Comments on: The Advogato trust metric is not attack-resistant http://www.squarefree.com/2005/05/26/advogato/ Jesse Ruderman on Firefox, security, and more Thu, 20 Nov 2008 08:48:26 +0000 http://wordpress.org/?v=2.5 By: paolo http://www.squarefree.com/2005/05/26/advogato/#comment-1365 paolo Thu, 02 Jun 2005 11:23:48 +0000 http://www.squarefree.com/?p=263#comment-1365 Google (stanford) and yahoo! (one of the author of the paper is from Yahoo!) are going for trustRank http://moloko.itc.it/paoloblog/archives/2005/04/26/from_pagerank_to_trustrank.html However this is still a Global trust metri while I'm trying to push "local trust metrics" see http://moloko.itc.it/trustmetricswiki/moin.cgi/LocalTrustMetric and http://moloko.itc.it/paoloblog/archives/2005/04/30/paper_accepted_at_aaai05_controversial_users_demand_local_trust_metrics_an_experimental_study_on_epinionscom_community.html Google (stanford) and yahoo! (one of the author of the paper is from Yahoo!) are going for trustRank http://moloko.itc.it/paoloblog/archives/2005/04/26/from_pagerank_to_trustrank.html

However this is still a Global trust metri while I’m trying to push “local trust metrics”
see http://moloko.itc.it/trustmetricswiki/moin.cgi/LocalTrustMetric and http://moloko.itc.it/paoloblog/archives/2005/04/30/paper_accepted_at_aaai05_controversial_users_demand_local_trust_metrics_an_experimental_study_on_epinionscom_community.html

]]> By: Matt Brubeck http://www.squarefree.com/2005/05/26/advogato/#comment-1330 Matt Brubeck Fri, 27 May 2005 18:15:10 +0000 http://www.squarefree.com/?p=263#comment-1330 Ah, that's right. Nice work! Ah, that’s right. Nice work!

]]> By: Jesse Ruderman http://www.squarefree.com/2005/05/26/advogato/#comment-1329 Jesse Ruderman Fri, 27 May 2005 17:35:01 +0000 http://www.squarefree.com/?p=263#comment-1329 Matt, I think my attack still works even if the confused nodes can only be made to trust bad nodes (rather than any nodes the attacker chooses). Instead of making the expensive confused node trust the cheap confused nodes directly, the attacker would make the expensive confused node trust one of his nodes, which would in turn trust each of the cheap confused nodes. This makes the attack more expensive, but not more than 4 times as expensive. Matt, I think my attack still works even if the confused nodes can only be made to trust bad nodes (rather than any nodes the attacker chooses). Instead of making the expensive confused node trust the cheap confused nodes directly, the attacker would make the expensive confused node trust one of his nodes, which would in turn trust each of the cheap confused nodes. This makes the attack more expensive, but not more than 4 times as expensive.

]]> By: Matt Brubeck http://www.squarefree.com/2005/05/26/advogato/#comment-1328 Matt Brubeck Fri, 27 May 2005 14:14:14 +0000 http://www.squarefree.com/?p=263#comment-1328 Your counterproof depends on a particular interpretation of the attack model. It's not explicitly stated in Levien's proof exactly how much control the attacker has over "confused" nodes. If the attacker can only convince confused nodes to trust "bad" nodes, then Levien's proof holds. If, however, the attacker can convince confused nodes to trust arbitrary other nodes, then your proof holds. The former assumption might be reasonable because the attacker controls the "bad" nodes, and can use their behavior to influence other users' perceptions of them; the attacker does not have the same control over perception of non-bad nodes. Levien's proof isn't very explicit about the attacker's influence over confused nodes. His definition of a confused node states only: <i>"The confused nodes themselves represent valid accounts, but may contain certificates to the bad nodes."</i> This could reasonably mean that the confused nodes are assumed to be valid in every way except for their certification of bad nodes. Your counterproof depends on a particular interpretation of the attack model.

It’s not explicitly stated in Levien’s proof exactly how much control the attacker has over “confused” nodes. If the attacker can only convince confused nodes to trust “bad” nodes, then Levien’s proof holds. If, however, the attacker can convince confused nodes to trust arbitrary other nodes, then your proof holds. The former assumption might be reasonable because the attacker controls the “bad” nodes, and can use their behavior to influence other users’ perceptions of them; the attacker does not have the same control over perception of non-bad nodes.

Levien’s proof isn’t very explicit about the attacker’s influence over confused nodes. His definition of a confused node states only: “The confused nodes themselves represent valid accounts, but may contain certificates to the bad nodes.” This could reasonably mean that the confused nodes are assumed to be valid in every way except for their certification of bad nodes.

]]>