Preserving user privacy is one of our core values. We don’t collect any information, which is not absolutely necessary for the service. However, as discussed in an earlier post, the downside of the privacy we provide is that it opens up the possibility of manipulation. We are frequently asked whether we have ever thought about this. Have we ever.
Why would someone manipulate reputations?
There are numerous reasons why someone would want to manipulate the reputation of a website. It is obvious that a website owner wants the reputation of his site to be extremely good to improve business. The opposite happens when someone would like to smear the reputation of a competitor’s site. Some people who are very fanatic about an ideology or a product (say, web browsers) may want to degrade the reputation of the sites that oppose them. Everyone has an agenda. (Obviously, Firefox rules! =)
Detecting manipulation attempts
While our system was designed to be resistant to manipulation from the beginning by evaluating each users reliability based on their actions, we also use a number of heuristics to detect and stop manipulation attempts. In this post, I will discuss some of the basic manipulation tactics and cover few of the methods we use for detecting them.
The simplest and most obvious manipulation attempt one could think of is a single user testifying multiple times for a website. However, as the new testimony in WOT replaces any previous ones, this kind of attempt is of no use. Also, if it notices this type of behavior, the system will automatically degrade the user’s reliability in the long run.
Nevertheless, this type of manipulation can be successful if we have no other data for a website and the user is the only one who has testified. The problem disappears as soon as other users testify for the site or we receive data for it from other sources. In other words, our system assumes that the user community will self-correct invalid reputations.
A more advanced manipulation technique is to create a large number of identities and use them to manipulate reputations. This requires the user to create several Firefox profiles and install the WOT add-on for each of them. Once again, attempts of this type are not very harmful, because in WOT, new users are not considered as trustworthy as the older ones who have already proven themselves. However, a dedicated attacker could reverse engineer our protocol and create a special program to automate the attack.
To protect our system from this possibility, we have created several methods for detecting these kinds of attacks. When the system notices an automated manipulation attempt, it will disregard all the attacker’s testimonies.
A coordinated campaign
Perhaps the most difficult manipulation attempt to deal with is a collective attack against one site. This includes a large portion of our community, i.e. users who have used WOT for some time already and might have gained some trust in the eyes of the system. It is difficult to detect an attack of this type. This is due to the fact that attack looks like normal testimony behavior.
While we have developed algorithms for detecting even these attacks, most of them based on well known statistical foundation, there is always the question of whether this type of activity be considered an attack at all. In a democracy, lots of people gang up to back one point of view. If enough people agree, they get what they want. So why not here?
This is by no means a comprehensive survey of manipulation attacks, my intention was to merely give you a peek on the kinds of issues we think about every day. Of course, no system is infallible, so if you notice a clearly invalid reputation on a website you know well, we would gladly hear from you. And don’t forget to testify first!