Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The problem with those is always going to be sybil attacks: anyone can create tons of accounts and upvote themselves. Even cross-verification can be defeated: you just make a small network that upvotes each other in some obfuscated manner.

I think there are only two long term solutions:

- Introducing some kind of proof of work -- e.g. you do work to downvote/upvote;

- Some very "localized" reputation -- e.g. you trust the friends of your friends more.

Those ideas are behind the Bitcoin protocol and the Web of Trust, respectively.

In this case each would have it's problems: proof of work is inefficient by design and needs a good hash function not to be exploited; local reputation by design makes it hard to find new/unrelated content.



I don't think "proof of work" works here because upvoting/downvoting content needs to be cheap... how do you make it expensive for a dedicated malicious force but cheap for legitimate ratings? Proof-of-work as a sort of "sign-on" to enable propagating a new "account"? That is, you need to have 1 Ghz-hour of wasted computation in order to introduce a new cryptographic hash into the network as a sort of "payment to create an account"? Again, a dedicated spammer could have a machine farming accounts 24/7 while this "payment" to create an account would be frustratingly expensive to a new user.


The user wouldn't have to pay anything to create an account, just to vote. Sure, spammers can farm large amounts of reputation through botnets, but that's really expensive: you're putting a cost on it. The returns are already not so high for disseminating this kind of spam.

Having no reputation wouldn't mean you can't do anything -- just that what you do is less trusted and has lower priority.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: