It's Like Déjà Vu All Over Again
"You could probably waste an entire day on the preceding links alone. But why take chances? We also give you Paul Snively..." — John Wiseman, lemonodor
Howard Rheingold: "Smart Mobs" This is an interesting twist. I have watched this take off too. It happens in the blog world with regularity (I still wish that people would get off of these automated reputation systems -- a blog is a reputation system, it works via a "I trust you, you trust him/her, etc," and scales extremely well. The difference is that there are real people making decisions vs anonymous voters.).
It's a shame to see this in the midst of a rather lengthy run of excellent analysis by John, because it contains simple errors of fact that people unfamiliar with reputation systems might believe to be true. To begin with, if it's a reputation system, then it doesn't have anonymous voters by definition. If a system allows anonymous voters, it's not a reputation system. Reputation systems deal with identity by definition; if they allow anonymity then by definition they are not attack-resistant and cannot be trusted. Sierra is a reputation system. Advogato employs a reputation system—one of only two known attack-resistant trust metric systems in the world today. The other is Google's PageRank system. PageRank is not itself a reputation system because it doesn't deal with identity, only authority of web pages. So it points up the need to distinguish between authority metrics and trust metrics, although there is obviously some overlap there that would be interesting to capture. Why aren't authority and reputation the same? Because authority is only expressed positively (you either have a lot of links pointing at you or you don't, but if you don't, it doesn't mean you don't know your subject) whereas reputation systems treat both positive and negative explicitly (that is, it's a three-valued logic: positive, negative, and unknown are all treated explicitly).
Weblogs are not a reputation system for the same reason that PageRank isn't, and this is significant because if you do conflate authority with reputation, then weblogs obviously would be a reputation system using Google and PageRank as its metric. It's already been noted elsewhere (I'll have to find a link later) that blogrolling has a disproportionate impact on PageRank due to blogrolls typically crossing domains—an important component of PageRank's attack-resistance being to attempt to ensure that links aren't coming from "the same entity" as the page being linked to. Once again, we see the need for cryptographically strong identity. There isn't even a way to query a weblog as to who wrote it (but there should be; see Aaron Swartz' essay on how to sign your page).
The bottom line is that reputation metrics are becoming increasingly important, not less so. Simply handwaving the issues away and claiming that individual human assessment of trust is sufficient for the Internet is a fatally flawed outlook. The responsible thing for the COO of a popular blogging tool to do would be to ensure with all due haste that his company's product trivially supported at least the digital signature of the pages that it generates and, if at all possible, supported an attack-resistant trust metric that could easily be queried by anyone through an XML-RPC or SOAP or REST or whatever call to their product.
8:45:49 AM
