EvoSec 2025W Lecture 15: Difference between revisions

From Soma-notes
Created page with "==Readings== * [https://homeostasis.scs.carleton.ca/~soma/pubs/obada-usec2017.pdf Obada-Obieh, "“Don’t Break My Heart!”: User Security Strategies for Online Dating." (USEC 2017)] * [https://homeostasis.scs.carleton.ca/~soma/pubs/obada-nspw2017.pdf Obada-Obieh, "Can I believe you?: Establishing Trust in Computer Mediated Introductions." (NSPW 2017)] ==Discussion Questions== * How different is dating from other introduction problems today? * How central is reputat..."
 
No edit summary
 
Line 11: Line 11:


==Notes==
==Notes==
<pre>
Lecture 15
----------
G1
- dating is long term, but other introductions are more short term
  - could star ratings work for dating? probably not...unless looking for hookups
  - could penalize new daters who have a bad first date
- reputation is the primary factor in CMIs
  - record of many positive interactions -> increased trust
- human->website intro, goes back to narrative auth
- website->website, could use star rep system
G2
- uber closest to online dating, but time duration is very different
  - amount of trust in dating is much higher than every other CMI
- stars definitely influence interactions
- behavior depends on context (kid at school vs at home)
- search engine is a form of CMI
- no matching in the actual ad, but ad targeting is a kind of CMI
G3
- dating differs in how much info you have to reveal versus other CMI
- reputation is central to CMI - uber, ebay, etc
- ratings are not so objective in dating
- reputation exists all over the place - e.g., online search
- CMI is definitely part of online advertisements
G4
- dating is a game problem: incentives for honesty, minimal communication, and deception depending on the party
- what are acceptable lies in an online profile?
  - applies to other CMI problems
  - advertisers are willing to fudge the truth!
- reputation is the most important factor in CMI
  - how you calculate trust is very important, flaws will be exploited by adversaries
- search engines & advertisements, both CMIs
  Dating: put out info to get a good match, limit info to maintain safety
  search engines have different incentives but still there are opposing goals
- web sites don't need to make trust judgements of search engines, different from dating and other CMIs
Question: how could you game dating app reputation systems?
- get your friends to join <- difficult to stop
- sock puppet accounts <- only if auth can be gamed
Why do we care about reputation? When is it important?
- we use it to mitigate risk
  (placing ourselves in a vulnerable situation)
- risk & relative power
Reputation is problematic with the Internet today, I think.
- AI
- fraudulent reputation signals (e.g., paid reviews, sock puppets)
- bots, automated attacks on reputation systems
If reputation doesn't scale in an evolutionarily stable way
- efforts to scale reputation will be attacked and circumvented over time
</pre>

Latest revision as of 19:21, 6 March 2025

Readings

Discussion Questions

  • How different is dating from other introduction problems today?
  • How central is reputation to the problem of CMI? To what extent is reputation scalable?
  • How generalizable is the concept of computer-mediated introductions? Could a search engine be a form of CMI, but for websites, not people? What about advertisements, such as political advertisements?

Notes

Lecture 15
----------

G1
 - dating is long term, but other introductions are more short term
   - could star ratings work for dating? probably not...unless looking for hookups
   - could penalize new daters who have a bad first date
 - reputation is the primary factor in CMIs
   - record of many positive interactions -> increased trust
 - human->website intro, goes back to narrative auth
 - website->website, could use star rep system
 
G2
 - uber closest to online dating, but time duration is very different
   - amount of trust in dating is much higher than every other CMI
 - stars definitely influence interactions
 - behavior depends on context (kid at school vs at home)
 - search engine is a form of CMI
 - no matching in the actual ad, but ad targeting is a kind of CMI

G3
 - dating differs in how much info you have to reveal versus other CMI
 - reputation is central to CMI - uber, ebay, etc
 - ratings are not so objective in dating
 - reputation exists all over the place - e.g., online search
 - CMI is definitely part of online advertisements

G4
 - dating is a game problem: incentives for honesty, minimal communication, and deception depending on the party
 - what are acceptable lies in an online profile?
   - applies to other CMI problems
   - advertisers are willing to fudge the truth!
 - reputation is the most important factor in CMI
   - how you calculate trust is very important, flaws will be exploited by adversaries
 - search engines & advertisements, both CMIs
   Dating: put out info to get a good match, limit info to maintain safety
   search engines have different incentives but still there are opposing goals
 - web sites don't need to make trust judgements of search engines, different from dating and other CMIs

Question: how could you game dating app reputation systems?
 - get your friends to join <- difficult to stop
 - sock puppet accounts <- only if auth can be gamed

Why do we care about reputation? When is it important?
 - we use it to mitigate risk
   (placing ourselves in a vulnerable situation)
 - risk & relative power

Reputation is problematic with the Internet today, I think.
 - AI
 - fraudulent reputation signals (e.g., paid reviews, sock puppets)
 - bots, automated attacks on reputation systems

If reputation doesn't scale in an evolutionarily stable way
 - efforts to scale reputation will be attacked and circumvented over time
Retrieved from "https://homeostasis.scs.carleton.ca/wiki/index.php?title=EvoSec_2025W_Lecture_15&oldid=25033"