance with more information.