Exploring Decentralised Reputation and Its Use Cases

In an age where digital interactions play an increasingly prominent role in our lives, the notion of reputation has become a central point of discussion. Our actions and interactions on the internet leave a trail of data that is collected, analysed, and transformed into a numerical or qualitative representation of trustworthiness and reliability. This representation, known as our digital reputation, serves as a reference for other participants to make decisions and form relationships.

Traditional centralised reputation systems have long been the mechanism to quantify online trust, but they are not without their limitations. They restrict reputation within the platform, limiting the utility, not to mention issues of bias and vulnerability to manipulation.

On the other hand, decentralised reputation systems and platforms such as Creds aim to decentralise trust and transparency. By leveraging blockchain and verifiable credentials, users and projects can aggregate their reputation and port it, to use across other  platforms and communities, whilst maintaining privacy and security.

Traditional Centralised Reputation System

At its core, reputation is a measure of how much we can trust someone or something while reputation systems are mechanisms designed to assess and quantify this trust. They take reference from data points such as historical performance and user ratings to determine an individual’s or an entity’s reputation score, which allow the other participants or machines to gauge their trustworthiness within the digital ecosystem.

For decades, online platforms have been maintaining and curating these reputations themselves. From e-commerce giants like Amazon and eBay, where user ratings and reviews influence purchase decisions, to the sharing economy platforms like Airbnb and Uber, where user reviews can make or break a host or driver’s business, these systems are ubiquitous. Social media platforms also employ reputation systems to determine the credibility of accounts, with features like verified badges and the notorious ‘blue checkmark’ serving as symbols of authenticity.

Despite their effectiveness in fostering trust within their own platforms, the reputation is often confined within their own boundaries making it challenging for individuals or entities to carry their established trustworthiness from one platform to another. For instance, an account verified on Twitter or X won’t automatically be deemed trustworthy on a different platform, preventing a seamless transfer of trust across the digital landscape.

Worse still, centralised reputation systems can be manipulated by the biases of the platform or the authority managing them. For example, social media content moderation decisions can be influenced by the platform’s terms of service or policies, leading to concerns about censorship or bias against certain groups.

Current Reputation Systems in Blockchain. Not quite there yet…

In the blockchain world, reputation systems are taking on various forms. Some projects such as crypto exchanges still remain largely centralised, evidenced by their absolute power to approve or ban users, while many others leverage blockchain technology to disperse trust assessment across a network of participants. Nonetheless, very few of their reputation systems are fully decentralised because the reputation itself often remains localised within distinct Web3 communities, limiting its transferability and universality. Here are two examples:

1. Non-Fungible Tokens (NFTs)

Non-fungible tokens are unique digital assets that have gained popularity for their use in representing digital identity, and ownership and authenticity of digital or physical items. Within the blockchain space, they can symbolise an individual’s contributions within decentralised applications or communities. However, NFTs themselves do not constitute a decentralised reputation system. While the transactions are recorded on a blockchain, the reputation aspect is community-specific. NFTs signify recognition within the specific niche or application they are associated with, but they may not translate seamlessly to other contexts. The decentralisation is inherent in the blockchain technology but does not automatically decentralise reputation across different platforms or communities.

2. Soulbound Tokens (SBTs)

Soulbound tokens, while representing a person’s identity and achievements in Web3, do not constitute a fully decentralised solution due to their inherent attachment to individual wallets. Each Soulbound token is intricately tied to a specific wallet address, making them directly traceable to their owners, thereby compromising privacy and security. When sharing a Soulbound token, one risks exposing their wallet address, potentially enabling undesirable consequences such as targeted attacks, identity theft, or harassment. In contrast, verifiable credentials, a component of decentralised identity systems, offer a more privacy-centric and secure approach. They allow individuals to selectively disclose information without revealing their entire identity, thereby safeguarding sensitive details while facilitating trust and verification in a decentralised manner, ensuring a higher level of privacy and security in reputation systems. Moreover, since Soulbound tokens are generated and managed within a specific blockchain or digital system, their characteristics, security protocols,  and underlying technologies may differ significantly from one platform to another. This makes it challenging to transfer them seamlessly to other platforms without compromising their integrity and functionality. Despite its visionary goal to manage reputation, many organisations have been pivoting towards verifiable credentials.

3. Ethereum Name Service (ENS)

Ethereum Name Service is a decentralised domain naming system built on the Ethereum blockchain. While it aims to decentralise access to website addresses and enhance the user’s control over their online identity, it too faces challenges in achieving full decentralisation. ENS domain names are registered on the Ethereum blockchain, making them publicly accessible and transparent, raising privacy concerns. The reputation they establish relates to the specific websites they point to but does not encompass a comprehensive decentralised reputation system.

What is Decentralised Reputation — The Golden Trio

Decentralised reputation, in essence, represents a trust and credibility measurement system that operates independently of a central authority or single platform. It leverages blockchain technology to shift control back to individuals, ensuring they can manage and curate their own reputation data. To achieve a truly decentralised reputation, three fundamental aspects must be addressed: portability, privacy, and security.

1. Portability

Portability implies that an individual or entity’s reputation should be portable and recognized across various platforms and communities. This is facilitated by off-chain verifiable credentials, enabling individuals to carry and present their trust-related qualifications consistently across diverse ecosystems, unlike on-chain NFTs and SBTs. When users aggregate their numerous portable reputation,they are able to prove their trustworthiness across the digital landscape. If we have to visualise what portable reputation is, imagine you were holding a digital passport, under the cover all the portable reputations were aggregated to form a universal Web3 reputation profile that entails your trustworthiness in a certain aspect. This passport enables users to carry their reputation with them as they navigate the diverse Web3 landscape.

2. Privacy

Privacy is another paramount consideration in the sphere of decentralised reputation. While blockchain technology upholds the value of transparency through public ledger systems, the exposure of personal information raises serious privacy concerns. To address these issues, decentralised reputation systems must incorporate privacy-enhancing technologies and concepts like proof of personhood. Proof of personhood allows individuals to prove their identity without disclosing all their personal information, ensuring that their reputation assessments can be conducted while preserving their privacy.

3. Security

A decentralised reputation system can achieve security through the implementation of blockchain technology, cryptographic techniques, and decentralised consensus mechanisms, ensuring the immutability and integrity of trust-related data. Decentralisation distributes the responsibility for trust assessment among a network of participants, reducing the risk of manipulation by a single entity. Robust identity verification processes and secure auditability provide assurances of authenticity and transparency. Privacy-enhancing technologies further protect user data while maintaining transparency, collectively fostering trust in the decentralised reputation system’s security and resilience.

While some projects make commendable strides in either one or two of the three areas, attaining all three simultaneously remains a challenge. However, real decentralised reputation should ideally encompass all three aspects. Fortunately, advanced solutions like Creds have developed, empowering individuals or entities to build reputation and take it everywhere in a private and secure manner.

Use Cases of Decentralised Reputation

Decentralised reputation systems represent a fundamental shift in the digital landscape by returning power to the users. Let’s dive into their practical use cases to learn how they will benefit us.

1. Gaming

Decentralised reputation in gaming allows players to build and maintain their gaming achievements, behaviour, and trustworthiness across various gaming platforms. It fosters a fairer and more competitive environment, as players can demonstrate their skills and reliability through their gaming history. It also reduces cheating and promotes better sportsmanship.

2. Entertainment

In the entertainment industry, decentralised reputation helps content creators establish trust and credibility. Artists, musicians, and performers can showcase their work and previous engagements on blockchain, attracting sponsors and collaborators more easily. It also enables fans to verify the authenticity of content and endorsements.

3. KYC (Know Your Customer)

When it comes to identity verification, decentralised reputation plays a crucial role. Users can securely and privately share their reputation credentials to prove their trustworthiness without disclosing sensitive personal information. Financial institutions, service providers, and regulators can rely on these credentials and reputation for compliance while safeguarding privacy.

4. Loyalty

Based on the level of engagement and trustworthiness, companies can offer community members better loyalty programs that reflect their contributions, such as tier based airdrop. In doing so, businesses can foster stronger, more enduring connections with their communities, ultimately making it more effective and driving success in a rapidly evolving marketplace.

5. SocialFi

Decentralised reputation shapes a more interconnected social and financial landscape. Community members’ contributions directly influence their financial opportunities and governance roles. Users with a strong reputation are more likely to access financial services, participate in decision-making, and receive better rewards. Besides, the more trustworthy the individual is on a personal level, the higher chance it is to obtain financially rewarding outcomes across both personal and professional spheres.

6. Certification & Endorsements

By employing blockchain and decentralised reputation technologies, companies can securely record their certification achievements on an immutable ledger, accessible by relevant stakeholders. This enables a tamper-proof and easily verifiable record of certifications, reducing the risk of fraudulent claims or errors in the verification process. In addition, stakeholders, including clients, partners, and regulators, can access this decentralised reputation system to independently confirm the validity of a company’s certifications, promoting trust and simplifying due diligence. Such a decentralised approach streamlines the certification and endorsement process, providing a more efficient and reliable means of showcasing a company’s compliance with industry standards.

7. CV

Consider a marketing professional who has successfully managed numerous campaigns for diverse clients. For each campaign’s outcomes, client feedback, and performance metrics they receive a verifiable credential. When the marketer applies for a new job, he can display a complete list of his verifiable credentials that comprises history of past achievements and feedback. Employers can trust that the information is genuine, making the hiring process more efficient and reliable.

8. Events & Ticketing

Consider an event organiser using decentralised reputation to verify ticket authenticity. Attendees could present their digital ticket, which is linked to their self-sovereign identity, giving the organiser confidence in its validity. Similarly, users can showcase their achievements and participation in various events, creating a digital portfolio that reflects their interests and skills.

9. DAOs (Decentralised Autonomous Organisations)

Decentralised reputation is used to determine members’ voting power and influence in DAOs. A higher reputation score grants a stronger voice in decision-making, promoting fairness and accountability within the organisation. It ensures that governance is influenced by those with a track record of positive contributions.

10. Education & Work Recruitment

Picture a high school student who excels in various subjects and participates in community projects. Her academic achievements, project contributions, and community service hours are documented on a blockchain throughout her academic journey. When applying to colleges, admissions officers can readily verify the student’s accomplishments, making the selection process more objective and fair. Additionally, this decentralised record can accompany them to college and beyond, serving as a lifelong learning portfolio.

A More Versatile Approach to Community Trust

Decentralised reputation is the key to unlocking a more secure, transparent, universal, and user-centric digital world. By providing users with control over their digital credentials and how they are perceived online, decentralised reputation systems are transforming the way we interact, work, learn, and engage with one another. As blockchain technology continues to advance, the potential for decentralised reputation to redefine our online or hybrid experiences is boundless, redefining our digital selves and community trust.

If you are interested in empowering your community with decentralised reputation, get in touch with us at Creds now!

Dynamic & Decentralized Reputation for the Web of Trust: What We Can Learn from the World of Sports, Tinder, and Netflix

Web of Trust, As We Know It, Is Flawed

The core concept behind the original Web of Trust is based on actors (through cryptographic keys) vouching for each other. Quoting directly from Phil Zimmerman (emphasis mine):

As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault-tolerant web of confidence for all public keys.

Figure 1: Original Web of Trust illustrated

Reputation should often naturally decay over time

Proof-of-authority systems like the one above often model for reputation to go in only one direction: upwards. Actors who have been around longer gather more “stamps” of approval. This can be an issue because:

  1. What if the actor was once reputable, but has had a change of heart on their morals? Or, in the case of companies, been acquired by new owners who have a vastly different ethical/reputational stance?
  2. Although the ideal of such decentralised PKI/reputation systems is to decentralise control so that no single actor becomes too powerful, the reality is that such power tends to coalesce towards a handful of actors. How can we escape the pull towards formations of natural monopolies?
  3. Regardless of whether once-trustworthy actors start behaving like their evil-twin-from-another-dimension, high-reputation actors become even more valuable targets for hacks, such as when Wired writer Mat Honan lost much of his online presence due to hackers wanting to take control of his three-letter @mat Twitter handle.

Doesn’t meaningfully capture the multidimensional nature of reputation

Records of which keys/handles/identifiers vouch for others only goes so far as to say I believe this key/handle/identifier is trustworthy. That doesn’t model the multi-faceted way in which humans interpret reputation:

  1. A person could have a stellar reputation as a skilled doctor/engineer/teacher/artist/(insert profession here)…but have a terrible reputation in other aspects of life, e.g., credit score, being a good parent, ability at swimming, etc.
  2. A company could be delivering great returns to shareholders but have a terrible reputation for ESG (environmental, social, governance) or worker rights.

This is highlighted in previous RWOT proceedings, such as the discussion on Anonymous Credentials in Sovrin:

Sovrin also supports reputation events. These transactions may be public (unencrypted) or private (encrypted) and can support any type of reputation assertion. At the most basic level, reputation events enable an observer to trust that the ledger entry identifying an Issuer really is the issuer. This bootstrapping of trust could of course also be established “off-ledger”, for example by pointing to the Sovrin ledger entry from the Issuer’s website or distributing an X.509 certificate of the Issuer’s public key.

But, trusting an X.509 certificate or a DID on its own doesn’t contain enough semantic information on whether to trust the issuer on that particular topic.

Reputation lies in the eyes of the beholder

Even if there was a model to capture multi-dimensional reputation, what is trustworthiness or reputation, anyway?

  1. Extending that example of company ratings/certifications, should oil & gas companies count in ESG stocks? Is it better if a coffee brand is Fairtrade or Rainforest Alliance certified?
  2. Wildly different approval ratings for politicians such as Donald Trump, based on political affiliation.

It is extremely tempting, like Vitalik Buterin and other authors of the “soul-bound tokens” paper did, to try build “on-ledger” reputation systems that provide a single “source of truth” for reputation. What this misses is if I’m a professional in a certain field, my clients may want to check my professional skills, but they have no business also knowing my credit-worthiness.

Taking a Page Out of Sports Rankings

How could we find a decentralized mechanism for reputation that addresses the shortcomings outlined above? The answer could lie in similar complex systems in the field of sports.

Ranking systems for chess, tennis, football, video games etc often rank players/teams using a system called Elo ratings. This is done by modelling interactions as a series of zero-sum games, where at a basic level:

  • If the higher-rated player wins, a few points are taken from the lower-rated player.
  • If the lower-rated player wins, a lot of points are taken from the higher-rated player.
  • If it’s a draw, the lower-rated player gains a few points from the higher rated player.

A more common term that some may know these systems is brackets or playoffs, as visualised below from a FIFA Football World Cup 2022 bracket chart

An unlikely inspiration from Tinder and Netflix

To understand how this concept could apply to dynamically bootstrapping a reputation system, we can take a look at how Tinder used Elo ratings to rank profiles in their app. Essentially:

  1. If any two users both swiped right on each others’ profiles, it count as a “win” in Elo rating terms.
  2. Similarly, both users swiping left counted as a loss.
  3. If one user swiped right and the other left, that would count as a loss too – but would have a different impact on rankings based on their relative rankings.

It is worth acknowledging that sometimes such Elo rating systems can be gamed, and if designed badly, can lead to inequitable outcomes. (Tinder moved away from using Elo ratings themselves.)

Another example of this is how Netflix moved from stars to a thumbs-up/thumbs-down rating system (sometimes called a “Nero rating system”, after the Roman emperor), essentially turning their rating signals to a zero-sum game between their estimate of how much they think a viewer will enjoy a title versus how what the viewer rated it as.

ratings distribution (source: Business Insider)

The key insight there was that given a 5-point rating system, people gravitate either towards 1 or 5: the rating scales in the middle see much fewer choices being made. This is not an isolated example: YouTube came to the same conclusion switched away from stars. Uber driver ratings below 4 are basically a strong enough signal to kick a driver off the platform, since 2s and 3s hardly get used. This also mirrors Uber passenger ratings distribution scale.

Other examples of zero-sum games to "rank" things

  1. AlphaGo and other AI systems use adversarial machine learning to rank game strategies.
  2. reCAPTCHA uses zero-sum game elements for known inputs while training for unknown inputs at the same time.

Applying Elo ratings to decentralized reputation

A decentralized reputation system could similarly bootstrap reputation scores per topic or attribute much faster than trying to accumulate “stamps” over time.

Some thoughts on potential benefits could be:

  1. Reputation scores could go up as well as down. Elo ratings naturally decay over time due to inactivity, just like how sportspeople who drop out of a sport drop out of league tables. Applied to reputation, this provided a sliding time window over which reputation could decay.
  2. Crucially, even “new”, low-ranked actors in a certain domain could trigger a reputation event that states This higher-ranked actor is no longer nice. On their own, a single lower-ranked actor couldn’t significantly impact a higher-ranked one – which prevents Sybil attack scenarios. But, given enough actors stating positive/negative experiences, scores will change over time.
  3. This does not mean an actor has a single reputation score – or a single score on how trustworthy their key/handle/identifier is. They could dynamically maintain different reputation scores on different topics. E.g., a company could have a high “buy” rating for their stock on financial metrics, but a low reputation on ESG. These can tied to Decentralized Identifiers (DIDs), for example, and assessed by the beholder differently.
  4. Doesn’t necessarily need to be on-chain. It could be off-chain/off-ledger and shared on a case-by-case basis: the same way Verifiable Credentials are.
  5. Finally a potential alternative to the question How do I know this issuer/DID is trustworthy? instead of sharing lists of trusted DIDs manually or .well-known DID configuration which is basically back to relying on centralised PKI / domain name reputation.
  6. Extending that same idea, it could also apply to trust frameworksgovernance frameworksschemas etc. When a verifier is presented a credential from an isssuer/framework/schema they have never seen before, they can dynamically query the Elo rating based reputation score of each of those on that particular topic/domain and assess whether to trust the credential.

Closing comments

Obviously, there are lot of things to map out on how to make this work in technical implementation, threat-modelling scenarios such as Sybil resistance, and ensuring there are safeguards to prevent unethical behaviour. I would love to collaborate at RWOT to map out other pros/cons not listed here.

However, this Elo ratings could provide a radically different reputation model than centralised PKI, WOT-based decentralised PKI, or soul-bound tokens / SBTs (which offers no consent-led mechanisms to reject malicious reputation statements). Instead of having to invent something entirely novel, Elo ratings are a well-researched and rigorously-modelled mathematical field.