How NOT to build an Orwellian Reputation System (Pt. 2)
‘Rebooting the web of trust,’ a workshop taking place in San Francisco this November 3rd and 4th, is bringing together some impressive pioneers and could lead to world changing developments in the realm of online reputation systems and in the use of the blockchain.
Note: This is the second part of How NOT to build an Orwellian Reputation System. For part 1, go here.
Step Three: make it pseudonymous and opt in
Lets face it. Using personal, or even biometric data as the ‘security’ foundation of an international, online, non retractable reputation system is a terrible idea. Being hacked once could be a life changing disaster and our personal security is far too compromised already.
Today, if you ask any random person if they believe they have any privacy online, they are very likely to give you back a flat ‘NOPE’. Corporations the likes of Facebook, Google, and every other advertising fueled platform, or financial service of the legacy banking system, have been criticized for ages, of selling, re selling and buying people’s personal information on data exchanges, which Google is king of. That alone should serve to advise against using personal information to determine proof that you are the owner of a digital asset.
Kevin Mitnick, famous hacker, Infosec expert and speaker demonstrated how to get a hold of someone’s Social Security Number in less than five minutes, using minimal information about your victim, during DEFCON 2014.
To quote Forbes:
“To find a social security number, Mitnick first navigated to the website of a leading provider of billions of public records and typed in the volunteer’s name. Approximately 50 results came up with different ages and locations. He quickly narrowed the search down by age and a few simple questions such as ‘Which state do you live in?’ The legal site sells access to its database. The volunteer’s entry cost 50 cents, and on purchase, prominently displayed the social security number in bold red font. The number was confirmed as correct while several attendees photographed the screen.”
Add to that the massive hack of the USA’s OPM department, which comprised over 21 million Americans’ deeply personal information,including biometric data. Most of them worked for the Government at some point, and or were still part of agencies like the NSA. This information is now somewhere floating in cyberspace.
Bob, of course, would never run or base his reputation as a sticky-icky merchant, associating his business identity with his legal name and data. If those two were ever correlated he’d quickly be on a one way trip to a “big and crowded cage, somewhere in the abyss of humanity’s medieval habits”- as he would put it.
The same goes for Bob’s customers.
If people want to add such information to their profile or any other information they think is relevant for that matter, even mix identities at some point, then why not? Yeah sure, that’s a good freedom and option to have. But now at least it is a clear: balanced and conscious choice, not some design requirement.
Step Four: Privacy
Now, the idea of a reputation system that is both pseudonymous and private might sound paradoxical or even contradictory, but let us not forget Satoshi Nakamoto himself was very anonymous, at least for most of his involvement with Bitcoin, and arguably still is. He is also of course, very reputable.
So reputation and anonymity can coexist very well. The question is, who should have access to the information that you do allow to be ‘public’?
Bob, only wants potential customers to his Funny Smoke to be able to find him, and not instead leave a trail for the wolves to follow.
So how can this be achieved? Well, perhaps I am way out of my field of expertize, but it seems plausible to me that some kind of Web of trust system could be concocted where only people with a #weedisdope reputation score of - say - 20 out of 100 would be able to see Bob as a merchant. This would filter out the noobs and the wolves in sheep’s clothing.
Perhaps, only customers who have traded with some of Bob’s friends could become knowledgeable of his business.
Of course, once a customer reaches Bob’s profile, there’s no solution I can imagine for someone taking a photo of their computer screen with their dumb phone and uploading it to Facebook, but at least there would be a barrier to entry, and those who find the secret club may have a higher interest in protecting its secrecy.
There’s a real value in the niche, complex and unique way in which humans organize themselves around specific value systems, and not knowing who is capable of what within these social structures is a kind of camouflage that has some use.
Ideally, I think it would be great to make sure only the people who have some user defined alignment with our values, and have proven it sufficiently, are able to find us on the vast and eternal web.
Step Five: People can change
Andreas Antonopoulos has warned about the dangers of blockchain based reputation systems, particularly their incapacity to forget information. Human beings are often enough more forgiving and compassionate then the cold mathematics of a cryptographic signature.
As such, especially when it relates to a negative reputation marker (which is a whole topic on its own) should have some way to change their score through hard work and plenty of walking the talk. People rarely change, it seems, but that does not mean we should get rid of their opportunity to do so. It is in fact this opportunity to change that can give us certainty about their intentions when they in fact, do not.