My take on how rep systems work
Tue, 2010-03-09 08:57
I've been brain-struggling over the issue (ok, it might just be an issue for me) of rep networks and how they securely and accurately connect rep to people, trying to resolve a few of my issues with it.
I have some concerns with how I think it works in-game, and I have some suggestions for how I think it ought to work in-game.
At first glance it seems to make some sense to tie a rep to a meshID. That way when you meet someone you can tag their meshID, run a lookup, and know their rep score.
But, if I imagine the rep network as a huge list of mapped meshIDs to repScores, it means I can then browse one of my networks (e.g. Science), copy down a list of meshIDs, run a lookup on a different network (e.g. Crime) and if I get positive hits I've found a whole bunch of criminal scientists. While that may be useful, it hits my 'oh my god, what about privacy' nerve.
Maybe I don't quite get what a meshID is ... but to me it is like a hardware (MAC) address. In 'real life' it is trivial to sniff network traffic, pick up MAC addresses, and on the fly change the MAC address of your own computer. When I look at meshIDs in this way, it seems too easy to spoof someone else's meshID to benefit from their rep level (not necessarily spend their rep - but just have people in awe at you for having such an awesome rep).
These two issues don't sit well with me.
So instead I took a look (mentally) at how I'd design a rep network. Firstly the underlying system needs to be robust and secure enough to let people 'publically' and 'privately' ping each other: i.e. I need to have a publically known piece of data that anyone can send to my network to get information on me, and I need a private piece of data I can send to my network to authenticate my transaction on the network. The public/private key encryption system seems perfect for this.
See: public key cryptography - wikipedia
The following example is described in a non-automated way, but I imagine systems would be in place to handle such things seamlessly in the background (poor muse having to handle all the mundane boring jobs - then again, I'd never trust my muse with my passwords ... paranoid much?):
The rep network has managed to function as needed without ever needing to map to anything other than network-unique key pairs. In addition it has traded public keys between Bob and Sally in a trustworthy way which might let them 'friend' or trust-validate each other on the network.
If Sally wished to then 'spend' some of her rep, I can imagine such a transaction taking place in a similar way.
If Skimble and Bob happen to be forks of the same person, suddenly Sally's {network: beer} and {network: coffee} IDs could, in Bob/Skimble's mind, be associated as being the same person - they could share/sell this info. But if Sally ever finds out she's going to 'thumbs down' Bob/Skimble big time! But at least they couldn't get this info just from walking past Sally and noting down what meshID she was broadcasting.
In addition to this underlying process, I would then imagine that the systems/servers that manage the rep network would run and operate as a distributed network, never relying on a mesh connection to a single node, taking advantage in a p2p bittorrent-like way of runtime on the systems of all of those subscribed/connected to the network.
This would allow anyone to create a new identity on a network simply by signing up and creating your public/private key pair.
So what's to stop someone signing up 100 times and then gaming the system? Maybe algorithms that monitor for suspicious activity, or perhaps the sign-up process requires a meshID - with the proviso that the meshID is never revealed by the system? But then what's to stop someone getting 100 fake meshIDs and gaming the system anyway?
There seems to be zero value to signing up with meshID, I'd go straight for egoID. The signup process would require validating your egoID at the time you make your public/private key pair, the egoID would be on record solely to prevent any future sign-up from the same egoID - and also as a mechanism to re-issue new public/private keys in the event of key 'loss'.
Fake account problems could be mitigated, to some extent, by a 'web of trust' (See web of trust - wikipedia) with, for example, achievable rep levels being directly related to the number of other network members that have 'trust' validated your key pair/network identity. To be able to have a rep in the 60-70 bracket, you need X existing members with rep 60+ to have trust-validated you (where X is either a static number or %age of the 60+ network membership, etc).
Note:Being trust-validated isn't the same as being given a 'thumbs up', or a ++like etc.
This system I have described also seems like a natural expansion of the current public/private key system and the concept of a 'web of trust'. I can easily see (in my overactive imagination) early decentralised 'web of trust' cryptography systems expanding to become rep networks.
I'm sure there are flaws in the above, hopefully some inspiration too. I'd be delighted to hear the opinions of others.
Tue, 2010-03-09 15:28
#2
Re: My take on how rep systems work
Thanks for the reply 
I really do find this fascinating and I am enjoying thinking about and discussing it.
While I'm convinced I was missing some major things, I'm not those you describe would qualify - as I was trying to describe how I'd design such a system rather than describing how I thought EP game devs had designed their system (especially given that I am not sure I do fully understand how they've designed it - aint stopping me talking about it and hopefully being educated).
Just because some people might want their reps and activities public doesn't mean that the complicated systems and processes to manage reputation networks would be designed and implemented in a way that enforced openness. To my mind (irrespective of whether EP systems work that way or not 
) such a system should be designed to enshrine privacy by default while allowing individuals to make their 'network profiles' as open as they choose (original facebook model rather than twitter model? ).
As a perfectly legal hauler I may appreciate having some G-rep, I might however want that to be private except for when I choose to make it known, without having to create or purchase a fake identity. Mechanistically trying to define how that works is interesting ... am imagining the hauler receiving an 'email' saying "you've just been awarded 3 G-rep, click here to login and associate this with your account. If you don't have an account click here to register" and then after registering getting a new email saying "you've just had 3 rep from Bruiser Bob, would you like to trust-validate him as a friend?".
I'm glad reps are tied to actual IDs (that's ego ID, right?) rather than mesh IDs. Not surprised that I had that wrong as I was fairly certain I didn't have a grasp of exactly how EP does it. Does the network publicise the real IDs in any way or does it work more in the way I described? (I know which I'd prefer)
If I bump into a person at the bar, how do I check/validate their rep? Do I need to know their real ID?
As for mesh IDs to say they are equivalent to my phone number, username, and email address isn't necessarily all that helpful. For my mum she might have only one of each, so could be considered fairly unique. I however have umpteen usernames (who I am on facebook isn't who I am on linkedin, and I wouldn't want it to be, they are separate online 'identities'), very many email addresses, and more than one phone number, and more than one private/public encryption key. None of this however makes me a 1337 hax0r d00d able to create myself fake identities - and I'm visualising an EP system that mirrors this rather than relying on creation of fake identities which would probably be well beyond my EP character.
I totally agree on the cracking encryption issue, that quantum encryption and probably regular key regeneration makes encryption cracking effectively impossible for all practical purposes relating to this subject.
Tue, 2010-03-09 17:18
#3
Re: My take on how rep systems work
Remember that tech in the EP universe is quite advanced; thanks to facial recognition, Mesh ID permissions and other long-distance biometrics, it'll be quite easy (and relatively automatic) to read up on someone's reputation. In fact, this is exactly how it was intended; reputation systems are designed to be sousveillance systems in which the public keeps track of itself. The concept of privacy (and refusing positive or negative rep) is anathema to the very concept of a reputation system. We aren't just talking about a merit-based economy... we are talking about a system that also replaces police, public record, and other modern faculties. Especially in the outer system, reputation is a means of keeping track of criminals as well as the legitimate. Every heinous act you pull in an anarchist habitat nets you negative @-rep, and other habitats will know the kind of person you are very quickly.
While the majority of reputation accounts will be tied to IDs, not all of them will. For instance, the Eye likely keeps track of you by your code name, and other information that Firewall keeps. Much of your data will be hidden, because Firewall does not like it when sentinels try to find out the real identity of other sentinels. In another example, people who refuse to register with a rep network will likely still get an account the first time they do something notable, good or bad. Of course their ID won't be in there (unless somebody knows what it is), but I guarantee that people will upload photos of their face, voice samples and other info into the system so that they can be identified later, whether by name or not. You can tie your Mesh ID to your reputation account (or accounts, if you successfully pull off multiple identities), but you are not obligated to do so. Someone else may very well do it for you at some point anyways.
In essence, reputation networks are only barely like Myspace and Twitter. A better example would be eBay (but even then it's not very accurate). The core concept behind a reputation network is that your score is a peer-edited critique on your actions. You cannot control your score beyond simply doing things in hopes of raising it. Others control your score, and other information that you'll find in your profile. It is essentially the futuristic replacement of our modern public record system, which also functions in a merit-based society as a form of economy.
Tue, 2010-03-09 19:31
#4
Re: My take on how rep systems work
... interesting
all of which makes the idea of being able to have a 'fake' identity on a network seem to fall somewhere between meaningless and impossible .. at least if we look at it in today's terms.
I'm not necessarily disputing what you say ... however the majority of the information you describe is morph specific (facial recognition, many biometrics) or creatable on the fly (i.e. mesh ID) and wouldn't necessarily be attachable to a specific ego, so wouldn't so uniquely identify someone as they would today.
Additionally if some networks do have a design of private/secret by default, it means that private/secret is a 'feature' available to networks. It makes sense for each network to utilise the same commodity software/systems to manage the processes which would therefore make such secrecy and privacy a potential feature of any network. The network may turn off such options, but it is the fundamental design of such a network that intrigues me, so I don't much mind what options an individual network might turn on/off.
I am enjoying today's mental exercise that is this discussion, thank you so very much for keeping my brain on its toes (yes, my brain has toes!)
Tue, 2010-03-09 19:59
#5
Re: My take on how rep systems work
Yeah, I would agree that modern means of faking IDs would be completely pointless. Simple facial recognition would spot most people immediately if they tried something so simple as buying a fake ID to score some drinks while underage. However, the transhumans of the world of Eclipse Phase have much greater tools at their disposal. Buying an extra morph (with credit so anonymity can be maintained) will go a long way to establishing a new identity, as will changing your mannerisms (in order to fool kinesics experts). Hell, if you're a wiz in the mesh, or know someone who is, it may even be possible to alter or erase data in your network profile, clearing up your reputation or spoofing a new face in it, so you can escape means of capture. It'd probably be out of the means of just any hacker, but a hacker with a dedicated team of allies... or the resources of Firewall's Vectors... will likely be capable of changing your reputation as you wish, or potentially how you don't wish. Be warned, however... if someone notices, everything will likely be back, and you will further be recorded as the dick who altered your own profile for personal gain.
As for networks being private, it's somewhat like that. I wouldn't call it "private" so much as I'd call it "invitation only". The Eye is certainly inaccessible to those who are not Firewall agents, and it would be downright stupid for Guanxi to be accessible by the Jovian police. Certain actions will get you in, and certain actions can also get you kicked out (which is essentially what the Blacklisted trait represents). Some are more open... Circle-A, CivicNet, EcoWave, Fame and likely even Research Network Associates are probably open to anyone who shows enough interest to register to the network. The secretive ones like Guanxi and the Eye, however, are likely member-exclusive... and I'm sure there will be others that are similarly restricted.
I'm glad I could keep you on your... um... brain toes....
Thu, 2010-03-11 14:25
#6
Re: My take on how rep systems work
As for networks being private, it's somewhat like that. I wouldn't call it "private" so much as I'd call it "invitation only". The Eye is certainly inaccessible to those who are not Firewall agents, and it would be downright stupid for Guanxi to be accessible by the Jovian police. Certain actions will get you in, and certain actions can also get you kicked out (which is essentially what the Blacklisted trait represents). Some are more open... Circle-A, CivicNet, EcoWave, Fame and likely even Research Network Associates are probably open to anyone who shows enough interest to register to the network. The secretive ones like Guanxi and the Eye, however, are likely member-exclusive... and I'm sure there will be others that are similarly restricted.
This is an important point. Not all networks work the same. G-Rep, for example, as the network of organized crime, probably has levels of access. If you have a little G-Rep yourself, you can probably find some low-level functionaries in various criminal organizations. If low-level folks start vouching for you, increasing your rep, you eventually get access to slightly higher folks. Even then, you might just get a code name or a fake ID, or more likely, someone who rep has been pumped as a cover for the person really in charge.
Wed, 2010-03-31 03:30
#7
Re: My take on how rep systems work
all of which makes the idea of being able to have a 'fake' identity on a network seem to fall somewhere between meaningless and impossible .. at least if we look at it in today's terms.
In the EP universe, to a "normal" person under "normal" circumstances (which means the vast majority of the population in the solar system), there is basically no point in faking or hiding your rep netoworks. First, without rep you wont get what you need, especially in the outer system. Second, without rep you will be viewed with suspicion - a person with blank rep scores would be akin to a person (in today's terms) walking in to shops and to the office in a ski mask.
Wed, 2010-03-31 06:41
#8
Re: My take on how rep systems work
all of which makes the idea of being able to have a 'fake' identity on a network seem to fall somewhere between meaningless and impossible .. at least if we look at it in today's terms.
In the EP universe, to a "normal" person under "normal" circumstances (which means the vast majority of the population in the solar system), there is basically no point in faking or hiding your rep netoworks. First, without rep you wont get what you need, especially in the outer system. Second, without rep you will be viewed with suspicion - a person with blank rep scores would be akin to a person (in today's terms) walking in to shops and to the office in a ski mask.
Exactly. The only people who would fake a reputation ID would be those who have the money to purchase a fake ego ID, which has a lot of work behind it, and is very costly.
Thu, 2010-04-01 12:13
#9
Re: My take on how rep systems work
Ok, I've lurked enough. I have a hard time with some facets of the rep system, and thus the following questions come to mind.
Question: Who or what keeps track of these rep scores? Is there a system of storage banks throughout the system that constantly transmit rep changes and creations between each other so pinging a rep of someone brings back the correct, or near correct, score for the person in question? If there is a system or set of systems that keeps track of the scores (and reasons for ups and downs), it would lead to the question, can they be hacked?
Question: How does the process work in the background for increasing someones rep? Say, if I wanted to give Jack Graham some rep in the f-rep area for creating a game for me, where would I turn to give the information that I want to do that? And do I need to give a reason for it? And how much can I give at one time? What decides if a rep increase is too large?
Thu, 2010-04-01 17:34
#10
Re: My take on how rep systems work
Question: Who or what keeps track of these rep scores? Is there a system of storage banks throughout the system that constantly transmit rep changes and creations between each other so pinging a rep of someone brings back the correct, or near correct, score for the person in question? If there is a system or set of systems that keeps track of the scores (and reasons for ups and downs), it would lead to the question, can they be hacked?
No, there isn't. Everybody keeps track of everyone else's rep, but I do imagine that there probably are places where you could probably check on the ups and downs, like a score board.
You can imagine that each of us has a "facebook-like" appliance. In it, there is an option for giving a thumbs up, or a thumbs down. Each time you get a thumbs up, you gain one rep point, and a thumbs down you lose it. So everyone entering your profile may thumb you up or down, depending on how you treated them, what you did, etc. In turn, your own facebook notifies all your friends of the new thumbs up/down, and they update their settings for you. And so it extends through the web of contacts.
Question: How does the process work in the background for increasing someones rep? Say, if I wanted to give Jack Graham some rep in the f-rep area for creating a game for me, where would I turn to give the information that I want to do that? And do I need to give a reason for it?
You would probably go to Jack's profile, and thumb him up to show you appreciate his work. You probably can give a reason if you want to, but it probably isn't obligatory. Of course, this may be different in some habitats.
And how much can I give at one time? What decides if a rep increase is too large?
You give the thumbs up/down for a reason (even if you don't make it public). Each reason has an adequate amount of rep tied to it, and that is what he gets. The last chapter of the book details how much is appropriate on each occasion (don't read it if you are not going to GM!).
Fri, 2010-04-02 02:41
#11
Re: My take on how rep systems work
Question: Who or what keeps track of these rep scores? Is there a system of storage banks throughout the system that constantly transmit rep changes and creations between each other so pinging a rep of someone brings back the correct, or near correct, score for the person in question? If there is a system or set of systems that keeps track of the scores (and reasons for ups and downs), it would lead to the question, can they be hacked?
Reputation networks are decentralized redundant server systems distributed throughout any region where the network is recognized. Any changes to reputation are recorded and cross-referenced to previously existing reputation data, in order to ensure that cheating doesn't occur. People can try to hack a reputation network, but it would involve a great degree of effort (you'd have to hack in and fool every single server on the network, because if a single server realizes the error caused by your hack, all servers will likely be corrected).
Question: How does the process work in the background for increasing someones rep? Say, if I wanted to give Jack Graham some rep in the f-rep area for creating a game for me, where would I turn to give the information that I want to do that? And do I need to give a reason for it? And how much can I give at one time? What decides if a rep increase is too large?
Chances are that people don't actually grant a score per se. Rather, they notify the network of what exactly the person did to deserve a reputation change, and people throughout the network decide how much of a reputation increase or decrease it warrants as a group. In fact, it may be that any given person can only cause a single-point rep increase or decrease, and larger alterations to the score are caused by groups of people reporting about the person's exploits, on account of the fact that larger favors likely help out bigger groups of people.
Tue, 2010-04-06 11:11
#12
Re: My take on how rep systems work
Reputation networks are decentralized redundant server systems distributed throughout any region where the network is recognized. Any changes to reputation are recorded and cross-referenced to previously existing reputation data, in order to ensure that cheating doesn't occur. People can try to hack a reputation network, but it would involve a great degree of effort (you'd have to hack in and fool every single server on the network, because if a single server realizes the error caused by your hack, all servers will likely be corrected).
Ahh.. This is the angle I was looking at. It seemed the most logical to my own warped mind.
Then I guess my follow-up to that would be --> If these servers carrying this info, what is the delay between gaining rep, say on Luna, and then traveling to the outer belt areas and trying to use it very shortly thereafter?
Would it be like a package sent along with your egocast and then the system would ping back for verification from another system node to verify?
Chances are that people don't actually grant a score per se. Rather, they notify the network of what exactly the person did to deserve a reputation change, and people throughout the network decide how much of a reputation increase or decrease it warrants as a group. In fact, it may be that any given person can only cause a single-point rep increase or decrease, and larger alterations to the score are caused by groups of people reporting about the person's exploits, on account of the fact that larger favors likely help out bigger groups of people.
This seems a reasonable tact. But if the systems are monitored by a group of people, then there would be a good adventure awaiting in the respect of trying to manipulate the "watchers" to ones own benefit. So, then with all things human, the weighting factors for the reasons for rep increases could be manipulated/abused by unscrupulous people. Albeit, that wouldn't last long due to constant internal checking.
Tue, 2010-04-06 11:41
#13
Re: My take on how rep systems work
Ahh.. This is the angle I was looking at. It seemed the most logical to my own warped mind.
Then I guess my follow-up to that would be --> If these servers carrying this info, what is the delay between gaining rep, say on Luna, and then traveling to the outer belt areas and trying to use it very shortly thereafter?
Would it be like a package sent along with your egocast and then the system would ping back for verification from another system node to verify?
Remember that reputation networks rely on its community of members to actually update any one person's reputation score. In order for you to get the rep you gained, the guy you did the favor for needs to post about it. In that sense, the speed you get your rep is also largely reliant on how little your clients and allies procrastinate on reporting what you do.
If I had to put an average on it, I would say that your reputation would likely fully update in all regions of the system in about 2 weeks. This could be sped up to about 1 week if you can get people off their lazy metaphorical asses and tell them to blog your deeds on the network.
This seems a reasonable tact. But if the systems are monitored by a group of people, then there would be a good adventure awaiting in the respect of trying to manipulate the "watchers" to ones own benefit. So, then with all things human, the weighting factors for the reasons for rep increases could be manipulated/abused by unscrupulous people. Albeit, that wouldn't last long due to constant internal checking.
Well, the watchers of a network are the people on the network themselves. Everybody acts as a watcher. Think of it in a lot of ways like something akin to Wikipedia. Anyone who feels like it can contribute and help maintain the integrity of the reputation network. You would have to manipulate every single person on the network to ensure that you'd be able to maintain your network gain... and at that point, you've probably earned that rep bonus simply by merit of showing how awesome you are to the entire network solely for the purpose of "hacking" it.
Tue, 2010-04-06 12:05
#14
Re: My take on how rep systems work
Thanks Decivre. I think that's about it for my questions in the area of rep for the time being.
+1 for you! ;p
Mon, 2010-04-12 21:00
#15
Re: My take on how rep systems work
No, there isn't. Everybody keeps track of everyone else's rep, but I do imagine that there probably are places where you could probably check on the ups and downs, like a score board.
You can imagine that each of us has a "facebook-like" appliance. In it, there is an option for giving a thumbs up, or a thumbs down. Each time you get a thumbs up, you gain one rep point, and a thumbs down you lose it. So everyone entering your profile may thumb you up or down, depending on how you treated them, what you did, etc. In turn, your own facebook notifies all your friends of the new thumbs up/down, and they update their settings for you. And so it extends through the web of contacts.
What I'm wondering is, does the listing all the networks you belong to show up when some person do a mesh/AR check on you? (and reciprokely)
that could be problematic in some cases.
for exemple, in a Planetary Consorsium habitat, a team of Mercurian Shield is doing an ID control.
if you got some @-rep, it would raise some flag. but what about the G-rep? would that get you stacked in simulspace cell faster than you can spell "Kovacs"?
it could also be a source of annoyance.
Imagine a young woman who spent years on a scum barge, but wanting out really bad, and having a job in a respectable hypercorp. So she works her arse off, earning enough rep and creds to get an egocast to a PlanCon habitat. She writes resume and letters, and eventually secure an interview. She rocks it, until the rep she earned on the barge shows up.
"Ah, Miss, with such a resume, I think you'll fit right with us at Eden. Now, I only need to do a quick rep check for the accounting and HR department. *does the check* "Aaah, miss, I see you have some rep in the anarchist network. I'm afraid this is against the policy of the company to hire people whom relationships could present a security risk. aah such a shame, but I have no choice. good luck with your job hunting."
I guess you can get your muse to check some rep in particular, either for security measure or recruitment
how does the interface look like?
I like the idea of a 'Mesh facebook'
Tue, 2010-04-13 09:54
#16
Re: My take on how rep systems work
I don't really think every rep system works the same, and I regard rep-points as something of an abstraction, more like skill points then credits.
But generally speaking, I don't think rep gets you into trouble. G-Rep is probably a closed system that you get into by invitation, so most cops shouldn't have access to the specifics. I imagine that getting deep enough into the network to know why someone has a high G-Rep requires a pretty high G-rep itself.
It's also worth noting that people who aren't actually criminals sometimes have g-rep. For example, the freelance journalist template in the core book has g-rep, probably because he knows a few criminals, is willing to trade bits of information when he can, and he means it when he says something's off the record he means it.
@-rep is probably an open system that anyone could sign up for, but again, there's a lot of ways to gain it. In your example, she could probably explain that she used to do a lot of work with an Extropian trade consortium, and they pumped her rep.
It's also worth noting that you can attach your reps to a fake ID. For example, I have a player in my game who's an anarchist activist in the inner system. He has one ID with a C-Rep of 50 and another ID with an @-Rep of 100. If he's going around under his cover ID, most people assume that he's a good lunar citizen.
Fri, 2010-04-16 13:26
#17
Re: My take on how rep systems work
I could see G-rep would be a closed network, where not even those with reps on the network knowing what their G-rep is. Somebody who gave somebody in Guanxi a ride in their cab/shuttle would probably earn some g-rep for it, but might never know.
People are less likely to end up on more specialized networks, like RNA or The Eye, but if you design an amazing AR suite, you're likely to earn rep on @-rep, c-rep, f-rep and g-rep. A local crime boss who liked your suite is likely to give you a bit of rep for it. It won't be much, but it will make getting a favour a little easier. "You have made the don's life happier. Therefore, we shall help you."
A hypercorp hiring agency is less likely to care about a potential employee's positive @-rep entries (indicative of being a good citizen and competency), and more about any negative @-rep entries (Does the individual not play well with others? Are they incompetent?) and most importantly, negative c-rep entries (which is where you'd find things that really annoy the hypercorps, like sabotage).
Sat, 2010-04-24 13:48
#18
Re: My take on how rep systems work
RNA? Specialized?
You get r-rep any time you release a new program onto the market, particularly when it goes open-source.
Sat, 2010-04-24 21:09
#19
Re: My take on how rep systems work
By specialized, I mean that it concerns itself with scientific matters, rather than day-to-day affairs. You'd earn r-rep by helping wash test tubes, but not for, say, mowing the Martian scientist's lawn. If you needed an extension on your fab materials quota, you could use your @-rep on almost anyone in the outer system, but your r-rep would only work on a scientist/technologist, and even then maybe only if you're planning on using it to advance scientific/technological ends.
i-rep is similar - you earn it for performing Firewall related activities, and that's where you'd mostly use it, too. An outsider might earn a small amount for helping a Firewall agent, but only if they were on the job at the time. At the same time, you might also give them some @-rep or c-rep (or both!), depending on where you are, and how secret your activities at that time were.
@-rep and c-rep are just much more general-purpose, and which you use depends more on who or where you are, rather than what you do, or are trying to do.
Sun, 2010-04-25 21:58
#20
Re: My take on how rep systems work
I could see G-rep would be a closed network, where not even those with reps on the network knowing what their G-rep is. Somebody who gave somebody in Guanxi a ride in their cab/shuttle would probably earn some g-rep for it, but might never know.
I don't think this is the case. Afterall, what sense is there in having a high rep if people can't see it and act accordingly?
As for closed-rep systems, I imagine there will be a mix of private networks (Firewall's rep, for example, is secret, or else people would no probable members of the organization just by checking their profile), public (like c-rep, which probably holds no secret lines, as corporations would be interested in keeping updated on law-abiding citizens); still, there would probably be others that remain in the point between both, where rep scores would be visible, but not what made them rise or lower or who did it (g-rep would work this way, for example).
Sun, 2010-04-25 23:31
#21
Re: My take on how rep systems work
I don't think this is the case. Afterall, what sense is there in having a high rep if people can't see it and act accordingly?
Aah. I worded that badly. Where people with rep on the network don't *necessarily* know what their reps are. You're right that a write-only rep network makes no sense, and anybody who actively participates in the network would have to have access.
The whole thing is probably tied up with crypto, forming a weak chain of trust. If someone trusts you, they'll share the private key with you, and as you get more trusted and/or become a bigger fish, you get access to more details. Low level might be "So-and-so has gotten so many positive ratings", medium level might give safer reasons, and high level gives the details that could get someone in trouble. Different regions might have different sets of keys, so that an outer system criminal might need to get an inner system criminal to vouch for them before they get access to the Martian g-rep servers, assuming that their reputation doesn't precede them.
Fri, 2010-04-30 22:26
#22
Re: My take on how rep systems work
The whole thing is probably tied up with crypto, forming a weak chain of trust. If someone trusts you, they'll share the private key with you, and as you get more trusted and/or become a bigger fish, you get access to more details
I am not sure if it would work quite that way - if you share your private key with someone you also make it far more likely that private communications could be compromised, and digital signatures could be forged. It might work something like the PGP web of trust: people sign your public key and upload the signatures to publically accessible servers. The more signatures you have on your public key, the more your identity is trusted. The more people who have relatively high reputation scores on their public keys who sign yours, the more information you would be granted access to.
__________________
I am everywhere.
Sat, 2010-05-01 00:25
#23
Re: My take on how rep systems work
I am not sure if it would work quite that way - if you share your private key with someone you also make it far more likely that private communications could be compromised, and digital signatures could be forged. It might work something like the PGP web of trust: people sign your public key and upload the signatures to publically accessible servers. The more signatures you have on your public key, the more your identity is trusted. The more people who have relatively high reputation scores on their public keys who sign yours, the more information you would be granted access to.
Yeah, public key would work better. You might also be able to do what you're describing with key splitting. You're given pieces of keys, and once you have enough pieces, you can start decrypting (and encrypting?) certain things. Once you have enough key pieces, you can also learn about the necessary channels to get your own key pieces. Perhaps we can assume Sufficiently Advanced Mathematics, so that the key pieces that you're given are tied to your public key, so you'll need your private key to decrypt the result. This would prevent two or more people from just pooling key pieces, forcing each person to get vouched by enough other people.
Sun, 2010-05-02 16:09
#24
Re: My take on how rep systems work
I think that the key is public to the individuals identified as friends of the character and secret to everybody else.
like on social sites where galleries are locked for anybody who aren't in the friend list
or google docs, or Second Life where you give edit or access rights to certain people you trust.
that's especially true for situation in which you try to keep quiet about something. the negative modifier symbolizes the complexity of the crypting algorythm.
Tue, 2010-05-04 14:47
#25
Re: My take on how rep systems work
Yeah, public key would work better. You might also be able to do what you're describing with key splitting. You're given pieces of keys, and once you have enough pieces, you can start decrypting (and encrypting?) certain things. Once you have enough key pieces, you can also learn about the necessary channels to get your own key pieces.
That seems fairly accurate - check out a few articles on secret sharing algorithms.
Perhaps we can assume Sufficiently Advanced Mathematics, so that the key pieces that you're given are tied to your public key, so you'll need your private key to decrypt the result. This would prevent two or more people from just pooling key pieces, forcing each person to get vouched by enough other people.
An excellent way of describing strong cryptographic systems, actually..
The easiest way to do that would be to run a private key through a secret sharing algorithm to divvy it up, encrypt some of the fragments to a public key, and distribute them somehow. Barring someone throwing an EP quantum codebreaker at it, the character could then decrypt them with the character's private key when necessary.
__________________
I am everywhere.
Wed, 2010-05-05 11:44
#26
Re: My take on how rep systems work
The easiest way to do that would be to run a private key through a secret sharing algorithm to divvy it up, encrypt some of the fragments to a public key, and distribute them somehow. Barring someone throwing an EP quantum codebreaker at it, the character could then decrypt them with the character's private key when necessary.
What I was thinking of: K is the key to access details of a given trust level. You win the trust of a person with access to K, and so they give you Split( Encrypt( K, Your public key ), Some unique value ). Once you get enough of these fragments, you can call, say, Decrypt( Merge( F_1, F_2, ..., F_n ), Your private key ) and get back K, which gives you access to those parts of the network, and also allows you to start granting key fragments to other people.
If you try to collaborate with another person to collect key fragments, it won't work since the fragments are for different keys.
This might be what you were getting at. The Sufficiently Advance Mathematics I was thinking of was where you were awarded fragments for unencrypted keys for trust levels you haven't reached yet, and the method for splitting the key was commutative with encryption, but only once. I.e. the key fragments have some property that allow them to commute with encryption, but this property is lost in the process, preventing you from decrypting the result in the same manner.
That way, a criminal with 100 friends could get access to a higher trust level, without having to actually deal with a higher trust level criminal, while preventing two criminals with 50 friends from doing the same. I'm not sure if that's a feature or a bug. It probably depends a lot on the goals of the network.
There are some major things you are missing. First off, there are, in fact, going to be some people who will be publicly open with their identity as criminals. Much like today with gangs and other such groups, people involved will act with bravado, either because they no that nothing can be pinned on them or because they know that the strength of the organization they are involved in will keep them safe. Either way, not everyone has to hide their identity.
Secondly, you have to remember that reputation does not necessarily have to involve acts akin to the network involved. Transporting someone to the outer system doesn't strike me as criminal, but doing so for one of the major bosses in the Night Cartel is likely to get you registered in Guanxi as a reliable hauler for at least a couple rep.
Lastly, rep is tied to your actual ID, not your Mesh ID. Rather than thinking akin to MAC Address, you should be thinking akin to driver's licenses. People who want to keep their reputation incognito simply have to go through various channels to keep it secure: purchasing a fake ID to tie their rep to, getting another morph to use when acting as that person, and using different mannerisms will go a long way to granting someone a new identity, and therefore different rep score as a different person. Can someone try to spoof that? Possibly, but the ramifications of being caught will be immense.
As for MeshID, it's a bit more complicated than you think. MeshIDs are equivalent to your phone number, username and email address in one. They already are tied to a public key, and probably use it for verification purposes. While creating a new MeshID should be easy (and hackers will likely go through them like candy bars), imitating someone else's ID should not. Also, while public keys encryption can be broken, it does take a while to decrypt a file encrypted with one, and being able to crack it in a week when you need verification in 10 seconds doesn't help. Smart users likely update their public and private keys constantly, so quantum codebreaking isn't really a threat.
"Question with boldness even the existence of a god; because, if there be one, he must more approve the homage of reason, than that of blindfolded fear." - Thomas Jefferson, Letter to Peter Carr, 1787
"That sounds like heresy. We're going to wipe you from the history books for that crap!" - Texas Board of Education, Ruling on March 12th, 2010