Trust’n Me: Aaron’s First Day at WWW
by Aaron Mannes
Sorry to be so far behind everyone else on blogging about the WW2006, but this has been my first chance to really sit down and write. Let me just begin by saying that I had a terrific time and learned a great deal more than I thought I would. My lack of technical knowledge is well known at the lab, but I think that occasionally allowed me to bring some fresh perspective.
(I arrived the day before and spent a very nice day tramping around Edinburgh – my adventures as a tourist will be posted on one of my blogs – I’ll post a link when it is ready.)
I spent Monday, May 22, at the Models of Trust for Web (MTW’06) workshop. The program and papers are posted online, so I’ll just cover some highlights.
As any MINDSWAPPER can imagine, the shadow of Jen Golbeck loomed over the proceedings – particularly for me since I had co-authored a paper with her. I presented second, breezing through Jen’s work, and focusing on how intelligence analysts and agencies could use a trust network. I wasn’t sure if I was viewed as interesting or irrelevant, but I got a few questions (a good sign I guess) and was approached independently by several people with more questions. (Most of them really wanted to talk to Jen.) A few of these questions focused on the danger that a trust network within the intelligence community would be extremely valuable to enemies who penetrated that community.
The other papers in my session were interesting, but a bit technical for me and I was distracted with my own talk. The first paper proposed a trust network called Konfidi, which uses PGP connections, and cited Jen heavily. The paper following mine discussed new ways to measure trust that included relevant concepts like distrust, ignorance, and inconsistency.
During the mini-panel of the presenters an interesting question came up – what exactly is the number we call a trust value representing? Was Trust really Respect, Probability (as in the likelihood that the person would do what they said) or some other concept? Obviously no firm conclusions were reached, but it was satisfying for me nonetheless. In the original version of our paper I had conflated Probability (which I use on my PiT) with Trust. The paper was accepted anyway and I re-wrote my portion appropriately, but I am glad I am not the only one who conflates these concepts.
Session Two was, for me, pretty accessible. The first paper, Propagating Trust and Distrust to Demote Web Spam by a group led by Lehigh University’s Brian Davison, was not about the trustworthiness of individuals but of the graph. It describes alternate ways of propagating trust among websites besides outgoing links. In addition they suggested adding the ability to propagate distrust to supplement trust rankings by penalizing pages pointing to untrustworthy pages. Using different trust probability calculators they ran a series of tests and found that “Logarithm Splitting” and “Maximum Share” are better at demoting web spam than Trustrank.
The second paper, Security and Morality: A Tale of User Deceit looks at the human end of the equation of online trust. First the paper describes some definitions of Trust from the social sciences, noting that computer systems use a rationalist model that may not be useful in the real world. The team ran an experiment with “experienced” computer users and found that people are far more accepting of technical failures than of obvious malevolence. Most importantly, explicit and simple “Do not trust” signs are essential to improving Internet security and that users are bad security managers.
The third paper, Investigations in Trust for Collaborative Information Repositories: A Wikipedia Case Study looked at different ways to calculate trust for Wikipedia articles. The traditional means of using link ratio is insufficient, but a combination of tools including link ratio and, for example, revision history, might provide a better solution.
The post-lunch panels got a bit technical for me. The keynote address on how Yahoo is fighting spam by Ricardo Baeza-Yates discussed how social networks could be employed in the fight against spam by helping to create social disincentives to spam. Also, spammers have social networks of their own so that better understanding of online social networks can help target them. Unfortunately this interesting talk is not available on-line. Ultimately there are no silver bullets. Yahoo employs a combination of algorithmic and editorial techniques to reduce spamming. There was an intriguing question about whether or not Yahoo has spam Red-teamers who develop spam to test spam prevention methods. The speaker said he had no knowledge of such an operation – but interesting to consider.
The last presenter of the day was Alex Tsow who discussed the possibility of criminals installing malicious software on routers, cell phones, motherboards and similar items, selling them online and then using them for identity theft. It was a compelling presentation and he argued effectively that if it hasn’t already happened that it will.
