What you want to do is find people that you believe are trustworthy. So
if you just have a few friends that send files around, that is fine.
Sooner or later you will all have the same files. So you have to gather
new friends. So how do you do that?
If you are like me you will look for people that appear trustworthy
(they have nice ratings as being reliable). So you'll try to develop a
relationship with them. At that point you are vulnerable. They can send
you files that are incomplete, corrupted or outright wrong. So you are
going to publish a nic against their rating. But they can create new
pseudo friends that claim they are reliable and over whelm your little nic.
All your little scenario will do is convince you they aren't
trustworthy, and perhaps your close friends. But everyone else will not
be any more sure. It comes down to the fact that only when you start
trading stuff do you really have a clue if they are trustworthy. You
might as well just randomly pick a person and start the transfer.
C.
On 7/19/2012 8:36 PM, James A. Donald wrote:
On 2012-07-19 11:09 PM, Chas. wrote:
There isn't any way any of this will work. So long as there are
unverified
endpoints (by some third party) there is no way any "trustworthy" system
can be built up! What is to prevent me from being both a sybil, and
under
a second identity being just some "random" other party. Once we - as
in me
as a sybil generator and me as a disguised second party - transfer a
file
and sign off on it, I become slightly more trustworthy.
If the sybil has had beneficial transactions with Bob, then you become
more trustworthy to Bob, and thus more trustworthy to anyone that
trusts Bob.
If the sybil has only had purported transactions with you and other
sybils, does you no good.
If a group only has transactions inside the group, never builds trust
with outsiders.
The graph of trust should be partitioned into the good guys, and
various groups of bad guys, and though the data may show that each bad
guys claims he has the utmost confidence in fellow members of his
group of bad guys, good guys pay no attention.
Singular value decomposition can be used a tool to identify group
measurement. As I understand the proposal, the idea is to determine
the extent to which a peer is connected to oneself and the peers that
you trust. Outsiders bad, insiders good. Trust insiders, don't trust
outsiders. Who is an insider? Apply Singular Value decomposition, or
something somewhat similar in its effects. (I think the problem may
need dimensional reduction as well, or instead)
Since bad guys can generate unlimited amounts of spurious data, and
are apt to do so, good guys should not even track that data.
So I do this enough
times, with randomly generated "second parties" and soon I look
really "hot
and trustworthy"!
You need always need at least one trusted party to authenticate every
transaction. And the question becomes how do you generate that first
trusted party? Without it all this becomes moot.
Chance
On Thu, Jul 19, 2012 at 5:07 AM, Michael Rogers
<[email protected]>wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 17/07/12 23:27, Tony Arcieri wrote:
I'd like both sides to sign off on both a completed file transfer
and a completed file storage lease. Failure to do so would prevent
ongoing relationships.
Sybils can claim whatever false histories they want, however the
assumption is that, through normal system operation, a given peer
will come into contact with more truthful peers than Sybils, and
that by virtue of that the false histories concocted by Sybil
networks will be noise filtered out by a collaborative filtering
algorithm.
Each peer is looking for patterns in the data (specifically
self-similarity) across the combined histories of every peer
they've ever interacted with. As long as they are able to reach a
majority of "trustworthy peers" then hopefully the false histories
concocted by colluding Sybils will be irrelevant.
So, if I understand right, both parties must sign off on a transaction
in order for a third party to include the transaction in its
similarity calculations? So Sybils can create fake transactions
between themselves, but not between a Sybil and a legitimate peer?
If that's right, I only have two remaining concerns: bootstrapping and
positive feedback. The problem with bootstrapping is how to
distinguish legitimate peers from Sybils when you have no interaction
history.
The problem with positive feedback is how to prevent the interaction
graph from collapsing into clusters or isolated components.
Interaction leads to similarity, similarity leads to interaction -
don't peers become more and more likely to interact with the same
peers? Is there a need for a countervailing mechanism to encourage
exploration and give new peers a chance to interact?
Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJQB85vAAoJEBEET9GfxSfMB84IAKtHJZ4pi4QBBsGwrfI3PSk8
G/mrcLADvScC/qXpHadxYUWacG8mubZIWqBkMWw4azh22rqGjiGoly2BdmJ3nv5b
l6AS4m7rbUPWqUysvQqQSg0JGDDVvB5b7w46pyQgVElB4AGEdDb5dFUsIFRpAUKm
O9YmiY/Eex/aNnofAqqHImL+az0Dtv9zlEWIZ9gxJyAO/8e7tTRaaghhI/b97Is+
sDpFCEgBJ5uUbk+fIUX2qYWZ+fhkx9j0a1vTMHtuu4n9E22R4dU/5m7VqzSkwUaY
a8Qg/m3mJFX4fBPgG0J38MKiElh5dqNKvqFTMrjL6kn7o2CCFEtPgWNU2LfarEk=
=Iu4B
-----END PGP SIGNATURE-----
_______________________________________________
p2p-hackers mailing list
[email protected]
http://lists.zooko.com/mailman/listinfo/p2p-hackers
_______________________________________________
p2p-hackers mailing list
[email protected]
http://lists.zooko.com/mailman/listinfo/p2p-hackers
