Loomio
Wed 6 Aug 2014 3:25AM

"Managed" trust

ST Simon Tegg Public Seen by 158

I want to get feedback on the "managed trust" concept we've been talking about.

I've been assuming that:
* post-snowden people are more concerned about data privacy.
* people are also concerned about large providers with access to all the personal data they host.
* A partial but workable solution to this problem is for "managed trust" groups to host their own data
* "managed" trust groups are groups with collective identities where people have close working relationships (like Enspiral).
* If you're hosting your own data, you might as well share that data between different apps (starting with login, profile, and group data etc) and also avoid tiresome admin work like maintaining manually sync'd data across several apps.

Groups like this would be our main target market and form the nodes in the Open-App network.

Offline and her comments in the comms doc, Alanna made a really good point that "maximised trust" groups have lots of efficiency gain. Enspiral managed to avoid a lot of bureaucracy by...trusting each other.

This sets the Open-App apart from other decentralised web projects that assume "zero trust" and need lots of strong cryptography and anonymity and other technical hurdles to make them work.

What do people think about this?

M

Mikey Wed 6 Aug 2014 4:21AM

i'll see if i can explain it another way, in case it helps anyone. we are interested in "managed-trust" decentralized systems, which are different from "zero-trust" distributed systems.

in "zero-trust" distributed systems like Bitcoin, Ethereum, or MaidSafe, the intent is to only have to trust cryptography and the algorithms that run the network. this lack of trust comes at a cost, which is usually increased duplication. for Bitcoin this cost is huge amounts of duplicate CPU work in Proof-of-Work cycles, or in MaidSafe this cost is huge amounts of duplicate data.

in "managed-trust" decentralized systems, we hope to centralize the system on our identities, both us as a person and us as a member of groups. between these identities, we hope to create trust relationships. these trust relationships form the topology of the network, so if we are sharing resources (CPU, data, food, shelter, ...), we can share directly instead of through a global network. this does mean though that we have to trust cryptography, the algorithms, and the identities we have trust relationships with.

JV

Joshua Vial Wed 6 Aug 2014 4:40AM

Agree with the concept but I would use the word high-trust rather than managed trust.

ST

Simon Tegg Wed 6 Aug 2014 5:03AM

"High Trust" also works.
Not everyone in Enspiral has "high" trust with every other person. New contributors for example.

JV

Joshua Vial Wed 6 Aug 2014 6:05AM

true, but if you take the average trust in the group it is a lot higher than most.

C

charlie Wed 6 Aug 2014 6:10AM

"Higher-than-average trust" :)

ST

Simon Tegg Wed 6 Aug 2014 6:38AM

Enspiral: higher trust than your average sloth of bears

I think "managed" was getting at the delegation of trust to group admins and specific individuals.

M

Mikey Wed 6 Aug 2014 7:13AM

yeah, i used "managed-trust" instead of "high-trust" because not every trust relationship has to be a high value, it's managed by you to be any value.

i'm good with whatever people think is best, but keep in mind that not every group will be as trusty as Enspiral, think if the region of Wellington were a group.

ST

Simon Tegg Wed 6 Aug 2014 8:23AM

@ahdinosaur I'm not sure what you mean by "managed by you to be any value"

M

Mikey Wed 6 Aug 2014 8:28AM

for example,
- i trust Simon 0.7 (on a scale from 0.0 to 1.0).
- i trust Enspiral 0.5.
- i trust Boris 0.6 with his skill in javascript
- i trust a lot of people with letting me sleep at their place. :)

i'm using trust in the following structure:
- who you trust (a person or group)
- how much you trust (variable value from 0.0 to 1.0)
- about what do you trust (any thing)

trust forms a web:
- if i trust you, and you trust Bob, then i trust Bob some decayed value of our trust.
- if you are a member of a group i trust, then it's the same as if i trusted you with the same value.

also, trust endorsements can decay. think about reviews of restaurants on Yelp, good reviews are a better indicator than old reviews.

then, we can leverage our trust while we offer:
- i offer anyone i trust with ($500 * (trust value ^ 2)) of personal IOUs in exchange for their personal IOUs.
- i offer anyone i trust with (10 GB * trust value) of their data duplicated on my machine in exchange for my data on their machine.
- i offer anyone i trust more than 0.35 to use my car in exchange for either a shared group currency or a personal IOU.

or while we request:
- i request anyone who trusts me more than 0.3 and i trust more than 0.1 to have me over for meal one day every 2 weeks in exchange for either a shared group currency or a personal IOU.
- i request anyone who trusts me more than 0.5 and i trust more than 0.3 to let me sleep on their couch one week every 12 weeks in exchange for either a shared group currency or a personal IOU.

trust can also relate to who we allow access to our data:
- i allow Derek to access all of my data
- i allow anyone who i trust more than 0.7 to access all of my data
- i allow Enspiral to access my photos
- i allow anyone who i trust more than 0.4 to access my photos

then there's also negative trust, from -1.0 to 0.0, that can signal intentions such as bad reviews or permanent blocks.

last but not least, i'm sure someone is wondering "how can you reduce a relationship to a number!?" well... yeah, at least i think it's better than a binary (trust / no-trust). if we want the numbers to be more accessible we can always hide them behind words (1.0 is "love", 0.5 is "like", 0.0 is "meh", -0.5 is "sucks", -1.0 is "fuck off", etc).

this turned into a much longer post, hehe. i hope it makes the idea of how we can "manage trust" more clear. even if the above features are dream features, it does suggest the possibility of systems based on trust.

CS

Caroline Smalley Wed 6 Aug 2014 4:38PM

what creates the trust values? developed overtime like a credit rating? each action (such as sending a particular person a photo, or file sharing/co-writing a blog) adds to the score, which has a demorage system of sorts, so values don't 'get stale'.

as for protocols, see last comment on backbones = cms. our intention is to incorporate a commons based governance agreement that would be managed through P2P. the initiative i'm working on is oriented around a co-op. when members join, they'll be required to 'sign' an agreement, which would in turn increase trust value.

Load More