[p2p-hackers] Bounty for Open Source Trust System

coderman coderman at gmail.com
Wed Apr 12 00:04:20 UTC 2006

On 4/11/06, Emin Gun Sirer <egs+p2phackers at cs.cornell.edu> wrote:
> Let me interject two factoids to make sure no myths are propagated:
>  - The current Credence implementation uses explicit feedback. There is
>    no reason why you couldn't use implicit indications of trust, if
>    your application had such indicators.

thank you for pointing this out.  do you know offhand how
easy/difficult it would be to extend the feedback mechanism to support
arbitrary qualifiers?

>    It turns out that there are
>    no such good implicit indicators in p2p filesharing - sharing a file
>    is not a good indicator that the user would vouch for that file. Our
>    paper has the details.

indeed.  this is a hard problem and the good solutions are very
invasive and carry significant privacy concerns (for example,
feedbackfs monitors what files you open, how far you read into them,
if you copied them, deleted them, read them end to end many times,
etc.  these actions are used to build implicit feedback (positive or
negative) associated with distinct file based resources.  the privacy
concerns of such "file system profiling" should not be understated and
is why i've been detoured into strong security for so long)

>  - Credence computes a "very multidimensional" trust metric for each
>    participant. Unlike Google's global page rank, Credence conceptually
>    computes a separate trust metric for each peer from the point of
>    view of every other peer. So X might rank high and be trustworthy
>    for Y, but not for Z.

i should have clarified; what i meant by one dimensional is that the
explicit feedback is used to indicate whether the meta data / names
associated are accurate or not.  while this is computed individually
for each peer you communicate with (an excellent decision, btw) it is
still a single aspect ("trustworthy meta data: yes / no  ||  positive
/ negative") of peer reputation.

i mean to highlight this limited aspect only because what most people
want is "relevant" resources, and not necessarily "accurate meta
data", although the two often intersect.

thanks again for the clarification.

More information about the P2p-hackers mailing list