Tag Archives: Trust and Reputation

Report of conference on e-Identity, social issues in social networking, trust and reputation.

Past week I’ve been in Paris for the The European e-Identity Conference 2007 and ENISA Workshop
“Security Issues in Social Networking”. It has been very interesting.
There was a keynote by Kim Cameron, Microsoft’s chief identity architect. It has not been impressive, of course he is a good speaker and even funny, but he tried to make a pitch for Microsoft CardSpace. While he tried to be friendly and open stating more than once that he built it on gnu/linux, with php and mysql, I’m not impressed at all. I’m not an expert at all in identity but I bet that there are so many patents on Cardspace that Microsoft can control its evolution and use as it wishes.
On a general level I was very very surprised that in 2 days I heard nobody ever mentioning OpenID, probably because it is simple and mainly because it works and solves the issue it is devoted to solve. I guess lots of serious researchers have to consider it just a toy, we have to create things much more complicated otherwise how can we justify stellar budgets and years of … research? And what are we going to do later if we just find a simple solution that can be implemented in 1 week? This is a bit depressing I think.
Instead of simple solutions and discussions about what we could improve in OpenID, there were a lot of vendors basically saying “host all the identities of your firm, government, service in our servers and everything will work”. All of them with the same trivial techniques.
Well actually, I liked a lot the presentations of the workshop “Security Issues in Social Networking”. You can check the presentations. So, besides the many pitches (actually all of them during the second day when luckily I have to leave early to catch the flight, there were interesting talks and super cool people.

Alessandro Acquisti , Carnegie Mellon University, delighted us with great insights about “Imagined communities: awareness, information sharing and privacy: the Facebook case” (presentation). His research is in the economics of privacy and he revealed interesting facts about Facebook, for example, 89% of Facebook users reveale their real name. And 87% of CMU Facebook profiles reveale birthday, 51% reveale the address, 40% reveale their phone number (40%!). 61% of the posted images are suited for direct identification. Remember that this information will never disappear, it will stored forever in many computers (facebook servers, google servers, archive.org servers and … as the following discussion easily revealed, governments servers, secret agencies servers and probably many companies who can just afford to save everything and decide in future what to do with this information). There is an evident privacy risk of re-identification: 87% of US population is uniquely identified by {gender, ZIP, date of birth} (Sweeney, 2001), Facebook users that put this information up on their profile could link them up to outside, de-identified data sources
Facebook profiles often show high quality facial images, Images can be linked to de-identified profiles using face recognition. Some findings on Facebook: Non members rate privacy (concerns, worries, importance) statistically significantly (although only slightly) higher than members. Members deny they use Facebook for dating, however they state they think other members use it for dating. Majority agrees that the information other Facebook members reveal may create a privacy risk for them (mean Likert 4.92). They are significantly less concerned about their own privacy (mean Likert 3.60). Respondents trust the Facebook… more than they trust unconnected Facebook users. The survey about how much users know about Facebook’s privacy policy is interesting as well: “Facebook also collects information about you from other sources, such as newspapers and instant messaging services. This information is gathered regardless of your use of the Web Site.” 67% believe that is not the case. “We use the information about you that we have collected from other sources to supplement your profile unless you specify in your privacy settings that you do not want this to be done.” 70% believe that is not the case.

Another interesting presentation was presentation (pdf) “Security recommendations for social network communities” by Maz Nadjim of Rareface. He offered us six techniques for building and running safer social networking sites: Craft your guidelines, Build automated filters, Embrace your technology, Enlist your users, Make moderation actions visible, Moderation tools need love too. And he pointed us to their partner emoderation.com.

Other interesting presentations were “Social networking security issues for children” by Josephine Fraser of Childnet, “Implications of Social Networking behaviour for tomorrow’s citizens & workforce” by Mathieu Gorge of VigiTrust (I think he is the one who introduced that social networking sites are used by terrorists for recruting new members) and “Netlog – Experiences from a large-scale social networking application” by Lien Louwagie of Netlog (birth date is very often the secret question for getting back your forgotten bank password so it is not very sage to ask it and to show it on a social site). Thanks to this presentation I discovered Netlog, leader in Europe, multilanguage, to which I registered few minutes ago and, wow, there are thousands of people from Trento registered there, quite amazing the fact I missed it.

In the afternoon there was a great presentation by Tarvi Martens , National Certification Centre, Estonia about “Authentication in Estonia” (presentation in, warning, powerpoint). Estonia is surely the most tech-advanced country in Europe, they in fact call it E-stonia. Some facts: Population: 1.35M Internet usage: 56% Internet banking: 88% Mobile penetration: >100%. 1000+ Free Internet Access points. PKI penetration: >80%. Biggest national eID card roll-out in Europe. With your eID card you get an email address such as Forename.Surname@eesti.ee and a certificate for digital signature. You can login in banks with E-id card given by the state. You pay taxes online as well. And you can vote in election. They are rolling out the Mobile-ID, i.e. your ID is your mobile. With an ID card, you also have an OpenID and the state is your OpenID provider. During the coffee break I asked him how is it possible for me to get an Estonian ID card and the answer is that it is enough to work/study there for 3 months, I guess
this is one of my goals now, I would like to have a European government backed identity.
What I didn’t like about the conference was the dress code, can you imagine? There was a dress cose (casual smart or something like that, I don’t even know what this is and don’t bother to follow how other people tell me to dress). I had red trousers and an Electronic Frontier Foundation shirt while almost all the other people wear tie and suit, well I like to be different. And the EFF shirt was very useful, did I mention that there were many seller of biometric stuff for getting DNA information so that your identity can be checked by anyone anytime and anonymity is finally estirpated?
Last but not least I met Nicolas Debock, a guy who basically works as coolhunter (as in the Pattern Recognition novel by William Gibson) for La Poste, the french postal organization. His work is to track down what is trendy and to envision how La Poste can exploit it, embrace it and ultimately profit from it. We had 2 travel back from the hotel at the Charles De Gaulle airport to the center of Paris in which we share a lot of ideas about cool technologies but also alternative monetary systems, he is one of the founder of BarCampBank. This was really amazing. Actually he found the job by looking on the Web for “cool trends” or similar keywords, I think I need to do the same and to propose a similar position to the Italian postal organization, we’ll see.
What I also liked about the workshop is that after the workshop I’ve been invited to join a virtual group which is writing a collective paper about “Security of reputation and web-of-trust authentication systems”. The purpose of the exercise is to give relevant advice on important trends and threats to policy and decision makers in Europe. Of course I’ll try to push the usual mantra “trust is subjective, don’t squash controversial opinions and minorities but consider them opportunities” and such. I actually like the fact I can put in some way my activity at service of the European community, of course I’m not that naive to think that it will be really read by anybody or high level politicians and influence decisions but it is still better than nothing.
The last part of this long post (did I write somewhere that these posts are useful to me as memory of what the event was like, what I learned and how I felt? Then if this is useful to someone else as well, this is better but such a long post is primarily for me so that in one year I come back and I see what I was thinking and I learnt) is about the amazing hospitality I got via CouchSurfing.
Since the conference was at the CDG airport I tried to find something close to it and not in Paris. And in fact I was hosted by Heloïse et Laurent in Meaux. They were uber-kind! We met in the center of Paris and they offered to have a tour of Paris by car (never had it, and the traffic doesn’t seem too bad). And then they offered to bring me from their house to the conference hotel every morning, wow, amazing really! The second day we met in the center of Paris and we went to a concert of Mademoiselle Ka in a huge club in Pigalle and then to wander in a sexy shop (I never had as well!). Well they were amazing and they are also musicians (Heloïse has 906 friend on MySpace and she sings in the Cartel Couture that is basically the french Scissor Sisters, the genre is, uhm, pop punk sexy et eurodance déviante, but they also have a group together in which Laurent plays drums.
Well, just to conclude, the people I met via Couchsurfing surprise every time more. Every time I think this is the most amazing thing and then something overtakes this. Amazing. Really.

Wikipedia trust network

I just discovered that there is (was?) a proposal for implementing a trust network in Wikipedia.
The proposal originated from a posting of Jimbo Wales himself on a mailing list in February 2004.
Some exerpts from the Wikipedia article follow:

The proposed system has the three key ideas: (1) giving users a formal way of declaring their confidence in other users, (2) a way of seeing which users have declared their trust of a particular user, and (3) the resulting structure of trust-relationships formed between all users.
It provides an additional piece of information that may be useful when coming across another user for the first time. The Wikipedia user base is so large that two well-established and respected editors, concentrating on different areas of Wikipedia, may have no contact between each other for some time. Reading an editor’s user page, browsing through their contributions, and reading the threads in their talk are valuable but time-consuming methods of getting to know someone. Discovering that several reputable users, or users that you have particular regard for, have expressed their trust in an editor is a strong indicator of that editor’s value to Wikipedia. However, the sheer number of editors who trust a user should not be taken as a clear measurement of that user’s trustworthiness: the fact that a user is trusted by dozens of suspected sockpuppets would only harm their reputation.
There are a variety of reasons to express trust in another user: you may have worked together on a proposal or article, reviewed many of their edits in articles on your watchlist, or know them personally. Liking another user should not generally be enough; trusting somebody requires being confident that their contributions are civil, constructive and of generally high quality.

Of course distrust is a tough topic as usual.

Additionally, it would be wise to consider carefully any thoughts of writing explicit statements of distrust, bearing in mind the no personal attacks policy.

It is important to remember that the trust network is not a popularity contest, and so there is no need to actively seek out declarations of trust. The fact that another user has not made a declaration of trust in your favour is by no means a declaration of distrust.

And which trust metric is most suited is tackled as well:

The network itself can be analysed using a trust metric to rate individual users. There are very many different ways to do this, which will produce quite different results, and it is important to note that no metric is endorsed by this proposal.
The simplest trust metric is to count the number of users who trust the rated user, but this system is vulnerable to attack (for instance, the use of sockpuppet accounts to trust oneself).
Another is to count how many links there are in the chain of trust between yourself and another user: if I trust A, who trusts B, who trusts C, and this is the shortest path from myself to C, then C is three links away from me. I might decide that I explicitly trust anybody one link away from me, and implicitly trust anybody up to three links away. This is very different to the previous case: the measurement is personal, not absolute, and will not be affected by sock puppetry.

Since “who trusts you?” is more important than “how many people trust you?” there is little point in creating sock puppets to declare trust in yourself.

The original post of Jimbo is precious as well.

But most would adopt a personal policy of giving mostly positives or abstaining, reserving negatives for worst case scenarios.
Newcomers would have no rating at all, obviously. Very prominent people would have lots of ratings, mostly positive I would have to assume. I would probably have 95% positive rating, but not perfect, since beloved though I am and obviously deserve to be (*wink*), I am a target.
We’d likely see perfect positive ratings for people like Michael Hardy, who keeps his nose to the grindstone editing topics that aren’t controversial, and who stays out of internal politics almost
completely as far as I know.
Some sysops have taken enormous and weighty responsibilities on themselves to do important but controversial work like VfD or banning trolls or mediating disputes or editing articles about the Middle East. We’d naturally expect them to get mixed reviews, but we might be surprised… lots of people would give them positive ratings just for doing those jobs, acknowledging the difficulty and risk involved.

And then Jimbo lists advantages and disadvantages, very interesting!

Well, I’m phauly on Wikipedia, I think you should trust me.

Reputation is in the eye of the beholder: on subjectivity and objectivity of trust statements

I eventually managed to get invited to the ENISA Workshop “Security Issues in Reputation Systems” and at the eema’s “The European e-identity conference”. So I’ll be in Paris from Monday 11 until Wednesday 13, of course hosted by friendly Couchsurfers. The program is quite interesting, I’m especially looking forward for the keynote address by Kim Cameron, whose blog I’ve been reading since some time, and a presentation by Alessandro Acquisti of CMU titled “Imagined communities: awareness, information sharing and privacy: the Facebook case”
Let me know if you’ll be there, I’ll be happy to discuss about trust, reputation, identity, whatever.
Since I was required to provide a position paper, I put up the following, the intention was to be a little provocative but I don’t know if it was successful. If you read it, let me know what you think about it. The position paper “Reputation is in the eye of the beholder: on subjectivity and objectivity of trust statements” can be read after the jump (i.e. click on “more” if present).

Continue reading

Google losing trust, Wikipedia still gaining trust

Try a search for “wordpress blog” on Google and you get an advertisement of Google that says “Tip: Want to share your life online with a blog? Try Blogger”. As you probably know, Blogger is a product of Google. Advertisements to other products of Google are displayed when searching for “photo sharing”, for “calendar”, etc. So where is the problem you might ask? According to Blake Ross, of Firefox fame, “this is a bad sign for Google … Google lost me today”. The title of the post is interesting as well: “Tip: Trust is hard to gain, easy to lose“.
And very timely there is the announcement of Jimmy Wales, the man behind Wikipedia, that plans to launch a new search engine in the first three months of 2007 (read the article on BusinessWeek).
“Like Wikipedia, the new search engine will rely on the support of a volunteer community of users. The idea is that Web surfers and programmers will be able to bring their collective intelligence to bear, to fine-tune search results and make the experience more effective for everyone.”
Users will be allowed to rerank search results by clicking on an “edit” link and programmers will be allowed to read and improve the code since it will be free software, based on Apache’s open-source Web search software Lucene and Nutch.
Wikiasari is the name of the project and I think we will speak a lot about it in the next future (few years ago I would have said we will hear a lot about it in the next future, the change of perspective is amazing). And everything goes back to trust as usual: who would you like to help with your knowledge? A trust-me-on-openess project like Wikiasari and Wikipedia or a trust-me-on-faith project like Google or Britannica? I personally have no doubt at all.

Agent Reputation and Trust (ART) Testbed

Wow, I received an email with another trust-related project.
The Agent Reputation and Trust (ART) Testbed initiative has been launched with the goal of establishing a testbed for agent reputation- and trust-related technologies. The ART Testbed is designed to serve in two roles:
* as a competition forum in which researchers can compare their technologies against objective metrics, and
* as an experimental tool, with flexible parameters, allowing researchers to perform customizable, easily-repeatable experiments.

You can play with the code released on Sourceforge and you can also enjoy the explanation movie!

More from del.icio.us/tag/trust

– 22nd Chaos Communication Congress – Private Investigations – Breaking Down the Web of Trust
Even with tutorials on the WoT and good trust policies the concept of “trust” can still be hard to grasp. Here we’ll look at trust metrics, ways of using current trust systems better, and some non-crypto applications of trust.
Microformats Proposal for Reputation and Trust Metrics By Charles Iliya Krempeaux, B.Sc. Very interesting!!!
[From http://del.icio.us/tag/trust, subscribe to the rss feed (http://del.icio.us/rss/tag/trust)]

Lies, damn lies, and facts found on the Web

“There are three types of lies – lies, damn lies, and facts found on the Web.”
Dr. Tim Finin, paraphrasing the well known quotation by Benjamin Disraeli on Statistics

This quotation opens the “Workshop Motivation and Goal” of the Models of Trust for the Web (MTW’06), a workshop at the 15th International World Wide Web Conference (WWW2006), May 23-26, 2006, Edinburgh, Scotland.
The workshop seems incredibly interesting.
(via del.icio.us/tag/trust)

The path to Identity (… 2.0 as everything these days)

I just saw the presentation by Dick Hardt at OSCON2005 about Identity2.0. The style of the presentation is great, it is almost a cartoon, check it. And it is a great for getting to know in a quick way many of the current efforts in providing an identity system that can really work on the Internet (decentralized, open, …). I’m currently lurking the OpenID mailinglist and I discovered Passel that seems interesting. The presentation is available in WMV, QuickTime and as Flash, so you should have no problems. The last slide says that the presentation style was borrowed by Lawrence Lessig.
As the online world moves towards Web 2.0, the concept of digital identity is evolving, and existing identity systems are falling behind. New systems are emerging that place identity in the hands of users instead of directories. Simple, secure and open, these systems will provide the scalable, user-centric mechanism for authenticating and managing real-world identities online, enabling truly distinct and portable Internet identities.

Presentation at the Web Intelligence conference

I just finished giving a presentation at the Web Intelligence Conference in Compiegne (France). I tried to push the concept of VoteLinks. The presentation is in S5 (so pure standard XHTML+CSS+JS) and CreativeCommons licenced: Page-reRank: using trusted links to re-rank authority (presentation) with the accompanying paper (pdf). Nothing earth-shaking at all, really. The main (simple) concept was that “Attention != Appreciation”, the most linked to page is not necessarily the most appreciated: I might link to gwbush.com in order to criticize it but my link increases its PageRank (something I don’t want). At the moment, HTML does not allow to express the reason behind a link, but VoteLinks microformats will allow to add some semantics to linking language. For example, you could say something like
<a href=”http://forza-italia.it/” rev=”vote-against”>berlusconi</a>
<a href=”http://romanoprodi.it” rev=”vote-abstain”>prodi</a>
<a href=”http://ivanscalfarotto.info”rev=”vote-for”>scalfarotto</a>
In the paper I also give evidence of the (intuitive) fact that “Attention!=Appreciation” with a simple experiment on a real, huge community with positive and negative links.
I thought it would be good to have the Web Intelligence community knows about VoteLinks and other microformats. And actually only 1 person (out of a number of people raging from 10 to 30) had heard of VoteLinks before, so the goal of spreading knowledge was accomplished.
And feel free to link to the presentation of course … hopefully not with a rev="vote-against" link!! ;-)
Tomorrow I go to Paris for giving a demo at SonyLabs and then meeting with Alf.
My trip was once more time sponsored by HospitalityClub/CouchSurfing: in Compiegne I was hosted by Jeremy and in Paris by Antonello. Too cool! Try it yourself, you always met great people!