The good bit

I've been thinking recently about the problem of online reputation. I wrote about this a while back in Anonymity and democracy, where I argued that the main problem is the assumption that identity has value. When the cost of creating an identity is less than the inherent value you give it, you've created a loophole in your system that people will exploit. But even if you require users to earn value on your system, how does that translate to other systems?

This seems particularly relevant in the context of Cloudflare's problems with Tor. Tor makes users anonymous, breaking the association between IP address and user. That's good because you can't really have privacy if every site you visit knows your address, but it's bad because that address is used to maintain a user's reputation. Cloudflare disproportionately shows CAPTCHAs to Tor users, because there's no way to tell who each request is from. By using CAPTCHAs, they add a human time cost to each new user, which removes the loophole.

It would be nice if you didn't have to start from scratch on every site, but instead could carry your reputation with you. The problem with that is you would be giving up privacy, because that reputation could be used to track you, or correlate your identities across multiple sites. One fairly robust solution to this would be an evil bit, which you set on your messages to mark them as malicious. Unfortunately, it only works if all the malicious actors cooperate. But could we make a good bit?

I'm imagining a good bit being a token that each site hands out to users with a good reputation. For many sites that would just mean that the user has logged in, but you could also have more sophisticated levels of reputation, like a user with a long account lifetime, verified email, or who has proved their value in some way. You would collect a bunch of these tokens from different sites you use. These good bits don't say anything about who you are, just that the site is willing to reputationally vouch for you.

To make something like this actually resistant to different sites colluding to figure out your identity would require some kind of clever asymmetric crypto scheme, but I think it should be possible. Essentially you'd need to prove you've been issued a good bit but not reveal which one it is. You'd also need some kind of revocation or expiry/renewal system. Ultimately the whole thing could fall back on existing CAPTCHA or account-based reputation systems, so false negatives wouldn't be so bad, and individual sites could have their own set of rules for which sites' good bits they trust and how much.

This definitely seems like a problem worth looking into; our virtual identities are getting more and more sophisticated, and if we want to keep building privacy into our systems we're going to have to find better systems for reputation.