EvoSec 2025W Lecture 15

Readings

• Obada-Obieh, "“Don’t Break My Heart!”: User Security Strategies for Online Dating." (USEC 2017)
• Obada-Obieh, "Can I believe you?: Establishing Trust in Computer Mediated Introductions." (NSPW 2017)

Discussion Questions

• How different is dating from other introduction problems today?
• How central is reputation to the problem of CMI? To what extent is reputation scalable?
• How generalizable is the concept of computer-mediated introductions? Could a search engine be a form of CMI, but for websites, not people? What about advertisements, such as political advertisements?

Notes

Lecture 15
----------

G1
 - dating is long term, but other introductions are more short term
   - could star ratings work for dating? probably not...unless looking for hookups
   - could penalize new daters who have a bad first date
 - reputation is the primary factor in CMIs
   - record of many positive interactions -> increased trust
 - human->website intro, goes back to narrative auth
 - website->website, could use star rep system
 
G2
 - uber closest to online dating, but time duration is very different
   - amount of trust in dating is much higher than every other CMI
 - stars definitely influence interactions
 - behavior depends on context (kid at school vs at home)
 - search engine is a form of CMI
 - no matching in the actual ad, but ad targeting is a kind of CMI

G3
 - dating differs in how much info you have to reveal versus other CMI
 - reputation is central to CMI - uber, ebay, etc
 - ratings are not so objective in dating
 - reputation exists all over the place - e.g., online search
 - CMI is definitely part of online advertisements

G4
 - dating is a game problem: incentives for honesty, minimal communication, and deception depending on the party
 - what are acceptable lies in an online profile?
   - applies to other CMI problems
   - advertisers are willing to fudge the truth!
 - reputation is the most important factor in CMI
   - how you calculate trust is very important, flaws will be exploited by adversaries
 - search engines & advertisements, both CMIs
   Dating: put out info to get a good match, limit info to maintain safety
   search engines have different incentives but still there are opposing goals
 - web sites don't need to make trust judgements of search engines, different from dating and other CMIs

Question: how could you game dating app reputation systems?
 - get your friends to join <- difficult to stop
 - sock puppet accounts <- only if auth can be gamed

Why do we care about reputation? When is it important?
 - we use it to mitigate risk
   (placing ourselves in a vulnerable situation)
 - risk & relative power

Reputation is problematic with the Internet today, I think.
 - AI
 - fraudulent reputation signals (e.g., paid reviews, sock puppets)
 - bots, automated attacks on reputation systems

If reputation doesn't scale in an evolutionarily stable way
 - efforts to scale reputation will be attacked and circumvented over time