Lately I've been thinking that a community reputation system for bitcoin would be a very useful thing. I know that other people (
https://bitcointalksearch.org/topic/investors-for-bitcoin-stock-market-and-credit-rating-agrency-dev-started-3844) have had similar ideas, but reading that thread I am confused about how the reputation system would actually work in practice, and the idea of a combined stock trading + credit rating + reputation system seems quite fuzzy to me.
I come to you bitcoin forum, to ask for your advice.
What features would you like to see in a bitcoin reputation system? What successful reputation systems have you used in the past?
The most important qualities I can think of are:
* Must be resistant to sybil attacks. A sybil attack is where one entity constructs multiple fictional personas to rank another entity either up or down. See
http://en.wikipedia.org/wiki/Sybil_attack* Must be free. I don't think charging for this service would lead to widespread community adoption.
* Must be easy to use & understand. While I like the idea of the #bitcoin-otc web of trust, I feel that the need to IRC adds an additional barrier to entry. In addition, the system must be simple enough for ordinary users to master.
* The service itself must be trusted. I think an opensource model would go along way to help this.
* Should allow both quantitative and qualitative feedback. Quantitative feed back is the kind where you rank a user in a way that can be ultimately resolved to a number (positive/negative, I trust this person completely/mostly/a little/distrust), while qualitative feedback is the kind where you describe your experiences with a person (“A+++ trader, would trade again, prompt payment” etc). Ebay is an example of a mixed system.
* Should be resistant to social pressure to only leave positive feedback. Users should be able to feel like they can rank honestly. I'm not sure how this gels with the point above or not.
* A user chosen level of anonymity. Users should be able to link other accounts (bitcoin forum/facebook/twitter etc) with their reputation system account, or not, as they choose. Though facebook accounts et al can of course be faked, linking to an account that seems like a real person or company with a long history and obvious interactions with other users would increase confidence.
* An api to allow easy integration with other services. This should allow both read & write access to the reputation system.
One option I am exploring is a web of trust model with two rating options, “how much do I trust this person” and also “how much do I trust this person's ranking judgment”. Because just because I trust you not to rip me off doesn't mean I trust you not to make poor decisions when it comes to other people. This model would be more resistant to sybil attacks because unless I or someone I knew trusted a sybil account there could be a million sybil accounts on the system and I wouldn't even notice. A decay function ( the further you are away from me in the network, the less your opinion matters) + the ability to decide how much I trust another persons judgment would further reduce the problem of sybil attacks. User ranking of trust and judgement is private to a particular user and is only exposed through the indirect means of people who's judgement I trust. This will encourage honest rankings
Having an api would mean we could easily "plug-in" other reputation systems into this, i.e. there could be a bitcoin-otc account that reflects the current "opinion" of bitcoin-otc about a particular user (Q: how to link resolve bitcoin-otc user to the reputation system user?). How much you trusted bitcoin-otc as a reputation provider would then be up to you.
How to mix this with a qualitative system allowing arbitrary user feedback I'm not sure of.
This is largely a subjective system, i.e. there is no network wide view of the trustfulness of a particular user (though I suppose one could be calculated), only the view from a particular perspective.
One problem I can see is how new users know who to trust in the first place. If I have no one I trust the judgment of the system effectively becomes useless.
Please let me know your thoughts.