What the WoT is for, how it works and how to use it.
This is a re-write of some older material published by my PR on some forum, which I'm too lazy to dig up. It's expanded, clarified, revised and so forth, so the old version is obsolete anyway. Normally this article would have included by way of example a private conversation, but meanwhile the other party dun scooped me, so you can read it there.
I. The Web of Trust is not, as the name would seem to imply, an oilfield in which trust plays the role of oil, and you deploy some apparatuses and other devices to extract the trust therewith.
Trust is not in the web, that or any other web. Trust is not in the wording, not on the paper, not in the symbols, or certificates, or seals. Trust is not in others and other things, but much like faith - for which it serves as a ready synonym - trust is within oneself.
The Web of Trust is "of trust" in the same exact manner the walk of shame is "of shame" : it's not in the clothes you wear, nor in your tussled up hair, nor in the eyes of random jocks passing by that notice these, nor in the memories of your friends that recall perfectly fine what you wore yesterday that shame lies. It's within you, if at all, if you're the amateur sort of slut who'd be shamed by something like this. All up to you.
The Web of Trust is merely the infrastructure upon which trust is built, by you, for your own use, within yourself. The same objective set of relations can result in drastically different trust in the eyes of drastically different third parties. The point of the WoT is not to make these judgements for you.
II. The WoT works by reducing the unknowns problem.i It allows the user - any user - to confidently identify the sources of information, both in the negative and in the positive. That is to say, if sources of information exist, the user may by the WoT find them, and safely assume that should no sources of information be thus found, no sources of information in fact exist. It further allows the user to judge the quality, reliability and precision of said sources, and this independent both of the direct source and of the counterparty he's examining.
III. How to use it. Let's understand what all this means with a simple example. Consider the village of Wotania, wherein there exist exactly 100 agentsii, all participating in the Wotania WoT, and wherein strong currencyiii is used for all transactions. Suppose Joe wants to buy a used car from Moe. While the currency he'd be paying Moe in is strong, the car he's buying is anything but, and so Joe would like to evaluate Moe before paying him. What's he to do ?
First off, he should evaluate Moe's relevancy. Obviously since there are 100 agents in total, the highest score any one agent could achieve in the WoT would be 990iv. This would reflect the situation where one particular citizen was considered as perfectly known by all other citizens.v Thus if Moe has accumulated a score of 33, this clearly shows that at least 4 of the agents know him, which roughly means one in 25. If Joe knows 80 agents personally, but none of the agents he knows rated Moe, this makes Moe suspect on the first pass.
Sure, it's possible that Moe is only known to the minority subgroup of 20 agents doing things with cars, and within that subgroup he's quite well known, whereas Joe is strictly a part of the Wotania web industry, and they walk everywhere. However, this is something that Joe can evaluate by himself, without having any need for Moe, and without needing to ask him anything. For instance, if the island has a total of 3 car manufacturers, and all of them are in Joe's 80, Moe's position suddenly became untenable. Sure, it's possible that used car salesmen are completely separated from car manufacturers in the manner car people are separated from web people. But it seems less likely (and the likeliness of it is, again, fully within Joe's estimative hands).
Leaving that aside, if the average rating in Joe's WoT is 3.14, whereas Moe has received his 33 trust from exactly 4 people, averaging thus 8.25, there's suddenly exposed a very strange divergence between the two groups. Sure, it is legitimately possible for Moe's subgroup to be much more tightly knit, and thus his friends much more familiar with him than is the case in Joe's group. This happens, but not without other consequences, which again add valuable information into the credibility equation.
Or suppose instead that Moe's rating of 33 was provided by 10 people, yet still none of them are in Joe's reach. Somehow it is possible that out of 10 different people, 10% of the population of Wotania, nobody had any dealings with the 80 people Joe knows. They live on the same island, they go about their daily business, yet no one's ever met. Possible, especially if one lives in the US, but also improbable, and in this improbability, informative. Because this is the point of the WoT : its factual information reduces to a pile of factually correct statements, which all work as probabilities, and it's trivial to calculate the likeliness of a fact that depends on a number of other facts with known likelinesses : you just need multiply. 0.2 here, 0.5 there, 0.66 and another 0.15 suddenly you're at 0.8% which may well be under your risk tolerance threshold.
But let's say that out of Moe's 10 raters, 3 are in Joe's WoT. One supplied 3 points, the others one point each. Joe directs his questions as to Moe to each of them :
Dear Sue, Hue, Lue :
I am considering buying a used car from Moe.
I see that you have rated him in the past. How did that go ?
To which the three are held to answer (and the treatment for non-answering is again an informative variable, whose treatment rests with Joe) in the canonical form :
I bought a pair of shocks from him April last. They were broken, but he refunded my payment without much hassle.
All the best, Sue.
I bought a car stereo from him. It had a big scratch on the side and some other misc damage, but he let it go real cheap.
All the best, Hue.
At this point, Joe knows, but quite exactly, what the story with Moe is : he's a small time car thief, and he's trying to make ends meet by selling whatever car parts he can get his hands on. Simple, really.
Alternatively, of course, he could be a very reputable used cars salesman. 0.8%, or as the clueless say, “it’s impossible to call it one way or the other”.vi
The important parts here are the easiest to overlook :
- All this was established with no input required from Moe. Sure, if you want to get fancy you could easily ask a few choice questions just to see how the guy answers. But at its core, simplest, most barebone functionality, the WoT does not require you to talk to your subject of interest, at all.
- The process works universally : If it worked you know it worked, and of what quality its results are. If it failed you know it failed, and why and how come. It has, in other words, exactly the opposite properties to those decried by Naggum in his Lisp advocacy misadventures piece.vii
- Especially considering the alternatives, this is mindbogglingly cheap. In fact, I am ready to argue that the savings this model brings are, both in aggregate and on a percent basis, more significant than the savings Bitcoin brings in payments, or provably-fair in gambling.
So why isn't it used more often ? Because people are stupid, in that many words, or should you prefer a longer version, because allowing citizenship to the US African-Americans and empowering the universal pretense of "democracy" and equality has come with its own Pandora's box of ills and curses. Chief among which, a very pernicious return to idolatry. People like to think their juicer is their happiness, and their diploma their competency and whatever seal their trust. Because it's easier, especially if you're lazy, or stupid, and even moreso if you're both.
None of this has anything to do with race, in any sense, of course. People of all races are slothful and dumb, especially if they're allowed to be. Let's not.———
- As observed with some regularity, there's a major difference between the unknowns we know we don't know, and the unknowns we don't know we don't know. [↩]
- Philosophical sense, entities capable of agency. [↩]
- This means irreversible. The GPG contracts article makes for good companionship reading at this juncture. [↩]
- Admiting the Wotania WoT is just like the Bitcoin WoT, which is to say, limited to a 10. [↩]
- It is important to remember that the score associated to a relationship does not mark the direct trust of the scorer for the scoree, but merely the scorer's confidence that the information he has about scoree is correct, accurate, relevant and complete. All four.
Let's also note that such a thing as "the direct trust" of X for Y can not even be noted down in the first place, it being entirely a subjective determination of X, and consequently wovon man nicht sprechen kann, darüber muss man schweigen applies. [↩]
- This sort of people also loves to bring up pirateat40, the 2012 Ponzi scammer, as some sort of proof or indicia that "the WoT doesn't work". Obviously, it doesn't work by itself. But to anyone paying attention, it was quite plainly clear what exactly the guy was doing, to the degree they could evaluate roughly a six months interval for the scheme's demise (my PR said "May to September", the thing croaked in August). [↩]
- For future generations :
Subject: Re: Lisp advocacy misadventures
From: Erik Naggum <firstname.lastname@example.org>
Date: 25 Oct 2002 22:56:26 +0000
* Tim Daly, Jr.
| I was talking with a friend of mine about Lisp. He said that people
| write things in C because of speed.
But this is incorrect. People use C because it /feels/ faster. Like, if you build a catapult strong enough that it can hurl a bathtub with someone crouching inside it from London to New York, it will feel /very/ fast both on take-off and landing, and probably durng the ride, too, while a comfortable seat in business class on a transatlantic airliner would probably take less time (except for getting to and from the actual plane, of course, what with all the "security"¹) but you would not /feel/ the speed nearly as much.
| I said that Lisp will not necessarily cause a program to be slow, and in
| fact, because it lets you write a better program, things may even get
| much faster. He said 'like what?'
Better algorithms and type systems are well known to produce better performance by people who actually study these things. It is often very hard to implement better algorithms correctly and efficiently in C because of the type poverty of that language. Yes, you get to tinker with the bits as fast as the machine can possibly tinker, but, and this is the catch, you get to tinker with the bits. If you are not super smart and exceptionally experienced, the compiler will produce code that is faster than yours. If this holds from assembly to C, it holds from C to Common Lisp, given that you want to do exactly the same thing.
The core problem is that C programmers think they can get away with doing much less than the Common Lisp programmer causes the computer to do. But this is actually wrong. Getting C programmers to understand that they cause the computer to do less than minimum is intractable. They would not /use/ C if they understood this point, so if you actually cause them to understand it in the course of a discussion, you will only make them miserable and hate their lives. People are pretty good at detecting that this is a likely outcome of thinking, and it takes conscious effort to brace yourself and get through such experiences. Most people are not willing even to /listen/ to arguments or information that could threaten their comfortable view of their own existence, much less think about it, so when you cannot answer a C programmer's "arguments" that his way of life is just great the way it is, it is a pretty good sign that you let him set the agenda once he realized that his way of life was under threat. Since you have nothing to defend, your self-preservation instinct will not activate hitherto unused parts of your brain to come up with reasons and rationalizations for what you have done, you will not be aware that you have been taken for a ride before it is over and you "lost".
If you deny people the opportunity to defend something they feel is under threat, however, some people go completely insane with rage and actually believe that you threaten them on purpose and that you willfully seek to destroy something very valuable to them. However, some of the time, you meet people who /think/ and who are able to deal with threats in a calm and rational way because they realize that the threat is all in their head and it will not go away just because they can play word games with people and stick their head in the sand. If it /is/ the threat they feel it is, they realize they had better pay some real attention to it instead of fighting off the messenger so they can feel good about themselves again.
Much of the New Jersey approach is about getting away with less than is necessary to get the /complete/ job done. E.g., perl, is all about doing as little as possible that can approximate the full solution, sort of the entertainment industry's special effects and make-believe works, which for all practical purposes /is/ the real thing. Regular expressions is a pretty good approximation to actually parsing the implicit language of the input, too, but the rub with all these 90% solutions is that you have /no/ idea when they return the wrong value because the approximation destroys any ability to determine correctness. Most of the time, however, the error is large enough to cause a crash of some sort, but there is no way to do transactions, either, so a crash usually causes a debugging and rescue session to recover the state prior to the crash. This is deemed acceptable in the New Jersery approach. The reason they think this also /should/ be acceptable is that they believe that getting it exactly right is more expensive than fixing things after crashes. Therefore, the whole language must be optimized for getting the first approximations run fast.
See how elegantly this forms a completely circular argument? But if you try to expose this circularity, you necessarily threaten the stabiliity of the whole house of cards and will therefore be met with incredible hostility and downright hatred, and you will not even hear about the worst fits of insane rage until years later when some moron thinks he can get back at you for "hurting" him only because his puny brain could not handle the information he got at the time.
| Well, I'm blinded by the very misconceptions that led me to this point,
| and I'm not sure what to tell him. Can you help me out?
Ask him why he thinks he should be able to get away with unsafe code, core dumps, viruses, buffer overruns, undetected errors, etc, just because he wants "speed".
Erik Naggum, Oslo, Norway
Act from reason, and failure makes you rethink and study harder.
Act from faith, and failure makes you blame someone and push harder.
Saturday, 12 April 2014
I'm lazy too but I had it in my essential reading list.
"So why isn’t it used more often ?" assburgers probably
Saturday, 12 April 2014
A that's it, tyvm.
Friday, 5 February 2016
I just love this article! Thank you Mircea for this pearl.
Friday, 5 February 2016
Thursday, 15 June 2017
"Especially considering the alternatives, this is mindbogglingly cheap. In fact, I am ready to argue that the savings this model brings are, both in aggregate and on a percent basis, more significant than the savings Bitcoin brings in payments, or provably-fair in gambling."
"I really do apologize for this. However, let me give a little insight into what has been going on lately. We just lost our 9th bank account, due to fraud from customers. Yes, nine bank accounts have been shut down now. We've had over a hundred thousand dollars in attempted fraud over the past year. There was an entire fraud ring that hit us, and made hundreds of accounts to scam us. It's the reason we lost our last payment processor, and the reason we no longer allow gift certificates. The fraudsters would use stolen credit cards to purchase gift certificates, which they would use the proper billing address for. So our systems would not catch the mismatch. Then they would use those gift certificates to purchase product to their actual address. Since the billing address matched on the first order, and there is no check for billing when using a gift cert, our systems did not catch it. We lost tens of thousands of dollars before we could stop it. Even then, we lost our processor, and it took months of trying to get the ring to stop. It was, and still is, a nightmare. The same people hit Powder City before they shut down, and I am sure they are hitting other nootropics vendors as well.
We got a new processor through a lot of work and contacts, and thankfully were able to get back to somewhat normal operation. However, we cannot lose this processor. We just can't. If we lose this processor, I am shutting the company down. I would have no choice. As such, we are being very cautious about approving larger charges for new customers. If you have a history with us, then it is not an issue. This is only for new customers with no order history. I completely understand the frustration. I had to deal with this same thing when I bought some expensive car parts online before. I was pissed, too. Who the hell do these people think they are asking for all this info on me?!? I get it. However, now I have lived through the experience of losing banks and card processors due to fraud. So I am on the other end of the equation. It sucks, because I know we are pissing people off, and losing customers. However, we cannot lose this processor. It would be the end of Nootropics Depot. I really am sorry. I wish I was not in this position right now. I wish people were just honest, and we could operate how we used to. The larger we get, the less honest people we attract. I'm sorry that has to affect you, and I completely understand if you want to go elsewhere because of it. I'm trying to fix things, but our banking and card processing system is broken, and it is destroying the nootropics industry as a whole.
Now let's talk about security. Every single page where you enter personal information on our site is secured by SSL. We do not have the product, info, or blog pages SSL secured like we do on Ceretropic. However, all the payment pages at checkout are secure. You can test this by making a test cart, then going to checkout. You will see the page becomes secure at that point. That's how Bigcommerce works by default. We can SSL the entire site, and we have been talking about it. However, there are implications to Google links when we do that. So we have held off till this point. The main takeaway is that every checkout page where you have personal information being sent to us is completely secured by SSL. We are not putting anyone's information at risk. This is the exact same way the site has been operating since 2013. Your information is completely secure.
Regarding the extra information we requested, the landing page instructing you what to do is not behind SSL. However, the Jotform itself is. Again, any page where you enter personal information is completely secured by SSL. Once your extra information is sent to my team, we review it, then delete it from Jotform's secure server. Your information is never kept by my team or on any server. It is used to verify, then destroyed. The reason we only give people 5 hours is because of the batch times. I'm going to give you some info about how the payment processing systems work that nobody really talks about. Hopefully this does not come back to bite me in the ass, but I like being open and honest. When you make a credit/debit card purchase on a website, you are actually only participating in an "authorize and capture" scenario at that point. That means that our systems take the information you input into our site, and verify that through the backend Visa/Mastercard/Discover/Amex systems. They tell us if everything matches, and go through a bunch of filters to check for the validity of the charge. At that time, your bank puts a hold on those funds. However, we still have not charged you. That only happens at the batching time later in the day. Then every charge that was authorized and captured earlier in the day gets batched, and the charges process like you would think. That's technically when the real charge happens. If we void the transaction before batching, we do not have to worry about any fraud coming back to bite us later. The card was never actually charged. So if it was stolen, nothing comes back to screw us later. If we let it batch, then things become real, and we have to fight things if they later turn out to be fraud. That's why we have a time limit on this. I know it sucks, and I am very very sorry that I am being put in this position that I have to do this to honest customers. However, that is why we only give so much time. If we void the fraudulent transactions before they batch, our bank never has to deal with it. The unfortunate reality is that not everyone is fraud, and we have to inconvenience honest customers. It kills me to have to do it, but it is only because we have to survive.
Our industry is getting absolutely hammered right now. Every major nootropics company has lost their processor at least once. A few have even gone out of business because of it. I almost had to shut Ceretropic down because of it happening in 2015. We are still fighting this adverse banking environment, and I don't know if we are going to ultimately prove successful. However, we are still here fighting. I've spoken to more banks and processors than I can accurately count now. Our system is broken, and many of the major nootropics companies many not survive till it gets fixed. I am so grateful that the /r/nootropics community has been so understanding and supportive throughout this whole mess. Our customers have jumped through a lot of hoops, and I cannot thank them enough. Anyone that knows me, knows that I am a very open and honest person. Hopefully that comes across to people that don't know me as well. In no way shape or form will we ever scam a customer. If you have an issue with anything, you can always private message me here, and I will do everything I can to take care of you. We are trying our hardest to be the best nootropics company out there, even through all these hurdles. Before I opened Reddit and saw this thread, my morning was going to consist of going and sitting in a few new banks, and opening new accounts for both Ceretropic and Nootropics Depot. I can't tell you how disheartening it is to constantly have the rug pulled out from under you, when you are just trying to run an honest business. I don't want it to be hard for any of you to purchase products from either of my companies. I would offer any and every payment option under the sun if I could. The reality of the matter is that the world doesn't care. It will steamroll you and move onto the next, unless you keep pushing forward. While I am so burnt out by all this over the past two years, I am still pushing forward. I am still trying to build what I set out to years ago: to advance nootropics and make the community a safer place. I thank you in advance for any support and understanding that you send our way, and know that anyone can reach out to me here on Reddit if they are having issues or concerns, and I will always help you.
OP, please PM me your details, and I will make sure you are taken care of."
Thursday, 15 June 2017
Eh, let them learn how to use money or sink with fiat.
Buggy whip companies sounded just like this too, "oh getting hammered". Bitch, learn to make brakes or get the fuck off the pig.