Firefox Extension for Applied Social Networking

wanderingstan writes "Outfoxed is my masters thesis project about trust. (Nutshell overview) The extension uses a social network for personalized searching, phishing/spyware protection, file/process validation and more. It's related to del.icio.us, StumbleUpon, and those Kevin Bacon things, but goes a lot further. Mathematically, it's based on the network behavior of small world networks (pdf). Built with Javascript, Python, SQL, and XSLT. 366 testers so far, but we need the network to grow!"

did he say...

[bad_outlook]

he wanted the network to *grow* or get slashdotted to death?

bo

Re:did he say...

[Eagle-Y]

wow slashdotted so early ... 571 websites share the same server by the way. http://whois.sc/getoutfoxed.com

Re:did he say...

[bad_outlook]

That's fantastic, so I wonder if all 571 websites are now down due to one /. post! Now that would call for a /. story, which should in turn /. http://www.whois.sc/ Who says reading /. is passive!

bo

Re:did he say...

bo bice sux.

Re:did he say...

[robca2]

His project is about trust: how much he trusts us not to slashdot his masters thesis.

Using social networks for personalization

[glinden]

Chris Anderson (of Wired and The Long Tail fame) had a great post about why social networks might not be the best way to do recommendations and personalization. An excerpt:

No matter who you are, someone you don't know has found the coolest stuff.

The sad reality is that most of my friends have rotten taste in music (I don't hold it against them), while the music recommendations I actually follow are mostly from people I've never met.

The assumption that there's a correlation between the people I like and the products I like is a flawed one.

On the one hand, you trust your friends, so things your friends clicked on might be interesting for you to know about. On the other hand, friendships are not a good predictor for recommendations since your friends often have different interests from you.

It's a cool idea, but I'm not sure how many people would bother to set this up, how often this will change the search results, whether the changes will focus your attention on the most relevant result for your search, and whether you can scale a system that accesses data on everyone in your social network on every web search.

Re:Using social networks for personalization

[capt.Hij]

Another example is the state of Utah! Salt Lake City is the smallest city to have its own SEC office, and the state suffers from a high rate for people getting ripped off by people they know. This has been attributed by the close network of people within the LDS Church. Somebody who is intent on ripping someone off can join the church and instantly gain a large web of trust.

Re:Using social networks for personalization

[lucabrasi999]

It's a cool idea, but I'm not sure how many people would bother to set this up

Agreed. I installed "StumbleUpon" a few weeks ago. I still haven't used the tool. And, since will probably never find the time to use it, I should just un-install it.

The quality of the metadata in a network like this is directly correlated to how many people actually take the time to collect and submit data. Don't forget that there are always a few "bad apples" that will purposefully recommend bad links. Take spyware companies for example. What if all of the spyware companies submitted high recommendations on their links?

Re:Using social networks for personalization

[rsborg]

On the one hand, you trust your friends, so things your friends clicked on might be interesting for you to know about. On the other hand, friendships are not a good predictor for recommendations since your friends often have different interests from you.

Exactly. Trust involves two aspects: competence, and compassion. Friends are often compassionate, but may not neccessarily be competant in the interests you have (ie, none of my "friends" are on in my basketball weekend group). Likewise, those guys in the bball group are not necc. guys I'd like to hang out and have beers with. But perhaps compassion can be had online, specifically for your combined interests? Some blogs have very active communities where friendships develop...

Re:Using social networks for personalization

[00RUSS]

Who says they have to be your friends. A smiler model works in yahoo music engine and TIVO. I may not like the same music as my friends. But somewhere there is someone with very similar tastes to me.

For example. I like classic rock. My friends may not like it. But someone else must also like classic rock. And if they like and dislike similar artists and songs we have a compatible match.

Re:Using social networks for personalization

[pizen]

What if all of the spyware companies submitted high recommendations on their links?

But those spyware companies aren't in your circle of trust so it doesn't matter what they think about their websites.

Re:Using social networks for personalization

[lucabrasi999]

But those spyware companies aren't in your circle of trust so it doesn't matter what they think about their websites.

True. I would never expect a spyware company to lie their way into a trusted network. :)

Re:Using social networks for personalization

[typobox43]

Which is why services like Audioscrobbler are much better for music recommendations. It recommends music to you based on the listening habits of other users that listen to similar music as you.

Re:Using social networks for personalization

[wanderingstan]

On the one hand, you trust your friends, so things your friends clicked on might be interesting for you to know about. On the other hand, friendships are not a good predictor for recommendations since your friends often have different interests from you.

One important difference is that Outfoxed doesn't assume that the people feeding you metadata are friends-- that's one reason why I chose the more neutral word informer, which can be a person, organization (example), or even auto-generated list (example).

It's true that you might trust informers in only specific areas. This is partially addressed by tagging. But the bottom line is that Outfoxed only tries to present you with the most relevant metadata for what you're doing, which you can look at or ignore. And all things being equal, a friend is more likely than a stranger to share your values about what constitues good, bad, boring, funny, etc...

But in any case, I'm looking forward to what the slashdot masses think of my project...and to how my ISP holds up.

Re:Using social networks for personalization

[natrius]

As another person mentioned, the people you entrust while using this system don't actually have to be people you know. For instance, if you take a look at someone's del.icio.us links page and there are tons of things that interest you, you would probably trust them to inform your browsing decisions.

This system looks like a good way of implementing spyware/adware prevention and the like based on trust, but I don't think it will do so well for general browsing as you point out. There are plenty of people I would trust to help me stay away from spyware who I wouldn't want pointing me to web sites to read, mainly because I read vastly different things on the Internet from many of my friends. A system tha would work for this is something like Amazon's recommendation system. Without fail, Amazon emails me stuff that I'm actually interested in based on things I've bought from them. If something could use my web browsing history and compare it with that of others to suggest sites to read, that would be awesome. There are tons of privacy issues there, but putting those aside, I think such a system would be very effective.

One thing that might break such a system would be spammers. Spammers like to break anything that's good on the Internet with advertising, and this would be no exception. I think it would be hard to replicate a normal browsing history while inserting a few ad links, and submit those histories on a large enough scale to make those sites show up as results.

Anyway, I've gone off on a bit of a tangent. My point is that trust works well for many of the stated goals, but not so much for what I really want: all the good information on the Internet pumped straight into my brain.

Re:Using social networks for personalization

[natrius]

True. I would never expect a spyware company to lie their way into a trusted network. :)

The extension shows you who rated various things. If there's a bad rating, stop trusting that person. If someone you trust has a bad habit of trusting untrustworthy people, stop trusting that person.

Re:Using social networks for personalization

[NickFortune]

The assumption that there's a correlation between the people I like and the products I like is a flawed one.

Well, I have a certain amount in common with my friends - that's one of the reasons they became friends. They assumption that I will like everything they like may be flawed, but the counter assumption, that there is no commonality in taste, seems equally absurd.

On the one hand, you trust your friends, so things your friends clicked on might be interesting for you to know about. On the other hand, friendships are not a good predictor for recommendations since your friends often have different interests from you.

This is about more than recommendations though. This is about whether to trust a site or product, and about what the processes on your computer do, and potentially about a lot of other stuff as well.

It's a cool idea, but I'm not sure how many people would bother to set this up, how often this will change the search results...

Isn't that the beauty of social networking apps though? If they work well, the spread; if they don't they die a horrible death. Even if this only works as a proof-of-concept, I'd say it was still tremendously valuable. We could have knowledge of trojaned downloads propagated across the net in hours, and without requiring naieve users to follow security boards either. Add in a thunderbird plugin and you could validate email links in the same way.

That's aside from the functions it shares with stumbleUpon, orkut, del.icio.us and the rest.

I do, however, take your point about setup - especially as a linux user. Still, with an established network, I can't see any reason that joining outofxed should be any more onerous than getting a gmail invite.

Re:Using social networks for personalization

[joepeg]

On the one hand, you trust your friends, so things your friends clicked on might be interesting for you to know about.

Obviously, you've never had a friend relentlessly forward you email chain letters insisting "I know you hate these ... but this one is funny/great/interesting/etc..."

Re:Using social networks for personalization

and simply visiting the suspected domain would clear things up, it wont take many infections before word gets out that its a malicious domain and its marked bad/suspect instead of sitting there for weeks infecting people
of course if the groups members want to see spyware and phishers on their travels let them

it seems like a user rating system but globally, stumbleupon is a similar user feedback concept

Re:Using social networks for personalization

[jaaron]

But in any case, I'm looking forward to what the slashdot masses think of my project...and to how my ISP holds up.

Well, I just installed it and it looks pretty good. I can't get an informer account at the moment due to slashdotting, but I'll try again tomorrow.

One feature I immediately expected but didn't see was something along the lines of "If you like this site, check out ..." as part of the reports.

Good luck with the project!

jaaron

Re:Using social networks for personalization

[Aggrav8d]

Obvious solution: get more friends, be more friendly? If anyone complains you are too eager that mean they're either boring or cowardly so there's little chance they will improve your social network, anyways.

Re:Using social networks for personalization

[zkn]

I get his point but:

The sad reality is that most of my friends have rotten taste in music (I don't hold it against them), while the music recommendations I actually follow are mostly from people I've never met.

So add you those people to your network. Noones saying you have to ad people from your golfclub to your network just because you all like golf. However if you ad the people with the same taste in music you'll know whether to listen to HotPuppetRockersFromHell's new album or not based on their thoughts. Or even get recomendations on stuff you wouldn't otherwise know of.
The very fact that he follows recomendations goes agains his whole argument of social networks not working. They are based on recomendations.

Re:Using social networks for personalization

[oasisbob]

Are you sure there isn't another reason why SLC has it's own SEC office?

Re:Using social networks for personalization

[smagruder]

How does one know if StumbleUpon has any value if one hasn't tried it out before?

I've been using StumbleUpon for about a year, and I think it's GREAT! I have found all sorts of very rich web development related sites on those days I decided to stumble onto "web development" sites. Or, on a day I was in a mood to find out more about another subject, I just selected the SU topic, and started stumbling.

SU's groups are also pretty cool, as well as the many other ways SU uses to interconnect people.

Re:Using social networks for personalization

[smagruder]

That's right. Oftentimes, people select "friends" who would never be real friends in life, but simply people who share interests. Social networking tools like StumbleUpon make it very easy to discover those with similar interests, then you can "stumble upon" links they found interesting.

What?

[geekoid]

No Links?

Re:What?

[Leroy_Brown242]

Well, this is a google excersize.

You have to take the very little info you've been given, and run with it. :)

Re:What?

this is a sample sentence. Lets hope the next article is not like this

================
Dear Slashdot Moderators,
moderate this post whatever, but atleast moderate/rewrite such badly written/linked articles. there were too many links that i wudnt dare clicking even one. Now, where on earth can we expect the Slashdot Effect

trust?

[justforaday]

Outfoxed is my masters thesis project about trust.

I'll show you what I know about trust by not installing your spyware extension!

Kidding aside, sounds like an interesting project. Even though I won't be taking part, I wish you the best of luck with it...

Re:I wish there was a Firefox extension for...

[octalman]

... filtering stupid posts.

Re:I wish there was a Firefox extension for...

[bad_outlook]

on Slashdot? What would be left to read? Change you modifier to +2 and see how much is left.

bo

not trusting trusted people

[moz25]

Well, the thing is that I can trust many people I know with my life, but not with my computer.

Re:not trusting trusted people

I read "wife". You realize I read "wife", don't you?

Re:not trusting trusted people

[nazsco]

> Well, the thing is that I can trust many people I know with my life, but not with my computer.

...maybe if you stop stocking up all that weird pr0n stuff

Re:not trusting trusted people

[xMilkmanDanx]

Sad but true. Very few people should be allowed to do anything of significance with a computer but could be trusted to not endanger your life (unless it was endangered THROUGH their use of your computer).

This is probably why mac's only have one mouse button. Bet they'd have done away with the keyboard too if they could get away with it.

Papers on similar work

[techmuse]

I've previously published two papers on a very similar idea - using distributed social trust networks to make trust judgements, which is essentially what Outfoxed is. You can find the papers at:

The Solar Trust Model
Michael Clifford, Charles Lavine, Matt Bishop
http://www.acsac.org/1998/abstracts/fri-a-1030-cli fford.pdf

Networking in The Solar Trust Model: Determining Optimal Trust Paths in a Decentralized Trust Network
http://www.acsac.org/2002/papers/9.pdf

Re:Papers on similar work

I certainly don't trust the sun. After all, it's the source of all our global warming, you nogoodnick hippies need to keep coding on your communist operating systems and stop trying to convince people to trust the sun.

What happens when we disarm and the sun just launches all it's got at us? Bet you didn't think of that did you huh?
*doomy 60 minutes "evil music" with picture of sun*

Well I for one believe that we should have enough nukes to destroy the sun on 15minute alert capable of being fired by the president, in whom I have almost as much faith as I have in god.
*rum tum tum tum tum white house music with B&W shot of Bush on phone in whitehouse*

Can't hurt the sun cause it's too big you say? Well, we could always knock jupiter out of orbit and crash it into the sun. That would at least give us a mutually assured destruction senario that even the fissionist puppet government on sol can understand.
*crude napkin drawing of jupiter crashing into sun, stickfigure (captioned "me") saying "lol"*

dagnamit, we gunna beat those solarians, and we'll be warming our grits and lighting cigars off their smodering remains. NOBODY fucks with America, nobody.
*cut to flag*
*rising patriotic music*
*flag cross-fades with eagle*

Looks pretty cool

[nachtzeit]

<em>It is clear that people living 1000 miles away from each other will have at least 100 degrees of separation</em>

is this not contrary to the whole degrees of seperation theory?

What would be uber is if a new menu can be added so it caches your own del.icio.us tags.

kevin bacon things

[xtermin8]

I tried googling "kevin bacon things" and "extensions" the results I got were really disturbing. Please, we don't need any more of these on the net!

Re:kevin bacon things

[Foolomon]

Yeah, sometimes people's websites take things to the 5th degree. [Sigh]

more links please

[joey_knisch]

I think he needed more random links.

Re:more links please

[empaler]

At least you linked to ICRC. Good on yer.

Good idea in theory

[mister_llah]

... but in practice, you open the door to increased risk... navigating bookmarks of someone you don't know could run you right into spyware/malware... there aren't enough filters in the world to keep up with what is put out there.

Sadly, too, the concept of Monkey Sphere comes in, too...

http://www.pointlesswasteoftime.com/monkeysphere.h tml ...

Though it will start small, it will eventually become just too big, if it survives... it will become just another random maze of links for people to click through at 3am when they should be coding for a project due at midnight the next day.

===

Sorry to be a drag, just being realistic :/

Re:Good idea in theory

[telecsan]

random maze of links for people to click through at 3am when they should be coding for a project due at midnight the next day.


In that case, they have 45 hours to complete the project, in which case.... click away!!!

Re:Good idea in theory

[mister_llah]

I was alluding to my current state, well, at least my current state at 3am this morning ;)

Re:Good idea in theory

navigating bookmarks of someone you don't know could run you right into spyware/malware...

Isn't the whole point of this that you only add people you _do_ know, and building upon that, trust?
You can always remove them if they gave you bad links.

Re:Good idea in theory

[Suddenly_Dead]

That is why you're supposed to limit your network to people you actually know and trust and maybe one level beyond that.

It's not like the social bookmark sites, where you wander around stranger's bookmarks when the site notices that you have similiar tastes. You have to manually place all of your friends/family/trusted people into the program, and it gives you little reports for every site you visit. Heck, I don't think it even lets you share bookmarks, though if it does that isn't the main features.

Re:Good idea in theory

[shokk]

It's a fact that the majority of crimes are committed against people by those they are familiar with. This seems likely when you consider celebrities make themselves so well known that people practically identify with them as if they were family - thus why they go to such lengths to secure themselves. Sort of negates the whole "stranger danger" philosophy that is always pushed and boost the idea of "keeping your enemies closer".

I agree with some of the other posters in that my friends have terrible taste and I'm more likely to get good advice from someone I don't know.

Re:Good idea in theory

[DavidSJ]

That guy sure thinks he's a supermonkey.

Identity evasion

[Paul+Crowley]

For recommendations in favour, this sounds great, so long as the trust metric is attack resistant as described in Raph Levien's thesis. Google PageRank is an example of an attack resistant trust metric.

For recommendations against, it's very hard to make this work, because it's hard to make the shit stick; every time the global reputation of a particular identity takes a dive, it's easy to shift to another one which has no recommendations either way.

Creating hard-to-evade IDs is a very hard problem.

Re:Identity evasion

[owlstead]

I don't know about pagerank being that trustworthy. If I look for a review, I find tons of sites selling stuff - including a small button to add my own (very trusted review. That is not what I am looking for. Even if I find a review using Google, the chances are that it is a bad review written by a single person who bought the product, and was stupid enough to think people care about such "reviews" and wrote one.

Re:Identity evasion

hate to break it to you, but raph's advogato.org is horribly broken with respect to trust.. and i really can't see where it was resistant to attack in the first place. unless you equate usability annoyance with attack resistant (which can probably be proven to be more human inconvenience than machine inconvenience)

Re:Identity evasion

I see the problem you present, with spammers or such creating trust neutral entities en masse. But you forget that a user will be able to say, I only trust trustworthy people. Effectively requiring someone in the social network to vouch for the new user not being a script or spammer.

Re:Identity evasion

[Kent+Recal]

Even if I find a review using Google, the chances are that it is a bad review written by a single person who bought the product, and was stupid enough to think people care about such "reviews" and wrote one.

Why do you put "single persons" down like that?

When I'm in the process of making a buying decision I'm looking for these "single-person"-reviews in particular. I found most of these review published on private homepages or blogs much more helpful than most of the stuff I find on "professional" review-sites or - worse - these "we-pay-2cent-for-your-review" crap-stores.

Sure, often you find only one useful review out of ten. But most of the time this one useful review is written by some unbiased "single person" who just bought the thing you're looking for and took the time to publish a brief, unbiased report of the pro's and con's from a personal point of view.

Especially when looking for hardware with linux support these personal reviews have always been the premier source of actual information for me, while most "professional" articles were all about stuff that didn't matter a bit to me (like how the GFX chip performs unreal tournament and such).

Re:Identity evasion

[rchf]

A negative trust evaluation can't be evaded by changing the domain name of a site. Domains have value simply because they have links to them on important pages and sites (a form of reputation). It is of course possible to move content but then the value of the in-links is lost. Only way the domain name is irrelevant is if the links to the domain are mutable and can be altered to follow a new (trust-neutral), domain.

With the right implementation both negative and positive community filtering should work.

Best,
Richard

User != Others

[Iriel]

What I wonder is this: Yes it does seem like an interesting idea, but how many of your friends run the same software you do? I still have friends that I'm trying to convert from IE, but it's too easy for them use what's already there. I know plenty of cliques that hang together because they all like running BSD/Linux and deal with programming and such, but none of them use the same distro or the same preferences.

My bottom line is this: Look at your best friends computer. Do they have the same extensions that you do? Do they even run Firefox? The network can only be as expansive as the people that decide to jump on board.

Mod site up

[tehshen]

By posting it here, will you attract the slashdot moderation messages?

"MOD THAT SITE UP!"

Only Windows...

[ozamosi]

If you - like me - is running something which isn't Windows, you don't even have to try to try it out. It is Windows only at the moment.

It do say that the extention have been compiled for linux, but isn't finnished. If I was him, I'd have my linux version Done when i submitted to /.

Re:Only Windows...

[koreaman]

You have to live with the fact that most people run Windows. Not most people on Slashdot, perhaps, but most people in general. We all know Linux is better, etc., but honestly it's not ready for the desktop, and until it is you can't expect all the software you want or need to be released for it.

Re:Only Windows...

[wanderingstan]

Mac and Linux versions are only a few days away.

There was just some trouble getting pyana to link correctly in Python.

Re:Only Windows...

[schon]

the extention have been compiled for linux, but isn't finnished.

Haven't you heard? Linus moved to the US a few years back - unless he moved back, it'll probably never be Finnish. :o)

Re:Only Windows...

[sigloiv]

Yup. Just gotta wait a week or whatever for my Linux version. I'll be auto-refreshing the download page with Opera until then.

Re:Only Windows...

If I keep reading /. posts, my project will NEVER Finnish...

Sorry (ducks)

Re:I wish there was a Firefox extension for...

[bad_outlook]

Yep, but there's not. I wish there was a firefox extention to explain to folks that they have, "FAILED IT!

regards

bo

sql go boom

[farker+haiku]

Every file and process should have a chain of trust leading back to the user. Any file or process without such a chain is being taken on faith, and the user should be warned accordingly.
For example, every process run by a computer should have a chain that looks something like this:

wuauclt.exe [executed by] Windows Update [installed by] Windows OS [installed by] User [trusted by] Root User
matlabserver.exe [executed by] MatLab Application [installed by] User [trusted by] Root User
And similarly, every file should also have a chain:

desktopicon.ico [created by] FireFox Application [installed by] User [trusted by] Root User
mydocument.doc [created by] MS Word Application [installed by] Root User
Ideally, management of trust should be done at the lowest levels of computation: in the operating system or even in the microprocessor itself. This limits the ability of malicious software from disrupting the chain of trust back to the user. Outfoxed, because it is just an extension, has many vulnerabilities. Primary is the vulnerability of the locally stored trust database.

The next step would be to have trust storage implemented as a continuously running process that could be queried by other applications. [Note 22/03: The new version does this, using HTTP for queries.] So the browser, email client, and word processor could all draw trust information from the same source.

The best solution would be to have this process integrated into the operating system itself, so that the OS could also take advantage of the trust information by only running trusted applications. Trust managed at this level, combined with a good security methodology, would give us the ultimate trustworthy environment.

Re:sql go boom

The best solution would be to have this process integrated into the operating system itself, so that the OS could also take advantage of the trust information by only running trusted applications. Trust managed at this level, combined with a good security methodology, would give us the ultimate trustworthy environment.

Interesting idea but when Micro$oft proposes the same thing the local /. denziens go bonkers.

Re:sql go boom

[Jerf]

This isn't a very good idea for a host of practical reasons, mostly centering around the fact it is too simplistic.

IMHO, you are reaching for a capabilities-based model, which works out at least somewhat better in practice, though it is an open question of whether it works well enough to use. (Link leads to a group trying to build an OS on the idea, and I know it hasn't been completely smooth sailing, but I am not intimately familiar with the project.)

That should give you a springboard for further investigation into the topic, if you like. (Way too big to cover in a Slashdot post, and I am only passingly familiar with it anyhow.)

Re:sql go boom

[dodobh]

Trusted by whom? Just because your OS vendor trusts someone does not mean that the rest of us do.

A trusts B
B trusts C

does not imply A trusts C

Re:sql go boom

[Lorkki]

Interesting idea but when Micro$oft proposes the same thing the local /. denziens go bonkers.

On the other hand, the real difference is that the Palladium concept insists on you, the user, to trust an omnipotent outside third party in determining what is trustworthy and what isn't.

Re:sql go boom

[Gorath99]

Unfortunately, this would just lead to:

Spyware Program [installed by] Spyware Installer [executed by]] KaZaA Installer [trusted by] User [trusted by] Root User

or

Spyware Program [executed by] ActiveX component [executed by] Internet Explorer [trusted by] Windows [trusted by] Root User

Which is exactly what's already happening.

While it would certainly be nice to have this kind of info so you can trace back where files and processes came from, it wouldn't stop malicious programs in the slightest.

Re:sql go boom

[wanderingstan]

The difference would be that Spyware Program would be rated as dangerous by some source, and (speaking only for myself) I trust my friends a great deal more than I trust I trust Windows, IE, or Active X.

Re:sql go boom

[fajoli]

If there is a limit to how far one is willing to delegate trust, it would be far more useful. Ie. root could withhold the ability to delegate trust from some users to prevent them from installing software. Or software could have its ability to recieve that delegation limited (unable to install more software).

Re:sql go boom

[Alsee]

Interesting idea but when Micro$oft proposes the same thing the local /. denziens go bonkers.

I could be mistaken, but no, I do not believe the poster was proposing "the same thing".

In particular I saw no suggestion in his post that the owner of the computer (root user) be FORBIDDEN to know his own master key to his own computer. I saw no suggestion in his post that the owner of the computer be FORBIDDEN to be able to use his master key to do whatever he wants on his own computer.

If he *was* implying those things, then yeah, I consider it quite appropriate to "go bonkers" on him.

Microsoft's website documents that the Palladium/NGSCB/Longhorn operating system will have a "Security Support Component" (SSC), and that the SSC *is* the Trusted Computing Group's Trusted Platform Module (TPM). The Trusted Computing Group's website has technical specifications requiring that TPM's have unique identifiers (PubEK) and contain keys (PrivEK and SRK) that the owner is FORBIDDEN to know. The specification requires the chip to self destruct and effectively destroy your protected data if it detects you attempting to get at your keys.

-

Re:sql go boom

[Alsee]

Would you please clarify if you are suggesting a system strictly secured for the owner, or a system that ALSO happens be be secured AGAINST the owner?

In particular are you suggesting owners be able to know any and all keys on their own computer? Owners able to access anything they wish on their own computer? Owners able to do anything they wish on their own computer? Owners able to modify anything they wish on their own computer? Owners able to modify or defeat any "security" system on their own computer?

I just want to know if you are actually suggesting a beneficial syste, or if you are merely trying to dress up TrustedComputing/MicrosoftPalladium anti-owner handcuffs "security system" in a pro-owner costume.

-

Re:sql go boom

[WWWWolf]

Spyware Program [executed by] ActiveX component [executed by] Internet Explorer [trusted by] Windows [trusted by] Root User

Actually, in reality, it's more like this:

Spyware Program [executed by] ActiveX component [approved by] Confusion
Nothing [claimed to be done by] User
Confusion [generated by] Spyware Program [applied to] User

=)

Grow at slashdot rate?

[RoadkillBunny]

366 testers so far, but we need the network to grow!

Don't wish for more than you can chew!

Warning: mysql_connect(): User wanderin_drpl2 has already more than 'max_user_connections' active connections in

Maybe this is a FASQ, but

[RealProgrammer]

what's to stop social-network-bookmark spamming?

"Green Tennis Shoes are the best! Come see my kewl site about Green Tennis Shoes!"

And you're taken to some guy's blog. Is there a rating system, and if so, how well does it work?

Re:Maybe this is a FASQ, but

[wanderingstan]

See the Objections page, item 2:

Within a web of trust, Googlebombing just doesn't work. If you are the would-be bomber, you have to convince a lot of people to add you as an informer. And then you have to hope that the people you have conned are informers to many other people. You must further hope that none of these other people will notice the bogus links and report you as untrustworthy. That's just too many levels of failure for googlebombing to be effective. (This also applies for straight-up hacking: Even though most of the trust pages will be presumably stored on low-security web servers, you'd have to hack a ton of pages to have any effect. And as soon as anyone notices, it's all for nothing.)

The other way of googlebombing would be to create tons of dummy users who are all trusted by one "real user". Once the real user is trusted, then all the dummies get in and screw up the trust levels. However, this only works if you have some sort of Bayesian or other distributed trust calculation system (see below) that takes account of the shear number of people who are giving their opinion. Outfoxed doesn't care about the number of votes, but only about the vote of the person who is closest.

This is also covered in "keeping your network clean":

Within Outfoxed, every informer in a user's informer network has "authority" over any report or informer which is further from the user. (In the most simple case, distance is synonymous with the number of hops. See path length.) In this way, network maintenance is delegated to others, and many users can benifet from the action of one.

Incidentally, I also wrote about this as a weakness of Zniff.

Re:Maybe this is a FASQ, but

[216pi]

I wonder why my site is never mentioned when talking about social activity.

Two things ...

[buchan232]

Its Slashdotted
It doesn't seem to work in OSX

I got "outfoxed_mddb_server is not compiled for your OS please start it now ... "
when firefox restarted after installing the plugin.

Its been trying to create the database for 10 min now ...

Re:Two things ...

[Bitsy+Boffin]

It says right there on the download page

Windows XP:
Download outfoxed_beta_0.2.90d.xpi
(Where are the Linux and Mac versions?)

And from that page seeing as the site is flakey...

2005-06-18 Note: Udo has compiled Mac and Linux versions. We need to wrap it up into an installation package though...so hopefully next week. Register to be notified by email when it's ready.

max_user_connections

[lbmouse]

"366 testers so far, but we need the network to grow!"

No, apparently you don't:

Warning: mysql_connect(): User wanderin_drpl2 has already more than 'max_user_connections' active connections in /home/wanderin/public_html/getoutfoxed/includes/da tabase.mysql.inc on line 31 User wanderin_drpl2 has already more than 'max_user_connections' active connections

Added...

[mister_llah]

Not to mention who do you trust?

If you friends have poor taste and strangers don't, how do you find the strangers who won't try to screw you over?

===

Perhaps I am being less realistic and more pessimistic, maybe I'll just wait and see how this sort of thing plays out ;)

Social networks cannot save us from dumb friends

[Flinx_ca]

If people used the brains that are supposedly inside their skulls, there would be no need for these not very useful methods of 'protection.' How many people out there would have given a thumbs up to Kazaa? My friends are great to hang out with but tend to spread the computer equivalent of STDs.

sounds too much like myspace

[wormuniverse]

all of slashdot invited by "stan" i get the feeling that "stan" will become the equivalent of tom

You want me to futher your career?

[Eunuch]

So you want me to take my time to try out something that has been done many times (just look at the comments) so you can further your career? Perhaps you should offer micropayments to those who you would like to utilize in your quest for more money.

who are you going to trust?

[udderly]

The example in the "nutshell example" seems like a good enough idea, but I'm curious, what's to ensure that the results stay good as the connections increase? In this example, it very quickly gets to a friend-of-a-friend-of-a-friend status. It seems that for each hop you take away from the most trusted people in your social network, good advice gets exponentially harder to find.

For example, if you asked your brother--who just had his bathroom redone--for a recommendation on a good plumber, you might expect some good advice. But how much credence are you going to give the advice of your brother's co-worker's nephew's best friend?

Re:who are you going to trust?

[tdvaughan]

That's no problem. You just make trust decay. With every hop away from your own directly linked network the trust metric is reduced. So I might give my Dad a trust value of 10/10 (i.e. I would trust this person with my life), but I could assign second-generation hops (those outside of my control) 80% of the trust value that Dad gives them. Allowing users to tweak their own trust decay rates will let them manage the size of their trust pool and reduce the impact of malicious users (i.e. phishers, for example).

Re:who are you going to trust?

[wanderingstan]

I cover this a little bit in calculating path length. As tdvaughan said, there's a built-in decay factor. And moreover, it should be said that Outfoxed is just a metadata aggregator: it will dutifully tell you if a friend-of-a-friend-of-a-friend-of-a-friend thinks a plumber is good. But it's entirely up to you if you will trust the recomendation.

funny...

[afd8856]

Who says reading /. is passive!

No, I never said that

Let's get cracking!

[Bartmoss]

I just voted Slashdot "Bad". Go ahead, mod me down, but with /.'s lack of any sort of editorial oversight and gross neglect on the part of the staff, this site doesn't deserve anything else. :p

Re:Let's get cracking!

... and you've stuck around how many years?

Re:Let's get cracking!

[Bartmoss]

Too many, but I am here for the links. It's just that the editors suck and the signal to noise ratio in the comments is pretty poor.

Wrong audience.

[Gondola]

I don't *have* any friends, you insensitive clod!

Objections

[Orion83]

He answers objections about spamming and "dumb friends" by saying that the network will basically allow someone to be discredited fairly easily. Any sources that gives bad advice will quickly be given a few bad reviews.
The problem with this is that "goodness" is somewhat subjective. If you ever use amazon, you know that pretty much everything has at least few marks against it. If you want a network to be big enoguh to come up on searches, chances are that you're going to have a wide variety of opinions

Six degrees of relevance

[Iriel]

Dark Helmet: I am your father's brother's nephew's cousin's former roommate.
Lone Star: What does that make us?
Dark Helmet: Absolutely nothing, which is where this link takes you.

Alternate Ask Slashdot Story

[eander315]

Hi Slashdot. Cleaning my room is the new project my mom assigned me. The mess is based upon food storage and lack of used food disposal, combined with pieces of computer hardware, toys, and my new wide-area storage method for Legos. So far I have to clean it up myself, but I need someone else to do it for me!

This category is otherwise known as "Ask Slashdot... to do your work."

Re:I wish there was a Firefox extension for...

still a lot, karma bonuses are a whore.

Online communities

[empaler]

After looking around, the only one of these I'd go for would be Orkut (only I don't know anyone in there and it's invite only). I tried Friendster a short while ago and ended up getting a disturbing amount of mail from them, plus their interface was severely annoying.
The only one I use is denmark-centric (let's see if the site dies ^_^), mostly because it's the only one that's available and makes just a little coherrent sense for danes. Not that there's anything wrong with their gay design, it's just... Idwr.

Re:Online communities

the only one of these I'd go for would be Orkut (only I don't know anyone in there and it's invite only)

Reminds me of this gem:

I refuse to join any club that would have me as a member.

--Groucho Marx

Re:Online communities

i'd happily invite you to orkut, but you wouldn't thank me for it. last time i tried to use it, it not only stank to high heavens as a "service", but the servers were ridiculously unstable and unreliable. PM me (random_static here on /.) if you really desperately want an invite anyway.

Here's the thing about personalization

It *must* go hand in hand with privacy. I used to work at a company that made a website personalization product and the engineering code-name for the product was "orwell". It took us a few days before release to remove all references just in case customers would have a negative association with such a term.

But I did not enjoy working on such a product. It convinced me back then that I don't like the nature of the web, which is fairly centralized relative to the internet itself. For example, I much preferred the old USENET model, and I wish something like "USENET v2" would come out as a blend of the web (for presentation only...dhtml rules but http sucks) and file distribution/management something like a cross between bittorrent and akamai.

Outfoxed needs women!

"[..] 366 testers so far, but we need the network to grow!"

SWM seeks SWF for phishing/spyware protection experience, candle-light dinners, walks on the beach and serious file/process validation.

Sh3rl0ck H0lm3s says:

[nathan+s]

"I can see that you're a cartoon-watching, programming, bleeding-heart liberal who wears glasses and is a Google fanboy."

"Elementary, my dear Watsonbot."

Hmm funny thing but....

[seanvaandering]

Why is it that all my friends' links are all about getting a free IPOD or getting 10,000 free icons for my AIM?

Friends of friends are sometimes not friends

[FunWithHeadlines]

"On the other hand, friendships are not a good predictor for recommendations since your friends often have different interests from you."

That's been one of the little mysteries in my life. You know you have Friend A and Friend B, and you like them both a lot? Then one day you introduce A to B and realize they don't like each other...at all. Yet you still like A and you still like B.

Some part of your personality is responding to something each of those people has, yet clearly they are each appealing to a different part of your personality, and sometimes those parts don't get along! :)

Re:Friends of friends are sometimes not friends

[Boronx]

I'm not sure about each appealing to a different par of your personality. There are certain sorts of people that are least compatable with those like themselves.

Re:Friends of friends are sometimes not friends

[d34thm0nk3y]

I tend to dislike people that are too similar to myself.

Of course that could be just because I am pretty stubborn, so it makes getting my way harder if someone else is equally stubborn.

Direct Download Links

[CodePyro]

Download Extension here

Mirror

Interesting

[brontus3927]

Interestingly enough, this Firefox extention is more or less the same premise that someone on K5 thinks would be the perfect base of a p2p file sharing program. But like others, I think the problem is friends don't share the same interests a lot of times, especcially to the same degree. My friends all have the same basic interests: computers, music, movies, and sports. However, for friend 1, the priority is music, movies, sports, computers. Friend 2 is music, sports, movies, computers. My priorities are computers, movies, music, sports.

I think a hybrid approach between a social network and Amazon recommendations would be ideal. Based on bookmarks and preferences that you post to the server, an algorithm could reccomend other uses with similar tastes. I could then agree or disagree (on a 10 point scale) with the recommendation. That user would then enter my network, and I could browse other users in their network. You would be able to see their rating by other users. Additional ratings would refine the algorithm's ability to find new "friends" You would be notified when someone made you their "friend" so you could check them out and decide whether or not to reciprocate.

Re:Interesting

[drigz]

> Based on bookmarks and preferences that you post to the server, an algorithm could reccomend other uses with similar tastes.

Not only would that mean massive load for the centralised server, but it would raise privacy issues.

Re:Interesting

[Normally lurker -- too lazy to create an account, sorry.]

On the contrary -- there's a number of ways the pre-cache those results and to project recommendations dynamically, depending on the algo you're using.

You're wrong about the privacy issue as well; whereas a regular social network (or in this FF ext., apparently) displays all your prefs. on a profile page or whatnot, in this hypothetical system, user preferences can be obfuscated behind an aggregate recommendation score. This could even be a categorized sub-score, either in a fixed taxonomy or based on tags, depending on your preference.

Speaking from experience here; I wrote an app that does this. :) If I can do it by myself, it's not an exceptionally difficult problem.

You guys don't get it

[ChrisF79]

Based on all the negative comments about his project, I can tell you guys just don't get it. This is academic. And anybody that has ever had to read academic thesis will know that it's their job to put useless thoughts on paper. Furthermore, it looks like he's doing a great job!

More bandwidth on the way

[wanderingstan]

Looks like my ISP was overconfident in saying they could handle a slashdotting. I'm moving to a dedicated server, and they say it'll be ready within a half hour. We'll see...

Re:More bandwidth on the way

From what I've seen in the past couple of years I've been reading slashdot, no server can handle a slashdotting :)

Re:More bandwidth on the way

[wanderingstan]

Now have a dedicated server. Things seem to be running mostly smoothly...

Re:More bandwidth on the way

[TheRealJFM]

thats good, congratulations on a really great looking project

I'm registerd and I await the Linux version in a few weeks! :)

You don't want Trust.... We want Experts

[TedTschopp]

You want something else. There are different dynamics where you trust people. For example, no one should trust me with regard to South American history and politics. The reason, I know nothing about those areas. There needs to be a connection between Trust and areas of knowledge.

For example, I trust my parents, but I would never trust them to make decisions about computers. But if it came to building a building, I'd trust my father a bit more as he is an architect and his field is related to the construction of buildings. But I would never trust my mom regarding that. Now if the issue was the development and educational patterns of children in a bi-lingual situation, I would trust my mom, but I would never trust my father. He isn't a highly trained educator, he is an architect.

This type of trust network is good, but really is just an extension of the database that AOL has had for their buddy lists on AIM for years.

What is really needed is a way to rate peoples expertise in areas. If this can be done, a whole new dynamic internet could be formed.

Just one example of this would be to filter Wiki articles based on the level of expertise that author has in the subject.

Another example would be to filter all the recommendations you see on amazon. Wow, an English professor at Oxford recommends I read this book about the development of the symbolic languages, perhaps I should pay attention. -OR- Wow, this Policy Wonk who works for this special interest wants me to trust his opinions about the enviroment. Nope!

So to restate it, we need an Expert Network, on top of our Trust Network. And the trust networks are already in place. Just use any IM network, and apply a trust value to that connection. Now getting the Expert Network established, that's another problem. Perhaps tying a connection between each user and a DMOZ catagory. Or something along those lines.

Ted Tschopp

Re:You don't want Trust.... We want Experts

[wanderingstan]

You're might trust sources in only specific areas. The shot at this, IMHO, is tagging (which I wrote about here)

Outfoxed uses tags to help resolve conflict within the database. If two equally-trusted informers give conflicting reports on a page, tags can be used to break the tie. When a user adds an informer, they can add tags indicating particular areas where this informer is trusted (or not trusted). For example, if your friend Bob is a good car mechanic but with very different political views from you, you might give him the tags "car repair auto -humor -funny". This means that his reports will take preference on pages tagged as auto, repair, or auto, and that his reports will be deprecated on pages tagged as humor or funny.

[Disclaimer: This feature isn't implemented yet, although all the tagging hooks are in place.]

But I don't think it's a ship-sinking issue for Outfoxed. It only tries to present you with the most relevant metadata for what you're doing, which you can look at or ignore.

And all things being equal, someone trusted by you is more likely than a stranger to share your values about what constitues good, bad, boring, funny, etc...

Re:You don't want Trust.... We want Experts

[TedTschopp]

I'm not trying to be a spoil sport with this.

In general: What you are doing is integrating
sucessesfull solutions. Focus on new solutions.

Specifically now, the problem with tagging is that you are drawing a relationship between you and a friend, and it's based on trust/affinity. You trust your friends views of Auto Repair and not on politics. But agreeing/affinity/trust is not the same thing as experience or level of ability. Just becuase you disagree with someone doesn't mean that they are not an expert or that they are not more correct than you.

The goal shouldn't be to find more stuff that agree's with ourselves, but to find more stuff which is more correct.

Re:You don't want Trust.... We want Experts

you trust your parents because...
your father wont ask you to count on him for a specific brand of computer purchase.
you mother wont ask you to trust her on the width of a coloum for the new house construction.

Trust is a natural obligation, there is no right trust or wrong trust at the begining but at the end there may be no trust or trust. if you bring in Expert along with it you have to bring in a qualifying machanism for expert. i.e how you can trust an expert? he/she may misguide you for his/her gains.

Re:You don't want Trust.... We want Experts

[TedTschopp]

if you bring in Expert along with it you have to bring in a qualifying machanism for expert. i.e how you can trust an expert? he/she may misguide you for his/her gains.

I agree with you, I don't think the problem is an easy problem. Take for example this idea. Osama Bin Ladin says person X is an expert in flying planes, or better yet, person X is an expert in Civil Engineering (his degree is in Engineering if I remeber correctly.) Now is person X an expert in those areas? Do you let him into your 100 story building? My problem I propose has no easy answer, I agree to that.

Re:You don't want Trust.... We want Experts

[LesPaul75]

So, in your system, who do you trust to designate the "expert level" of each individual on each topic? (Not being sarcastic, I'm genuinely curious). It is a cool idea.

Re:You don't want Trust.... We want Experts

[phauly]

Who is an expert is subjective and hence is it not feasible to have an Expert Network. Is Einstein right about relativity? Well, he might be but if I think he is wrong, I want to jugde him as "untrustworthy (related to physics)" and don't get his theories. If 98% of the people think "Bill Gates is an expert in Operating Systems", should I be forced to receive a recommendation about software by Bill Gates or I can state that Bill Gates is "untrustworthy" and keep using GNU/Linux? The second one, thanks! If the Pope is considered (or at least he was in 1500 or so!) as the expert about "what is good and what is bad" (for example about what women could do), should I just swallow down his opinions or I can judge him as "untrustworthy" and don't get his recommendations? Should I read the book recommended by the English professor at Oxford because of his position? No thanks. If I subjectively trust him, I will. If I distrust him and trust instead the man who washes Oxford floors, I will get the second one's favorite books! Opinions are subjective! The globally recognized expert of a topic does not exist. There can always be someone that does disagree. Who is the expert about religion? about abortion? about gay rights? about any (a little bit) controversial topic? A global expert cannot exist. An approach based on your personal subjective trust network is the only reasonable solution and I love Stan's work. I'm aware that this can lead to "Daily Me" problem but this comment is already too long. ;-) On this, see http://moloko.itc.it/paoloblog/archives/2004/04/20 /boycott_the_daily_me.html

Re:You don't want Trust.... We want Experts

[phauly]

Who is an expert is subjective and hence is it not feasible to have an Expert Network.

Is Einstein right about relativity? Well, he might be but if I think he is wrong, I want to jugde him as "untrustworthy (related to physics)" and don't get his theories.
If 98% of the people think "Bill Gates is an expert in Operating Systems", should I be forced to receive a recommendation about software by Bill Gates or I can state that Bill Gates is "untrustworthy" and keep using GNU/Linux? The second one, thanks!
If the Pope is considered (or at least he was in 1500 or so!) as the expert about "what is good and what is bad" (for example about what women could do), should I just swallow down his opinions or I can judge him as "untrustworthy" and don't get his recommendations?
Should I read the book recommended by the English professor at Oxford because of his position? No thanks. If I subjectively trust him, I will. If I distrust him and trust instead the man who washes Oxford floors, I will get the second one's favorite books!

Opinions are subjective! The globally recognized expert of a topic does not exist. There can always be someone that does disagree.
Who is the expert about religion? about abortion? about gay rights? about any (a little bit) controversial topic? A global expert cannot exist.

An approach based on your personal subjective trust network is the only reasonable solution and I love Stan's work.

I'm aware that this can lead to "Daily Me" problem but this comment is already too long. ;-)
On this, see http://moloko.itc.it/paoloblog/archives/2004/04/20 /boycott_the_daily_me.html

Re:You don't want Trust.... We want Experts

[xnot]

Of course the opinion of who is an "expert" and who isn't is subjective. EVERYTHING about human interactions is subjective. That's why the best thing you can do is create high quality amounts of metadata, and then let people decide. People are always going to have to decide anyway. Scenerio of a system that I believe has "good" metadata: Expert A professes to be an expert in Widgets. Expert A posts sample resume-like information which backs up his/her assertation (years experience, degrees, etc.) 1000 random professed non-experts believe Expert A is an expert in Widgets. Experts B and C who are professed professed experts in Something-Related-to-Widgets trust Expert A as an expert in Widgets. Regardless of all of this, you can choose if you view that person as an expert or not. The metadata is just there to help you make an informed decision. But you see where this is going? Eventually, you can get to a point where the signal-to-noise ratio is pretty small- IF you build in enough metadata that makes sense. The point of this is that if you are looking for a perfect system, you won't find it. What's popular in the world is typically what's "true". If you're looking for an expert, eventually, you have to just PICK SOMEBODY. What criteria you use to pick is always up to you. You can choose a person you know and trust, you can choose what the general population thinks, you can choose what some person you view as an expert thinks, or you can choose based upon "scientific" data that says the X thing is the correct choice. Regardless, it always comes down to you choosing. The point is the increase the chances that who you pick matches as closely as possible who you are looking for.

MDDB error

i'm gettin an error whenever i try to download an informers 'statement'. hopefully, its because the server is overload and that'll fix itself soon. its quite interuptive as the error message grabs focus.

doesn't work on macs

[dynamo]

it says some metadata database wasn't compiled for ppc.

+2 ... you'll go blind

[pbhj]

Seriously, I'd go +3, about one third of the comments. You can always drill down if you need to see more.

Re:Social networks cannot save us from dumb friend

[wanderingstan]

"Against stupidity even gods struggle in vain."
-Schiller

Nice article on BBC (via) about how most users don't even know the words for threats on the internet.

Confusing "geek speak" used by experts and media included "phishing", "rogue dialler", "Trojan" and "spyware".

Eighty-four percent did not know that phishing describes faked e-mail scams.
...
A quarter said they knew what "spyware" was, although almost one in 10 of those thought it was a computer program that kept an eye on unfaithful partners.

This is why I something like Outfoxed is needed: Even if you had magic browsers which could tell users "This is a phishing website," most users wouldn't even know that this was a bad thing!

The bottom line is that telling people to "get smart" will not help a computer novice who doesn't know the difference between Gator and Macromedia.

Re:What the heck?!?!

[null+etc.]

lol no one has a f'in sense of humor in this place.

I got it installed

[blowdart]

I managed to get it installed. Do you think I should mark slashdot as "dangerous" now?

XP version only, for now...

From the site:

Porting Outfoxed 2005-06-18 Note: Udo has compiled Mac and Linux versions.
We need to wrap it up into an installation package though...so hopefully next week.
Register to be notified by email when it's ready.

social networks WITH personalization

But surely thats only one half of the solution? For example, my mate Jack has excellent taste in punk music, but I wouldnt trust my mate Al to recommend any music because it will invariably be shit.

You don't listen to ALL your friends suggestions on everything: and you certainly don't hold identical opinions with all of your friends all the time.

How about having the ability to filter recommendations from friends? Say your mate Marcus sends you a funny link, well you know Marcus is a funny guy, so his recommendation goes to the top of the list, where as Gary, who doesn't "get" Shawn of the Dead should probably have any funny links he posts ranking lower in the list.

Social Engineering

[Sentry21]

Did anyone else read the title as Firefox Extension for Applied Social engineering ?

The possibilities started flowing through my brain at a rapid pace. I envisioned a 'pretend to be a technician' wizard ('Do you know the name of the contractor which the target company uses for technical support?' 'Do technicians wear overalls to service calls?'), perhaps a research assistant, a disguise toolbar (a la Sims 2), maybe a letterhead forging wizard...

This story is probably one of the biggest letdowns in the entire term of my Slashdot patronage.

related to stumbleupon and extended? i think not.

why has stumbleupon not received a story on slashdot? its a much more fully featured firefox extension than outfoxed and has a much more vibrant community. for some reason the blogging world hasn't taken to the stumbleupon community like it has to del.icio.us but in my eyes its one of the most useful web services tools around next to google, flickr, sxc.hu, and audioscrobbler/last.fm.

outfoxed really only works if you and all your friends decide to try it out, it doesnt reccomend you associates other than the maker of the plugin. stumbleupon is always trying to show you new friends by showing you random websites you might like. in my opinion, outfoxed is a copy of stumbleupon in many ways, just with some extensions for commenting things other than websites, such as system dll's and plugins.

Should work against spam, too.

[lskutt]

I "designed" a similar system, but for e-mail. Not a single f-cker has commented on it yet, but hey, I'm not dead yet.

I called it Prioritaire.

http://killingmusic.com/blog/index.php?p=4

Trust is NOT transitive

[softcoder]

If the first example he gives is anything to go by, this effort is not well thought out.
Just because HE trusts "X" and you trust HIM, does NOT mean you should trust X.
Example: I trust you, you trust the president, therefore I trust ? ...
(see what I mean?)
If his model doesn't even recognize that, what good is it?

So do you trust this plugin?

As I see it there is unlimited(almost) potentiel for sneaky js stealing and reporting password/usernames and such from the users.

Experts?

I completely agree with you, as it is what society is based around: people with expertise in certain fields. However, it is often hard to determine a criteria for such a thing. On the internet, I cannot help but wonder whether an expertise system would end up as a popularity rating or not.

Trust is not binary.

[Wolfger]

So if I trust my buddy, J, to rate business sites as a good deal or not, Outfoxed will also infer that I trust his judgement on whether or not a free software download is free of malware/spyware. Or vice versa. Not that I want a piece of software to do all my reasoning for me, but it severely limits the usefulness of the information. Something like Wikalong is better, where people can actually leave comments rather than just a thumbs up or thumbs down. Of course, Wikalong is thoroughly insecure...

Re:Trust is not binary.

[wanderingstan]

Comments are possible, and encouraged. E.g. these screenshots

Also, I've addressed the "trust is not binary" question in this FAQ.

The site's answer:

From the site:

"It's true, there are a lot of sell-outs and idiots out there. But remember, their bad trust decision affects not only you, but everyone else connected to them. (Possibly thousands of others.) All that is needed is for one of these other people to have a little sense and give a bad report to (distrust) the idiot, and then the problem is cleared. (See Keeping your network clean.)"

Gain IS spyware

[johansalk]

Haven't I heard that Gain sued someone for 'alleging' that their software is spyware?

Same thought, trust friends with spyware?

[SuperKendall]

I have the same thought, I have an awful lot of friends that I would NOT trust to know if they even had spyware or not. I get no benefit at all from joining such a network, and similarily the people who the network could benefit most will be the most leery of joining and carry the least weight in determining what is safe instead of what is popular.

LinkedIn

[Nonesuch]

So far I've had a only good experiences with LinkedIn, which is a business-centric social networking site.

They're trying to become more commercial lately, so it's possible the service might become less useful for non-paying members, but no sign of that yet beyond certain new limitations on free "groups" features.

Most importantly, no spam!

Don't download -- no uninstall!!!

[nimblebooks]

Don't download Outfoxed. It is very difficult to uninstall. Doesn't show up in Firefox 1.04's list of extensions, and the homepage has no instructions on how to uninstall. Options page for Outfoxed freezes sometimes, your Firefox address line starts behaving strangely, and Firefox slows to a crawl. Boo, hiss.

Re:Don't download -- no uninstall!!!

[wanderingstan]

Uninstall instructions
Sorry you're having strange behavior. I've never heard of it not showing up in the extensions list. Please make a bug report and tell me what other extensions you're running. Thanks.

-stan

sound like something tailored for small

[pancakegeels]

like minded people with the same core interest. Like, say, paedophiles and ham radio enthusiasts.

insensitive clod

[ksheff]

what if you have no friends?

Re:I wish there was a Firefox extension for...

[Tuross]

Perhaps you've never heard of GreaseMonkey.

http://greasemonkey.mozdev.org/

After much testing...

[relaxrelax]

After much testing and thought, here is my results:

-It helps get a list of malware fast. It actually pops up before you click on a dialer warning you it's bad! This is in my opinion a *greeeeat* feature.

-It can actually put down google search result of bad/dangerous pages by a number of positions you choose!!!

-Lacking a category system within each expert, it's much more useful to avoid bad stuff than to find good stuff. If your super-expert in avoiding spyware trusts some guy that likes golf (which you couldn't care about), it poisons the searching for good pages except for the google rank increases.

Very complementary with stumbleupon. Just wondering what he'll do when it starts to cost him too much money!!

Outfoxed killed my firefox

[courtain]

I trusted outfoxed extension to not kill my machine. My trust was not well placed. Now I will trust them to respond to my plea for help. Let's see how much we can trust those who promise to find out who to trust. Ipso custodies and all that...

links

could there have been any more links in that post?

Understandable, but still amusing.