Reputation systems

After a ran­dom act of shower­ing epi­phany this morning, I star­ted thin­king about imple­men­ting a glo­bal repu­ta­tion sys­tem simi­lar to Whuf­fie, as seen in Cory Doctorow’s “Down and Out in the Magic King­dom”.

A quick bout of goog­ling revea­led that there’s actually a sys­tem cal­led Per­son­Ra­tings, but it’s run­ning on some­thing that does not slot up with what I was expec­ting of such a service.

Where PR goes forth and takes a real per­son which can be reviewed ela­bo­ra­tely accor­ding to pre-defined cate­go­ries, I was thin­king of some­thing much more simple:

Essen­ti­ally, you wouldn’t need to go for ela­bo­rate reviews — most people can’t be bothe­red with anything like that at all. When you force a dif­fi­cult inter­face on people, the only guys giving rep will be people who eit­her think the repu­tee [sorry] to be the next incar­na­tion of their favou­rite mes­siah or the shai­tan him­self. Thus the need for an easy interface.

The gene­ral direc­tion of what should be jud­ged in my vision is not the repu­tee them­self, but the actions they do: if they do some­thing you con­sider good, funny, inte­res­ting, enligh­te­n­ing or other­wise posi­tive, vote up. If they do anything bad, mali­cious, annoy­ing or pro­foundly dis­tur­bing, vote down. The votes shouldn’t be “they’re a good per­son, I like them” or “I think they’re an evil per­son”, but rather “they just made me laugh :)” or “they just kicked a baby across the street :(“.

Of course, per­so­nal stan­dards dif­fer and some people might think that kicking a baby across the street is actually jolly good fun and quite posi­tive. The way to coun­ter this would be some sort of deri­va­tive score, allo­wing you to ignore cer­tain kinds of people. Pro­blems with this:

1. It’s quite hard to define fil­ter rules for this. This would need con­stant user review, and pro­bably lead to very pro­ble­ma­tic exclu­sion lists.
2. It could lead into a posi­tive feed­back loop, where two par­ties just start hate-voting each other all the time due to dif­fe­ren­ces in opinion.

So I’m not sure whe­ther this is some­thing that should be imple­men­ted — or could be imple­men­ted in a bet­ter way. You pro­bably don’t want to have poli­ti­cal groups on your repu­ta­tion system.

In a rela­ted thought, one of the main pro­blem one will have to face is repu­ta­tion trol­ling. The sys­tem would need to make it impos­si­ble for someone to bump their own repu­ta­tion, which seems to be nigh impos­si­ble. I can’t see any valid and usa­ble way of assu­ring iden­tity integrity:

Login for each user, can’t vote for self

Just create a fake login. The sys­tem could pro­bably be arran­ged with some fuzzy matching to kill the most com­mon exploiters:

• People up-voting only one person.
• People giving a sin­gle up-vote to a per­son and then cea­sing activity. Doing this with mul­ti­ple accounts leads to rep spam.

The pro­blem would be that there is no relia­ble way to ensure a bijec­tive (1:1) rela­ti­onship bet­ween accounts and real people, as they could just use regis­ter mul­ti­ple accounts with dif­fe­ring e-Mail addres­ses, from dif­fe­rent IPs, and so on.

Glo­bal identification

If you can’t allow local iden­ti­fi­ca­tion, you need some sort of uni­que glo­bal iden­ti­fi­ca­tion. Since using just some ran­dom inter­net site as an iden­ti­fier, or using dele­ga­ted aut­ho­rity, is not an option in most cases¹, you’d have to resort to a cen­tral which just hands out tokens for pro­ven iden­ti­ties — in other words, your local govern­ment. Since you seriously do not want to include any govern­ment in such an endea­vour, this is not an option either.

Thus I can’t fathom any ware to ensure uni­quen­ess, except by a peer to peer review sys­tem which allows peers to decide who’s a spam­mer. And in a repu­ta­tion sys­tem, that’s just a no-go, eit­her, since you don’t want people jud­ging you a spam­mer just because a signi­fi­cant group of them hates your guts.

But beside deli­be­rate exploit­ing for per­so­nal gain, you have to con­sider other cases of people that just work con­trary to the system:

Shot­gun accounts just ran­domly voting around.

A pro­bably deli­be­rate attack to under­mine the vali­dity of the sys­tem. Depen­ding on the sophisti­ca­tion of the shot­gun, it would be quite hard to detect by way of sim­ple fuzzy logic.

Exces­sive up-voters/down-voters

On every rating site, there’s always the haters and the lovers who rate mini­mal or maxi­mal score just for the heck of it. They vote one on every movie because they hate the whole genre, or they vote ten on every song by an artist because they’re infa­tua­ted up to their sternum.

People voting due to the votes of others

I men­tio­ned this posi­tive feed­back loop a bit fur­ther up, but this could become a real pro­blem in this cate­gory, too. Some people just don’t like other people thin­king differently.

Some of these pro­blems could be alle­via­ted by the advent of ubi­qui­tous com­pu­ting and using just the local machine address of anyone as a vote tar­get iden­ti­fier as well as a self-vote fil­ter. This would help with anything having to do with real-life — you’d have to ensure the device ID being visi­ble in online com­mu­ni­ca­tion, though, too — and that nobody has the chance of get­ting a second device, which in my opi­nion can only be achie­ved with total device surveillance.

There are still some minor aspects to be dis­cus­sed, like how to imple­ment iden­tity con­so­li­da­tion and so an, but these are mostly minu­tiae, and would break the scope of this text.

I’d be happy if some people would feel obli­ged to rant about my ideas in the com­ment fields below, offe­ring sug­ges­ti­ons, cri­ti­que and just some good old dose of plain flaming.