onfocus

Although I have some thoughts about ways to syndicate trust, I think it's possible for a decentralized review service like the one you're talking about to work without it. Or rather, at least separately from it. Just ask how we manage trust in the weblog community at the moment (it's a decentralized content service just like reviews would be)... we do it by only collecting/visiting content from people we trust. Blogrolls, for example, and subscribing to our pick of RSS feeds, are both ways that we personally handle what content we trust and by default we don't trust everything else. If all the decentralized content were aggregated, then a particular user would have to specify who they trust... which (if it seems like too much work) can be guessed from a bunch of sources (google friends, blogrolls, friendster, foaf, etc) and corrected if wrong. All Consuming does something like this, with the book recommendations feature. Trust isn't formalized into a decentralized service that can be understood by computers yet, but handling trust on our own, in our own heads, has worked for us so far. That's not to say that eventually it won't be handled better by some other mechanism, of course.

Great points. I agree that with something like reviews (opinions), friends lists, and identity info trust can be informal. But when money enters the equation (think distributed eBay) those informal systems need to be formalized somehow. Also, I think sensitive information like medical or financial advice needs more levels of trust than product reviews.

I actually had a brief discussion with Howard Rheingold about this at the last O'Reilly Emerging Tech conference - specifically about Trust-building around large organizations. Which is more valuable/useful - if you have a large entity (eBay, Amazon) give a top-down 'blessing' of certain sources/apps/entities, or if you have a 'bottom-up' network of people you trust (or people that are trusted people who trust) recommending something. Howard said, and I think I agree that the bottom-up system has more value, and can appear more valid.

But that still doesn't solve the problems you bring up - money-based interactions and the need for a secure-feeling transaction. If you solve this by relying on a trusted centralized service, the problems can really grow for the centralized service - how do they effectively police/enforce/guarantee a certain level of user experience for 3rd-party content/applications that they have blessed?

When money becomes involved, and one is relying on a trusted centralized service, the owner of that service may be hard pressed to guarantee that a recommended third party is as trustworthy as they themselves are - and they end up putting their own credibilty/trustworthiness on the line when recommending someone else, and that seems rather risky to me.

It seems like recommending 3rd parties is risky, but there are ways to work around the risk. eBay deals entirely with 3rd parties, and it seems like anyone selling through them is "recommended" by eBay. Their ratings systems alleviates the risk to their brand when they have a bum seller. Same with Amazon and 3rd parties. The main thing is that there's a path for reporting problems with certain individuals/companies to others...and any distributed system would need that as well. It's just not clear to me how that would work.

Are you reading D351gn.com's blog on Whuffie/'reputation economy?'

http://www.d351gn.com/whuffie/

No, I didn't know about it. Thanks for the pointer!

great topic. i also heard this come up several times at [O'reilly] foo camp...

one thing i would add is that trust is likely context-sensitive -- in other words, i might TrustFx(music) you for your song collection, but i might not TrustFx(cooking) you to be a great cook.

pretty sure your initial comment was more about e-commerce transactions, but i think this points up the idea that people might have multiple reputations based on whatever context is relevant.

that said, having a non-centrally-located trust authority might be useful, if it can:
1) aggregate enough trust relationships to provide accuracy
2) be reliable enough to prevent reputation fraud
3) be relatively non-partisan / non-influenced

would love to hear more thoughts on this from others...

To address your first bullet point Dave, that's why I think weblog tools can make this happen. They have the (somewhat) distributed user-base, and can force-feed (er, promote) a standard metadata format for reviews, commerce, etc. With enough adoption, you can build individual applications to aggregate some or all of the participants. You just need the standard formats. As far as your other points, reliability and crackability, those answers could be baked into the format.

I think that preventing reputation fraud would be a very tough nut to crack - wish I could offer up a good solution. All I can think of is the recent eBay frauds where someone socially engineered hacks into eBay accounts, found users with great reputations, masqueraded as them, and pulled off some really nasty scams. In other words: how do I, as a potential customer, know that A) your reputation was built in an honest and fair manner and B) that you really are the owner of that reputation?

I think your concerns are present in any commerce/reputation system, alan, not just a distributed one. (And it's definitely present in our current financial system--credit cards, for instance.) Any system is going to have fraud...there's just no way around it. But you can't let that fact stop you from going forward. Instead, you have to find the balance between usefulness and acceptable risk, and build as many safeguards as possible. The system of reporting fraud (or bum users) that I mentioned is one way. PGP key-signing parties, and verifying identities off-line is another way. Showing how trust is built into the distributed system would be very important.

Yes, agreed, I was going to add to the post above that this (easy-to-defraud) situation is the same in the real financial world as well. Allowing external customers to review/rate services/users/etc. seems like one of the best possible uses of a centralized space (which eBay already does to a degree) - especially if it can be redistributed easily, with the fallback source being the original trusted central space for verification - so people can always do their own double-checking to see if reputations are valid.

i love the thing about getting super powers from all this monitor radiation. i only hope thats true, instead of just giving me weird brain and eye diseases some day in the future