Ask HN: Are there web-of-trust style online communities?

6 points by interroboink 11 hours ago

I have this idea that's been rattling around my head lately, whenever I get depressed about the quantity of drek I have to wade through online. And I wonder: has anyone implemented something like this? I had a hard time finding existing projects that match it.

Here's the idea:

We have a solid existing mechanism for digital signatures: I can publish a public key, and if I sign my communications with it (such as this post, for instance), you could be sure that only the owner of that private key could have written it.

I could go around collecting public keys of other people online, and I could associate some "trust" value with each one. I could publish my list (and sign it), and others could perhaps say "I trust you, so I'll trust the people you trust a bit as well".

In this way, a web of trust grows, and we could use this information to filter the crap we encounter. If someone "backstabs" and starts spewing adverts from their previously-trusted persona, communities could adjust their trust values to punish that behavior.

Basically, it's the same thing we do in daily life, with our interpersonal relationships, just made explicit and cryptographically secure.

----

I realize there's PGP, and it's "web of trust" concept, and it's close but not the same. As I understand it, that's based on "key signing parties" where you verify that someone is who they say they are. It has a notion of physical identity. What I'm describing doesn't care about that; you could have 100 anonymous online personas, and what matters is only how they behave, not what physical person they're tied to. Also, you'd use associated trust values to rank info you see, rather than having a yes/no verification. Also also, PGP was a UX disaster, so I'd want something much easier-to-use.

I realize that it could be abused (eg: witch hunts), but I don't see it as being worse than what can happen in real life.

I'm also aware of things like China's "Social Credit System"[1]. But that is a centralized system. What I'm describing would be controlled by each individual.

[1] https://en.wikipedia.org/wiki/Social_Credit_System

tryauuum 11 hours ago

you don't need any keys for trust, you can imagine a centralized system and "trust" can be expessed as "adding person to your friends list". Then you the social network recommends you posts of the friends of your friends

what I'm trying to say, I think you don't need public keys to organize content filtering

and to answer the titular question: I don't know such a community. maybe it's possible to use an existing social network and add extra javascript on top to filter posts based on your "web of trust"?

  • interroboink 11 hours ago

    > you don't need any keys for trust, you can imagine a centralized system ...

    I guess part of the essence of what I was trying to describe was that it's non-centralized. Otherwise, you have to trust some entity to unilaterally behave well, now and forever. But fair point; something like this could be implemented in someone else's walled garden. I wouldn't trust it though :p

    Famously, there have been cases of reddit admins modifying people's comments secretly. A digital signature would defeat that (even if it's hosted on "hostile" servers).

    Since you mentioned JS overlays... One thing that is somewhat similar is using RES[1] on reddit. When you upvote/downvote a person's post, it keeps track of a total +/- count for each username, and displays it next to it in the UI. This isn't quite trust, but it is a kind of "my opinion of this user, gathered over time" overlay... There's also no notion of sharing this info with others.

    [1] https://redditenhancementsuite.com/

    • tryauuum 10 hours ago

      I still feel kind of disenchanted about technology. A founder who punishes and fires employees who delete and modify comments can create a decent website faster and easier. Without any cryptograpghy.

      And, since the website also has a reputation of its own people won't want any of the cryptography if they trust the website

      The only downside is when the website owner dies eventually it can all go to hell, it's hard to enforce your principles after the death.

      ---

      reading your comment again, I think you want to much: you want to see less lower-quality posts and the solution has to be decentralized. I think just not visiting social media can improve your daily life. If only I could follow my own advice though...

bobbiechen 11 hours ago

Perhaps Lobsters? https://lobste.rs/about#invitations

>The full user tree is public and each user's profile shows who invited them. This provides some degree of accountability and helps identify voting rings.

For a single community like Lobsters, you don't need the digital signatures part at all.

Keybase https://keybase.io/ has a feature to help you aggregate different identities/accounts, though I'm not sure how active it is after their acquisition by Zoom in 2020.

  • aborsy 4 hours ago

    Keybase was a pretty good idea, but it’s no longer much developed since 2020.