Hey! Thanks for your feedback. Yes, definitely the Relatr approach is more left side of the curve than Vertex or any other PageRank algorithm. However, the approach that Relatr is following is still consistent since the base of the score calculation is based on the distance between the source pubkey and the target pubkey. In the default instance we are running, the source pubkey is gigi, so in order for an attacker to impersonate someone, it will need gigi to follow them or a gigi's contact to follow it. But the farther the distance, the bigger the decay, so fundamentally an attacker would need to do some social engineering to make it closer to the source pubkey to some degree, which is not easily gameable, especially if the social graph realizes it is an attacker/impersonator and publishes a mute list with the attacker pubkey in it. The other validators are easily gameable in some way, yes, like valid NIP-05, NIP-10002 events published, yes, that's easy to game, but the weight it has in the score calculation is little compared to social graph distance. There are also other validators that aren't easily gameable, like reciprocity (source and target follow each other), and we are thinking in adding some more like zaps and activity. In summary, this is an experiment, but so far it is working pretty well as tie breaker to determine which pubkey is more likely to be an impersonator or the "real" one, and ideally everyone runs an instance that sets their pubkey as source so the trust score comes from their perspective.
On the other hand, yes, the other relevant Jack didn't appear because they weren't being discovered during the first profile metadata sync that Relatr does. This is a bug; it's still early days, but after searching explicitly for them, they now appear as they are added to the metadata DB. Also, when you look for Jack.
glad you solved the bug about the jack's.
About attack's resistance, distance-based WoT is inherently weaker than Pagerank becaus eyou just need one compromised (or lazy) key at distance n to include an impostor at distance n+1.
Instead Pagerank considers distance as well as flow, which is the number of paths that connect a target to a source.
1 path is gonna give much less rank compared to 100 distincts paths, while the distance is going to be the same
That's for sure; the key here is still that the trust is computed from a specific source pubkey. So, if there is a more relevant pubkey in the social graph than the impersonator's, it will rank higher because it will likely have more favorable validators. Definitely, this approach can be improved and strengthened. We could sample distances to a target pubkey from different direct contacts of the source pubkey to get more paths validated. The architecture will allow this thanks to the Nostr social graph lib by nostr:npub1g53mukxnjkcmr94fhryzkqutdz2ukq4ks0gvy5af25rgmwsl4ngq43drvk that we are using.
Thanks for the feedback; it is very appreciated. As we mentioned, this is still an experiment, and we need to keep tweaking it to get more relevant results and metrics.
Thread collapsed
Thread collapsed
