Bitcoin Forum
December 04, 2016, 12:34:35 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Please help me solve the problem of trust  (Read 4277 times)
Astrohacker
Full Member
***
Offline Offline

Activity: 156



View Profile WWW
July 23, 2011, 05:04:34 PM
 #1

Dear Bitcoiners,

How do you know if you can trust 1CU8KRSTcrYKyjfeGRTjpJ1S57jViwqrnh? If you don't know the reputation of this person, you can't know if you can trust them. This problem doesn't just apply to bitcoin, but to any person or organization. Whenever you meet a stranger, you have no idea what their reputation is. I believe this is a giant problem---perhaps the biggest impediment to commerce anywhere, on the internet or in real life. We need a global record of reputation. eBay has solved this problem in a centralized way for their own service: Sellers have rankings. You can be pretty sure how trustworthy someone is based on their rating.

However, eBay ratings only work for eBay. We need a general purpose reputation tracking system. Users need to be able to specify how much they trust one another, then the trustworthiness of any other person can be computed based on the web of trust. It could be like the #bitcoin-otc web of trust. But it shouldn't be centralized, because we don't want to have to trust some arbitrary third party before knowing if we can trust the stranger we are interested in. We need a decentralized trust rating system. We need to solve the problem of trust in a decentralized way like bitcoin solved the problem of currency in a decentralized way.

Part of the problem is solved by using public/private key pairs to represent identity. A person can simply sign that they trust another person with a certain raiting between 0 and 1. Other people can confirm that only the person with the private key could have signed that rating. However, how do other people get the information about who you trust? We need some sort of decentralized information sharing service. BitTorrent exists for this purpose. Unfortunately, BitTorrent (so far as I'm aware) only works with static files. But who you trust will constantly change without end. Bitcoin technology might also work, if we could store trust ratings in an on-going block chain. Perhaps we could make a new currency, Trustcoin, to encourage miners to apply proof-of-work to the trust rating block chain.

I believe there is a simpler, more appropriate way to share information. We just need a broadcast network, where users log on to a channel, and broadcast messages. Just like bitcoin broadcasts transactions on a P2P network, we could broadcast trust ratings on a P2P network. However, there is no reason to limit a broadcast network to trust ratings. It could be a general purpose information broadcast system. Trust ratings would be just one of the things you could broadcast.

The problem with this is that any information broadcast network would likely be flooded with spam. We could possibly solve this problem by paying nodes to rebroadcast your message. But then you would have to know if you trusted them first, defeating the purpose of the network. We need nodes to rebroadcast messages without having to trust them first. Thus, we can use proof-of-work. Messages with higher proof-of-work are considered more valuable, and nodes will give preference to them when rebroadcasting. I have described this system, Proofnet, here: https://forum.bitcoin.org/index.php?topic=31038.0

The trust network will work by containing messages that say in effect "I, user with public key X, do hereby rate User Y with A" where A is a number between 0 and 1. Any user can then compute how much they should trust other users through the web of trust. So long as everyone is connected somehow, you could determine the likely trustworthiness of another user. (Ratings must be relative. Objective ratings are meaningless because anyone could create new identities and rate themselves up.) If User X trusts User Y with 0.9, and User Y trusts user Z with 0.5, then User X would know to trust User Z with about 0.45 that is, not very much). It would be more complicated than this in reality, because User X might be connected to User Z in more than one way. But this is not a problem, because all of this information would be valuable in helping User X decide if they trust User Z. If someone scams you, give them a rating of 0. Your friends will then know to avoid them. People would have an incentive to use this system, if it were popular, because they would want to increase their trust ratings so they could get more business.

The problem with a broadcast system is that you would need to be online continuously to record the trust ratings, or whatever other information was being broadcast. However, services could be established that record the broadcasts continuously, and you could download them from them. They could charge for this, but they might be willing to offer this service for free since trust ratings are a nice charity service to offer. And people who use the system would probably be willing to let you download their trust ratings and their friends' trust ratings directly. They would not be able to tamper with the ratings because the messages are signed.

This is the best solution to the problem of trust I have come up with. It involves broadcasting trust ratings, where identity is tracked by public keys. One public key signs their trust rating of another user, and gives it to everyone. For this to be possible, we must first have a broadcast network. So I have designed one, called Proofnet. I think the problem of trust is extremely important. This is the best solution I have come up with. If you have a better proposal, let's hear it.

Astrohacker
1480854875
Hero Member
*
Offline Offline

Posts: 1480854875

View Profile Personal Message (Offline)

Ignore
1480854875
Reply with quote  #2

1480854875
Report to moderator
"This isn't the kind of software where we can leave so many unresolved bugs that we need a tracker for them." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480854875
Hero Member
*
Offline Offline

Posts: 1480854875

View Profile Personal Message (Offline)

Ignore
1480854875
Reply with quote  #2

1480854875
Report to moderator
GoWest
Hero Member
*****
Offline Offline

Activity: 543


betwithbtc.com


View Profile WWW
July 23, 2011, 05:58:45 PM
 #2

I apologize for not commenting directly on your solution, but here's an option:

http://bitcointraining.wordpress.com/2011/07/13/introducing-ripple-pay-with-bitcoin/

error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
July 23, 2011, 06:28:08 PM
 #3

And how do you intend to tie these trust ratings to Bitcoin transactions? Remember that it's likely that people will use new addresses for each transaction, use online wallet services where they don't directly control the Bitcoin address, etc.

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
TeraPool
Jr. Member
*
Offline Offline

Activity: 42


View Profile
July 23, 2011, 07:28:29 PM
 #4

One problem with eBay is still hacked/sold/stolen accounts.

One time I "purchased" 100 nintendo DS consoles from a seller with 15,000+ 100% feedback .. was THIS CLOSE to sending them their payments... when I got an email from paypal/ebay security saying STOP, NO, DON'T!!! That account has been hacked!!!

So... you can never really trust anybody, when it comes to buying more than a chocolate bar that is.

If I want to sell you a house and royally fuck you in the process, I only need to "borrow" somebody's good name.

ttk2
Member
**
Offline Offline

Activity: 76


View Profile
July 23, 2011, 07:32:29 PM
 #5

And how do you intend to tie these trust ratings to Bitcoin transactions? Remember that it's likely that people will use new addresses for each transaction, use online wallet services where they don't directly control the Bitcoin address, etc.



I think it could be set up in such a way that the rating could be moved to another address using the private key from the rated address. Thus they could be confident that only the owner of the rated address could transfer ratings to his other address.


The rating system would have to require proof of work on the raters part, otherwise you could spam ratings using virtual machines to run multiple copies of the Bitcoin client and having them give false ratings, by requiring a certain amount of work to create a rating you would prevent, or at least make difficult, rating farming.

Just in case i do something worthwhile: 12YXLzbi4hfLaUxyPswRbKW92C6h5KsVnX
Astrohacker
Full Member
***
Offline Offline

Activity: 156



View Profile WWW
July 23, 2011, 07:40:52 PM
 #6

And how do you intend to tie these trust ratings to Bitcoin transactions? Remember that it's likely that people will use new addresses for each transaction, use online wallet services where they don't directly control the Bitcoin address, etc.

They will have a public key (separate from their bitcoin addresses) which has a trust ranking. When you meet someone, ask for their public key. Check if it has a good trust rating. Ask them to send you a signed message containing their bitcoin address. That proves the person with the good trust rating owns that particular bitcoin address. Online wallets would need to allow you to sign the bitcoin addresses you send out.

Proving your identity is always going to involve signing messages. Services will need to allow this one way or another or you won't be able to know who you're dealing with.
Astrohacker
Full Member
***
Offline Offline

Activity: 156



View Profile WWW
July 23, 2011, 07:53:10 PM
 #7

I apologize for not commenting directly on your solution, but here's an option:

http://bitcointraining.wordpress.com/2011/07/13/introducing-ripple-pay-with-bitcoin/

I see a few problems with Ripplepay for solving the particular problem of trust rankings (please correct me if I misunderstand it):

1) It's centralized. You have to trust the Ripplepay people to be able to use the system. Correct?

2) I didn't see any mention of degrees of trust. Shouldn't trust be represented with shades of grey?

I envision a system such that when I can meet someone, I can 1) Verify their identity by asking for a signature. 2) Verify that they are trustworthy enough for the particular transaction we are partaking in. 3) Not have to find a mutually trusted third party for this to be possible.
luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 771



View Profile
July 24, 2011, 03:31:04 AM
 #8

1) It's centralized. You have to trust the Ripplepay people to be able to use the system. Correct?

Yes, Ripplepay itself is a centralized thing, but the IDEA of what it is can be implemented in a decentralized manner.  Did you watch the Ripplepay introductory video???  All it takes is an algorithm analogous to finding the shortest route from City A to City B to find a ripplepay-like node route from Person A to Person B.  Coding this kind of thing into a peer-to-peer client should be fine.

Astrohacker
Full Member
***
Offline Offline

Activity: 156



View Profile WWW
July 24, 2011, 04:35:36 AM
 #9

1) It's centralized. You have to trust the Ripplepay people to be able to use the system. Correct?

Yes, Ripplepay itself is a centralized thing, but the IDEA of what it is can be implemented in a decentralized manner.  Did you watch the Ripplepay introductory video???  All it takes is an algorithm analogous to finding the shortest route from City A to City B to find a ripplepay-like node route from Person A to Person B.  Coding this kind of thing into a peer-to-peer client should be fine.

I watched the video, and it looks like Ripple has some sort of web of trust, which is similar to what I propose. I will have to learn more about it though, because right now I don't think I actually understand really what Ripple is or how it works.
michaelmclees
Hero Member
*****
Offline Offline

Activity: 629


View Profile
July 25, 2011, 05:23:52 PM
 #10

Someone needs to start a site with this as a central purpose.  Trust centers around people doing what they say they will do.  So here's the idea.

You can earn trust points by either offering Bitcoins, or returning Bitcoins.

So you create an account and you know that you might be required to offer a Bitcoin.  You must transfer to a particular address, 1BTC by a certain time.  When you do, you get 1 trust point.

Or you might be selected to receive Bitcoins.  In this case, you have them transferred to your wallet, and you don't get the trust point until you transfer it back to the sender who gave it to you.

Based on the ratio on defaulting senders and receivers, the trust points might adjust.
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
July 25, 2011, 05:40:36 PM
 #11

I've thought about implementing a weighted trust system with bitcoinfeedback, but it would definitely require more usership.  A weighted system would be more along the lines of "X has a rating of 75%, and rates Y with a negative feedback, which is weight to 0.75 of a negative feedback."

It would be interesting to have a spiderweb of trusts like you talked about.  If you trust someone, and they trust someone else, then you can trust that person as well.  I'm not sure how well that would work in practice (for instance, a large company doing business with lots of people might be trusted 100% by you, but it would also introduce trust of everyone they've done successful business with - can you really rely on a person because they made one transaction with a large company?), but it is interesting to think about regardless.
jgraham
Full Member
***
Offline Offline

Activity: 140


<Pretentious and poorly thought out latin phrase>


View Profile
July 25, 2011, 06:48:54 PM
 #12

I've thought about implementing a weighted trust system with bitcoinfeedback, but it would definitely require more usership.  A weighted system would be more along the lines of "X has a rating of 75%, and rates Y with a negative feedback, which is weight to 0.75 of a negative feedback."

It would be interesting to have a spiderweb of trusts like you talked about.  If you trust someone, and they trust someone else, then you can trust that person as well.  I'm not sure how well that would work in practice (for instance, a large company doing business with lots of people might be trusted 100% by you, but it would also introduce trust of everyone they've done successful business with - can you really rely on a person because they made one transaction with a large company?), but it is interesting to think about regardless.
Some kind of value expressing the nature of the purchases/sales. i.e. total purchases value (in the case you are selling to them) or sales (in the case you are buying from them).  Incomplete and open transactions would be interesting metrics.

Without these I can build up a reputation through a number of small purchases/sales and then rip a group of people off for a large amount.  However if I knew even say the percent of total sales that my purchase represented.   I'd tend to trust them more (on ebay I always look at the transaction history of a seller before I buy).

I'm rather good with Linux.  If you're having problems with your mining rig I'll help you out remotely for 0.05.  You can also propose a flat-rate for some particular task.  PM me for details.
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
July 25, 2011, 06:53:15 PM
 #13

I've thought about implementing a weighted trust system with bitcoinfeedback, but it would definitely require more usership.  A weighted system would be more along the lines of "X has a rating of 75%, and rates Y with a negative feedback, which is weight to 0.75 of a negative feedback."

It would be interesting to have a spiderweb of trusts like you talked about.  If you trust someone, and they trust someone else, then you can trust that person as well.  I'm not sure how well that would work in practice (for instance, a large company doing business with lots of people might be trusted 100% by you, but it would also introduce trust of everyone they've done successful business with - can you really rely on a person because they made one transaction with a large company?), but it is interesting to think about regardless.
Some kind of value expressing the nature of the purchases/sales. i.e. total purchases value (in the case you are selling to them) or sales (in the case you are buying from them).  Incomplete and open transactions would be interesting metrics.

Without these I can build up a reputation through a number of small purchases/sales and then rip a group of people off for a large amount.  However if I knew even say the percent of total sales that my purchase represented.   I'd tend to trust them more (on ebay I always look at the transaction history of a seller before I buy).
Excellent point, and I'll add BTC used in the transaction as a field in the feedback form.  BTC used in the transaction will likely have to be an optional field though, as I imagine many people will not want to give away the amount of BTC they spent.  But I do think it would be helpful to know if someone made 30 1 BTC transactions or 1 2000 BTC transaction.
Equanimous
Newbie
*
Offline Offline

Activity: 17


View Profile
July 25, 2011, 07:22:33 PM
 #14

I clearly think that ripple is the way to go !

In a ripple based system you clearly indicate how many BTC you trust your friends with and
then those friend can use your trust as a line of credit.
(This might also make the bitcoin economy take of.)

I don't think a number between 0 and 1 will work because what does it mean ?
Would 0.254 mean that you friend is good for 10 BTC, 100 BTC or 1000 BTC ?

Learn about ripple based systems here.

http://www.youtube.com/watch?v=ySzqM5dpF7s

http://www.youtube.com/watch?v=CyiyUjPMs-g

Donate to: 13ofyUKqFL43uRJHZtNozyMVP4qxKPsAR2
jgraham
Full Member
***
Offline Offline

Activity: 140


<Pretentious and poorly thought out latin phrase>


View Profile
July 25, 2011, 08:34:55 PM
 #15

I clearly think that ripple is the way to go !

In a ripple based system you clearly indicate how many BTC you trust your friends with and
then those friend can use your trust as a line of credit.
(This might also make the bitcoin economy take of.)

I don't think a number between 0 and 1 will work because what does it mean ?
Would 0.254 mean that you friend is good for 10 BTC, 100 BTC or 1000 BTC ?

Learn about ripple based systems here.

http://www.youtube.com/watch?v=ySzqM5dpF7s

http://www.youtube.com/watch?v=CyiyUjPMs-g

Can people please post text instead of video?  I can read over 1000wpm at 91% comprehension - watching video is incredibly boring.

Self-rated systems seem weak or hard to scale.  If we try to make this analogous to something like the reputation system on ebay.  Then to gain a high-degree of trust I need to compromise the account of someone with a high-degree of trust.

But with the ripple system it seems like all I need to do is create an account "Bill", compromise any other account e.g. "Sally",  create a relationship between Bill and Sally assigning Bill a arbitrarily high amount of trust.  Now Bill can rip off anyone in Sally's web of trust for that amount.   The only thing that would stop this is, if (and this isn't documented) transactions between Bill and anyone in Sally's web of trust are constrained by Sally's trust level.  i.e. If I trust Sally for $50 it doesn't matter that she trusts Bill for $10000.   I still only trust Bill for $50.  Which means transactions are constrained by my trust of my local community.  Which seems hard to scale.

I suppose, if I'm reading this correctly then/ Ripple assumes that trusting someone to payback $50 is identical or at least proportional to my trust in their *fiscal judgement*.  Which is untrue.  I might trust my sister to pay me the $50 back she owes me but I might never trust her judgment on who to trust for $50 (or more).  Likewise it might be prudent to trust Jack's fiscal judgment (because he is a retired loans officer) but never trust him more than $50 because he's on a fixed income.

I'm rather good with Linux.  If you're having problems with your mining rig I'll help you out remotely for 0.05.  You can also propose a flat-rate for some particular task.  PM me for details.
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
July 25, 2011, 08:50:04 PM
 #16

I clearly think that ripple is the way to go !

In a ripple based system you clearly indicate how many BTC you trust your friends with and
then those friend can use your trust as a line of credit.
(This might also make the bitcoin economy take of.)

I don't think a number between 0 and 1 will work because what does it mean ?
Would 0.254 mean that you friend is good for 10 BTC, 100 BTC or 1000 BTC ?

Learn about ripple based systems here.

http://www.youtube.com/watch?v=ySzqM5dpF7s

http://www.youtube.com/watch?v=CyiyUjPMs-g

Can people please post text instead of video?  I can read over 1000wpm at 91% comprehension - watching video is incredibly boring.

Self-rated systems seem weak or hard to scale.  If we try to make this analogous to something like the reputation system on ebay.  Then to gain a high-degree of trust I need to compromise the account of someone with a high-degree of trust.

But with the ripple system it seems like all I need to do is create an account "Bill", compromise any other account e.g. "Sally",  create a relationship between Bill and Sally assigning Bill a arbitrarily high amount of trust.  Now Bill can rip off anyone in Sally's web of trust for that amount.   The only thing that would stop this is, if (and this isn't documented) transactions between Bill and anyone in Sally's web of trust are constrained by Sally's trust level.  i.e. If I trust Sally for $50 it doesn't matter that she trusts Bill for $10000.   I still only trust Bill for $50.  Which means transactions are constrained by my trust of my local community.  Which seems hard to scale.

I suppose, if I'm reading this correctly then/ Ripple assumes that trusting someone to payback $50 is identical or at least proportional to my trust in their *fiscal judgement*.  Which is untrue.  I might trust my sister to pay me the $50 back she owes me but I might never trust her judgment on who to trust for $50 (or more).  Likewise it might be prudent to trust Jack's fiscal judgment (because he is a retired loans officer) but never trust him more than $50 because he's on a fixed income.
Lol, completely agree on the videos.  I hate trying to watch videos for intellectual stuff.  Much easier to comprehend if it is just read.  Reading also lets me move at my own pace.  I can't easily speed up or slow down a video.

Anyway, I agree with you about the difficulties facing a spiderweb of trust.  I suppose it could potentially be fixed by giving two ratings to a person - one as a trust rating for how much you trust them to pay back, and one as a trust rating for how much trust you put into their trust ratings.  These trust ratings would be compounded - for example, if you trust Sally's judgement for 50%, and Sally trusts Joe's judgement for 50%, and Joe has an overall feedback rating of 80%, then you would trust Joe 20%.  That way, the only people who would be at or near 100% trust would be those in your close circle of friends who really do trust each other 100%.

Of course, that kind of negates the whole purpose of a web trust system, since you're likely to know those people at or near 100% through other means already.  But I suppose new strands of relationships and trusts could be formed... it would just take a lot of people using such a system to make it useful.

You'd also have this issue:
- A scammer creates Sally, does various legitimate transactions to gain trust ratings by other people
- Scammer then creates Bill, with 100% trust from Sally.  Anyone who trusts Sally now also trusts Bill at the same trust rating
- Scammer scams people with Bill.
- Scammer then creates Bill #2, with 100% trust from Sally.  Etc etc...

Lots of difficult problems to solve with a web of trust like this.
Astrohacker
Full Member
***
Offline Offline

Activity: 156



View Profile WWW
July 25, 2011, 09:42:57 PM
 #17

SgtSpike, you've identified what I think sounds like the biggest problem with Ripple as I presently understand it (and if anyone can post a good article here that explains Ripple I would appreciate it), which is that it only allows for a trust toggle of either 100% or 0%. Either you're in a network, or not. But I don't trust everyone this way... trust is somewhere between 0% and 100%. 0% means I wouldn't trust them with anything, and 100% means I would trust them with my life. 50% means I'm unsure.

I actually think trust is well-represented with a probability p. p is the probability that they are going to do what they say. p=0.9 means that I am 90% sure they will do what they say. p=0.5=50% means I'm not sure one way or the other. p=0.1=10% means I'm 10% sure they will do what they say at 90% sure they WON'T do what they say, e.g. they are a liar/scammer.
jgraham
Full Member
***
Offline Offline

Activity: 140


<Pretentious and poorly thought out latin phrase>


View Profile
July 25, 2011, 10:41:39 PM
 #18

SgtSpike, you've identified what I think sounds like the biggest problem with Ripple as I presently understand it (and if anyone can post a good article here that explains Ripple I would appreciate it), which is that it only allows for a trust toggle of either 100% or 0%. Either you're in a network, or not. But I don't trust everyone this way... trust is somewhere between 0% and 100%. 0% means I wouldn't trust them with anything, and 100% means I would trust them with my life. 50% means I'm unsure.

I actually think trust is well-represented with a probability p. p is the probability that they are going to do what they say. p=0.9 means that I am 90% sure they will do what they say. p=0.5=50% means I'm not sure one way or the other. p=0.1=10% means I'm 10% sure they will do what they say at 90% sure they WON'T do what they say, e.g. they are a liar/scammer.

Depends on what you mean.  If you are still talking about self-ratings then how do you deal with the fact that they are:

i) Non-uniform.  Someone can say they will pay you back for $5 100% of the time but are high-risk for $1000.  I actually worked with someone like this.  Every second or third week he would borrow a "fin" off me and right as rain he'd pay it off on payday.  After working for the company five years.  He borrowed $2000 from them to buy a computer...then left town.  Similarly as I've had to do more and more project management work I realize that I have to not only assign a probability as to if someone is trustworthy but also some kind of "prior probability" for the kind of task.
 
ii) Have a wide degree of variance.   Some people might write down debts, others might not.  Peoples ability to remember varies widely. How do I know if you say 80% that you mean the same thing as I do with 80%.  Perhaps your 80% is really a 60%?


I'm rather good with Linux.  If you're having problems with your mining rig I'll help you out remotely for 0.05.  You can also propose a flat-rate for some particular task.  PM me for details.
bitplane
Sr. Member
****
Offline Offline

Activity: 321

Firstbits: 1gyzhw


View Profile WWW
July 25, 2011, 11:43:43 PM
 #19

I just dreamed this up a moment ago while reading this thread, so apologies if its a bit immature.

The problem of trust is that it's trust in a person, while a better system would be to only trust facts. Imagine a semantic network of signed factoids that are readable by both man and machine and signed by the authors of the facts. Factiods ought to be tiny fragments of information, chained together by semantic references:

"1: A contract was agreed between Alice and Mallory" (<Alice>, <Mallory>)
"2: <1> is worth $50" (<Alice>, <Mallory>)
"3: In <1>, Alice will send $50" (<Alice>, <Mallory>)
"4: After <3>, Mallory will send Goods" (<Alice>, <Mallory>)
"5: <3> is complete" (<Alice>, <DHL>)
"6: <4> is complete" (<Mallory>)
"7: <5> is false" (<Mallory>)

A global network of this information could then be mined and sophisticated software can fish out the truth-tellers from the liars, that is of course, if you don't mind having all this information public.
nighteyes
Member
**
Offline Offline

Activity: 105


View Profile
July 26, 2011, 12:34:36 AM
 #20

Besides Ebay being the overlord of their rankings, Ebay also has the US government's laws&regulations. If an Ebay purchase were not a legal contract, it would fall apart. In addition to the myriads of consumer protections on top of Ebay dispute resolution.

I would say the way out is through social networking. With Anon+ or whatever its going to be called, you can not only have an individual identity, but many group identities.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!