--- robots: noindex, nofollow --- # Trust Metrics – Internal Notes ## Purpose This document captures key notes, lessons, and reflections on trust metrics in online systems — especially small, intentional, pseudonymous communities. It pulls from historical examples (e.g., Advogato, PGP), newer thinking (e.g., Progressive Trust, XIDs), and practical questions for implementation. Not intended as a musing draft or a spec, but possibly inspiring one. --- ## 🧩 Key Motivations - Trust metrics are *not* about central authority but about **computationally modeling subjective trust** in ways that: - Scale across communities - Respect privacy (including pseudonymity) - Resist sybil attacks - Reflect gradual, contextual trust-building - **XIDs** (Extensible Identifiers) and **Gordian Envelopes** provide new tools for encoding, disclosing, and verifying trust data without needing real-world identities. - Central question: Can we build **reputation and role escalation** in a system where users are pseudonymous and trust is progressive? --- ## 🧱 Foundational Ideas ### What is a Trust Metric? A trust metric is an algorithm that computes trustworthiness scores from a web of trust-like data: - Edges (endorsements, attestations, observations) - Edge weights (strength, confidence, recency) - Topological constraints (max hops, decay functions, exclusion rules) **Types:** - Global (everyone shares same view; e.g., Advogato, PageRank) - Local/subjective (trust from one person’s POV; e.g., MoleTrust, TidalTrust) --- ## 🧭 Lessons from Past Systems ### PGP Web of Trust (Flaw: Binary Trust) - Users signed each other's public keys. - Transitive trust was binary: you either fully trusted someone as an introducer or not. - Problem: too coarse. Easy to over-extend trust or create false assurance. - Key learning: **transitivity needs to be *limited* and *graded***. ### Advogato (Flow-Based Trust Metric) - Used max-flow from trusted seed nodes to determine who was certified at each level (Observer, Apprentice, etc.) - Based on reputation propagation from a trusted core using a **capacity-constrained graph**. - Protected against sybil spam reasonably well. - Failed socially: couldn’t handle disagreements or misuse (e.g., “cranks” endorsed as Masters). - **No downvoting** or penalties for careless endorsements. 🔗 Archive: https://web.archive.org/web/20120516004623/http://www.advogato.org/trust-metric.html 🧵 Postmortem: https://web.archive.org/web/20170628190710/http://www.advogato.org/article/928.html ### MoleTrust & TidalTrust (Jennifer Golbeck) - Developed for social rating and recommender systems (Epinions). - Built trust scores from your local social graph. - Introduced **trust horizon** (depth limit) and **trust decay** over distance. - Trust is personal: *my* score for *you* depends on how far you are in *my* network. - Great model for small, subjective systems. 🔗 https://drum.lib.umd.edu/handle/1903/3293 ### BrightID - Modern sybil resistance network - Connects real humans in a trust graph to prove uniqueness. - Trust isn’t about character but about **not being a fake**. - Relevance: strong example of transitive trust with attack resistance. 🔗 https://www.brightid.org --- ## 🧠 What Went Wrong or Missing? - **No contextual trust**: Early systems had only one trust score for all use cases. - **No progressive model**: Binary “you’re in or out” failed to mirror real trust growth. - **No support for pseudonymity**: Trust was linked to real identity or persistent profiles without privacy layers. - **No selective disclosure**: Couldn’t prove just enough trust for a situation. --- ## ⚙️ Modern Approaches & Concepts ### Progressive Trust (Blockchain Commons) - A ten-phase trust life cycle: from initial introduction to escalation/dispute. - Maps directly onto real-world interactions. - Trust grows over time, optionally across multiple contexts. - Supports **selective disclosure**: only reveal what’s appropriate for the interaction stage. 🔗 overview https://www.blockchaincommons.com/musings/musings-progressive-trust/ 🔗 more detai: https://developer.blockchaincommons.com/progressive-trust/ ### XIDs + Gordian Envelope - Pseudonymous identity (32-byte public key–based ID) - Envelopes store credentials, endorsements, interactions - Supports cryptographic **elision** and selective proof - Trust can be **expressed, aggregated, verified, and revealed** as needed 🔗 https://github.com/BlockchainCommons/XID-Quickstart --- ## 🧪 Implementation Notes / Ideas ### Trust Input Sources - Endorsements from trusted users (weighted?) - Self-attestations with verifiable proofs - Participation artifacts (e.g., signed proposals, commits) - Community feedback (e.g., moderation, review) ### Metrics We Might Use - **Endorsement Count** - **Max-flow from known good XIDs** - **Reputation composite** - **Local personalized trust** ### Design Constraints - Privacy-preserving (no need to deanonymize) - Verifiable (must be cryptographically provable) - Transitive but capped (no infinite chains) - Transparent but selectively disclosable ### CLI Prototypes (Sketches) ```sh # From CLI tools: xid trust list --xid ur:xid/abc... xid trust score --xid ur:xid/abc... --from ur:xid/seed... --depth 2 # Sample envelope assertion envelope assertion add pred-obj string "trustScore" string "0.87" <ENVELOPE> ```` ### Elision Example * You may choose to reveal: “I’m trusted by two Masters in domain X” * But *not* reveal: who exactly they are, or trust in other contexts --- ## 🤔 Open Questions * How do we incorporate **negative feedback** (or retract trust)? * Can we derive a trust decay model that works offline? * Should trust be domain-specific by default? (e.g., code review ≠ treasury signing) * What does a **healthy trust graph** look like? Any metrics? Visualization? --- ## 🧰 Future Directions * Merge with VC-based approaches (e.g., issue credentials for trust levels) * Build visualization tools for endorsement graphs * Support community-configurable thresholds and trust roots * Run multiple trust metrics in parallel and compare behavior --- ## 🧷 References & Anchors * **Advogato Trust Metric** [https://web.archive.org/web/20120516004623/http://www.advogato.org/trust-metric.html](https://web.archive.org/web/20120516004623/http://www.advogato.org/trust-metric.html) * **Advogato Fail Discussion** [https://web.archive.org/web/20170628190710/http://www.advogato.org/article/928.html](https://web.archive.org/web/20170628190710/http://www.advogato.org/article/928.html) * **MoleTrust / Golbeck Dissertation** [https://drum.lib.umd.edu/handle/1903/3293](https://drum.lib.umd.edu/handle/1903/3293) * **BrightID** [https://www.brightid.org](https://www.brightid.org) * **Progressive Trust** [https://www.blockchaincommons.com/musings/musings-progressive-trust/](https://www.blockchaincommons.com/musings/musings-progressive-trust/) * **XID Concepts** [https://github.com/BlockchainCommons/XID-Quickstart](https://github.com/BlockchainCommons/XID-Quickstart) --- ## ✅ Possible Next Steps * Prototype minimal trust scoring with endorsements + CLI * Define 2–3 “context” trust types (e.g., onboarding, governance, review) * Survey existing endorsement graphs (e.g., in a Git-based project) * Bring in community voices: what would *they* trust? ---