Kemono icon indicating copy to clipboard operation
Kemono copied to clipboard

Published 20 hours ago verified publisher icon OpenYiff

Voting TODO

Open DonaldTsang opened this issue 5 years ago • 6 comments

YiffParty has a popularity feature that allows people to vote on which pages requires the most attention.

Since privacy is important and that IP logging is an issue, IPv4's 32-bit address can be compressed to a 16-bit address through hashing, assuming that the chances of two addresses clashing within a group of N users would be 1-e**(-N**2/(2**17)). To prevent repeated hash collisions, it is recommended that each page should have a salt attached to the voting system such that no hash collisions are the same (something like hash(ip+hash(page_id))), and voting will be fairer that way. If we are dealing with IPv6 exclusively however, it makes hashing for security easier, where we can have 32-bit hashes of 128-bit addresses, which bumps the number to 1-e**(-N**2/(2**33)).

DonaldTsang avatar Jan 08 '20 09:01 DonaldTsang

Think this is addressed in 2.0's request system. Will reopen if you mean something else.

ghost avatar Sep 09 '20 23:09 ghost

There are some ideas about AnonRep https://www.usenix.org/system/files/conference/nsdi16/nsdi16-paper-zhai.pdf and https://eprint.iacr.org/2014/546.pdf or https://fc18.ifca.ai/preproceedings/87.pdf with "Anonymous Reputation Systems" could you take a look?

DonaldTsang avatar Sep 10 '20 13:09 DonaldTsang

Will do.

ghost avatar Sep 10 '20 14:09 ghost

And if we are not dealing with anonymous reputation https://github.com/mmnosovskiy/fuzzy_rep_sys/issues/1

DonaldTsang avatar Sep 11 '20 00:09 DonaldTsang

SCAT (Safe, Cryptographic, Anonymous Theft)

Using PGP's signing feature is something I've liked the idea of in a reputation system for a while. Here's an unnecessarily long proposal.

Implementation

Suggested implementation. Change at will to suit your needs.

Verification

Verification would consist of tried and true public/private key cryptography. Kemono would need a place to fetch public keys from. Either specifying a keyserver to pull from or running one alongside the instance is ideal.

Rep Points by Importing Posts

To import a post and gain reputation, simply sign your plaintext session cookie with your PGP key. In GPG this is simply done with the following command: gpg --clear-sign [sessioncookie]. If you have multiple keys you'll need to specify which key you want to sign with by using gpg --clear-sign --sign-with [keyfingerprint] [sessioncookie] The server would then check this signature against the known public key. Assuming everything checks out, the user will be granted reputation based on this.

Chain of Trust

Given what happened to yiff.party I think it would be a good idea to have an approval system for file uploads. Any user would be able to submit a file via the file upload function, at which point it would be put into a "review" section that wouldn't display in the creators primary page on kemono.party (or another instance). For example, https://kemono.party/service/user/0000000/review. This could be indicated in the UI with a simple "This creator has community uploads that are under review" (or something similar) with a hyperlink to their review page. Anyone could view these files, but only people with enough reputation points (specified by instance admin) could verify them. A trusted user signing the file (or perhaps an sha512 hash of the file) with gpg would then have it moved to their primary page. On the review page there could be an upload feature similar to that of the primary page, but labelled "verify" and is for... well, verification purposes. If a user tries to verify without having a sufficient reputation then it would reject the verification.

You should gain reputation points for successfully verifying files. How much I'm unsure of.

Practical Advantages

Privacy

The user can choose to be as anonymous as they want. They can either generate a new GPG key not tied to any online identity or use one that is attached to an existing alias. As long as they have the private key, it's valid. Minimal user data would be retained server side, and there would be no need to implement an account system.

Security

Impersonating a trusted user should be nearly impossible using this methodology (unless someone lost their private keys, which at that point is their own problem).

Simple and Proven

The only thing needed server side (user data wise) would be a user's public key and their associated reputation score. You don't have to implement any password protected or hidden pages. Fetching the user's public key from a server is fairly simple, and if you were to run your own keyserver there's plenty of already existing, well written software to do that.

tl;dr

just use PGP

polarisfm avatar Sep 11 '20 01:09 polarisfm

@polarisfm that is it Tracking-resistant and light on the network? PGP seemed like a heavy hack. Check https://github.com/OpenYiff/Kemono/issues/9#issuecomment-690300563 again.

AnonRep reliably tallies other users’ feedback (e.g., likes or votes) without revealing the user’s identity or exact score to anyone, while maintaining security against score tampering or duplicate feedback.

Which includes the server. Anonymous - the imageboard virtue.

DonaldTsang avatar Sep 12 '20 01:09 DonaldTsang