Pseudo Anonymity and Reputation Systems

From IIW

Session topic: Reputation System (W3G)

Convener: Darius Dunlap

Notes-taker(s): Gam Dias

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Anonymous     Can’t be traced
Knnown ID     Declared, True ID
Obscure ID    Anonymous but traceable
Pseudo-Anonymous  Verified (Authenticated) but not traceable

Pseudo Anonymous – where I want to use a service, but I don’t want to necessarily be ‘found’

Running a non-profit, we are interested in certain things (e.g. teenage pregnancy). As the non-profit, we want to use sites without revealing the person

For a Federated Reputation system to be able to Authenticate a person without actually identifying the user themselves

Can I visit a site and allow the organization know ‘about me’ rather than ‘of me’

Users would include Organizations who also want to use a service, so organizations that are using services as would a person

Not trying to solve the security problems of the internet

Today ISPs are not allowed to sell the mapping of your IP address to NGOs

What do we do about reputation and how can we separate users different personas that use different sites

Another use scenario – I want to review a hotel.. and the reader wants to know that the reviewer is a person and not a shill

If that pseudonym has got positive reviews on their content, how

This has been discussed at IIWs in the past, when you talk about psuedonymity you need to discuss reputation:

  • I am not a robot
  • I am not a shill
  • I write good reviews

The application can have game attributes (gamification) that will ensure users value their reputation

Pseudonymity should be the default in all Authentication systems (Steve William


In a federated and distributed system, a person can have 5 online personas

Facebook by nature aggregates multiple identities rather than maintaining a separation

Pseudonymity is very difficult to maintain in the real world – online because of the IP address, the ISPs can join these up

We have trained unsophisticated users to not manage separate online personas

EFF has a tool to identify users on a browser

How can we help users to manage their online identity better

Facebook is a good tool for training people to be non-anonymous

The natural most convenient action should have the good online identity management practice for the individual

Are you proposing a building block for helping to solve this?

Solving these problems starts with a good reputation system

As well as segmentation whatever system needs to integrate – so a family id or a company id

Is reputation portable? How can reputation information be transferred between communities

Although two people are acting via pseudonyms, they need to discover each other or not

Reputation as a movable ‘currency’ when is it transitive (not a fungible currency)

And NOT (so an individual can hide one aspect of their persona from another)

The currency should not be gameable

There should be a granular aspect to the reputation with all the permissions

If the reputation is faulty you should be able to change that

Marketingdouchebag on Twitter has a higher reputation and he maintains the reputation of that persona. He maintains this reputation more than he does the online persona

Even if all we did was to enable pseudonyms to be used in context e.g. Facebook, that would be a step forward

Most people treat their identity as one thing, on the internet, servers are managing

Facebook believe that if you are on facebook as you, you will behave better.

This is isomorphic to what the VRM community is saying a free customer is more valuable than a captive one

The right reputation system will make the internet a better place

Will it take a catastrophe (e.g. Playstation credit card occurrence)

If you want to transfer your reputation and have this follow across personas you end up tying them together

With Whuffie, it works like eCash

Although we are already here with Facebook the emergence of Agent technology will give us the

About 10 years ago, Rich (from data people) build this reputation management – like a roaming agreement for personas. The WTO has a set of global agreements for patents, this brokedown and has been replaced by the ACTA

In the same way each community can see a different view of a person’s persona

(google “Addapt”) There are practical communities (e.g. distinct private bittorrenting communities) are practicing this today

Drummond is working on a model like this for

As I am listening to people talk about the login experience – they don’t need to know who I am, they just need to know the IDP I am using

The missing piece is the reputation manager

How do they all link up?

What is the biggest most successful reputation on the internet right now? Google Page Rank for pages

Pseudonoymity should be the default, it should be built upon a strong set of building blocks with the right granular permissions on access or usage.

We are not starting from scratch, where do we start from?

We can start from the ID systems – and people need to walk away from everything they currently have?

Anything that a IDP does for you adds value and creates stickiness for users

If you take the argument that ‘privacy is dead’ and allow the system to track us completely – it allows all acts to be trackable and gives fraud consequences. If one person steps outside of this (because people don’t want to be tracked) – then that person cannot be tracked.

What we are training people today harms them, and we should really be stopping those behaviors. Can we build these in to richer experiences.

A system that prevents all evil means that there is no room for an offline experience. A system should be essentially empty for reputation and should be able to rebalance with more information.