Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Extension for Applied Social Networking

Posted by ryuzaki0 on from the grinding-out-the-documentation-of-relationships dept.

wanderingstan writes "Outfoxed is my masters thesis project about trust. (Nutshell overview) The extension uses a social network for personalized searching, phishing/spyware protection, file/process validation and more. It's related to del.icio.us, StumbleUpon, and those Kevin Bacon things, but goes a lot further. Mathematically, it's based on the network behavior of small world networks (pdf). Built with Javascript, Python, SQL, and XSLT. 366 testers so far, but we need the network to grow!"

46 of 161 comments (clear)

  1. did he say... by bad_outlook · · Score: 5, Funny

    he wanted the network to *grow* or get slashdotted to death?

    bo

    --
    bad_outlook
    --
    Is this vague enough for you?
    1. Re:did he say... by bad_outlook · · Score: 2, Funny

      That's fantastic, so I wonder if all 571 websites are now down due to one /. post! Now that would call for a /. story, which should in turn /. http://www.whois.sc/ Who says reading /. is passive!

      bo

      --
      bad_outlook
      --
      Is this vague enough for you?
  2. Using social networks for personalization by glinden · · Score: 4, Insightful
    Chris Anderson (of Wired and The Long Tail fame) had a great post about why social networks might not be the best way to do recommendations and personalization. An excerpt:
    No matter who you are, someone you don't know has found the coolest stuff.

    The sad reality is that most of my friends have rotten taste in music (I don't hold it against them), while the music recommendations I actually follow are mostly from people I've never met.

    The assumption that there's a correlation between the people I like and the products I like is a flawed one.
    On the one hand, you trust your friends, so things your friends clicked on might be interesting for you to know about. On the other hand, friendships are not a good predictor for recommendations since your friends often have different interests from you.

    It's a cool idea, but I'm not sure how many people would bother to set this up, how often this will change the search results, whether the changes will focus your attention on the most relevant result for your search, and whether you can scale a system that accesses data on everyone in your social network on every web search.
    1. Re:Using social networks for personalization by capt.Hij · · Score: 5, Interesting

      Another example is the state of Utah! Salt Lake City is the smallest city to have its own SEC office, and the state suffers from a high rate for people getting ripped off by people they know. This has been attributed by the close network of people within the LDS Church. Somebody who is intent on ripping someone off can join the church and instantly gain a large web of trust.

    2. Re:Using social networks for personalization by rsborg · · Score: 2, Insightful
      On the one hand, you trust your friends, so things your friends clicked on might be interesting for you to know about. On the other hand, friendships are not a good predictor for recommendations since your friends often have different interests from you.

      Exactly. Trust involves two aspects: competence, and compassion. Friends are often compassionate, but may not neccessarily be competant in the interests you have (ie, none of my "friends" are on in my basketball weekend group). Likewise, those guys in the bball group are not necc. guys I'd like to hang out and have beers with. But perhaps compassion can be had online, specifically for your combined interests? Some blogs have very active communities where friendships develop...

      --
      Make sure everyone's vote counts: Verified Voting
    3. Re:Using social networks for personalization by pizen · · Score: 3, Insightful

      What if all of the spyware companies submitted high recommendations on their links?

      But those spyware companies aren't in your circle of trust so it doesn't matter what they think about their websites.

    4. Re:Using social networks for personalization by lucabrasi999 · · Score: 3, Informative
      But those spyware companies aren't in your circle of trust so it doesn't matter what they think about their websites.

      True. I would never expect a spyware company to lie their way into a trusted network. :)

    5. Re:Using social networks for personalization by wanderingstan · · Score: 3, Informative
      On the one hand, you trust your friends, so things your friends clicked on might be interesting for you to know about. On the other hand, friendships are not a good predictor for recommendations since your friends often have different interests from you.

      One important difference is that Outfoxed doesn't assume that the people feeding you metadata are friends-- that's one reason why I chose the more neutral word informer, which can be a person, organization (example), or even auto-generated list (example).

      It's true that you might trust informers in only specific areas. This is partially addressed by tagging. But the bottom line is that Outfoxed only tries to present you with the most relevant metadata for what you're doing, which you can look at or ignore. And all things being equal, a friend is more likely than a stranger to share your values about what constitues good, bad, boring, funny, etc...

      But in any case, I'm looking forward to what the slashdot masses think of my project...and to how my ISP holds up.

    6. Re:Using social networks for personalization by natrius · · Score: 4, Interesting

      As another person mentioned, the people you entrust while using this system don't actually have to be people you know. For instance, if you take a look at someone's del.icio.us links page and there are tons of things that interest you, you would probably trust them to inform your browsing decisions.

      This system looks like a good way of implementing spyware/adware prevention and the like based on trust, but I don't think it will do so well for general browsing as you point out. There are plenty of people I would trust to help me stay away from spyware who I wouldn't want pointing me to web sites to read, mainly because I read vastly different things on the Internet from many of my friends. A system tha would work for this is something like Amazon's recommendation system. Without fail, Amazon emails me stuff that I'm actually interested in based on things I've bought from them. If something could use my web browsing history and compare it with that of others to suggest sites to read, that would be awesome. There are tons of privacy issues there, but putting those aside, I think such a system would be very effective.

      One thing that might break such a system would be spammers. Spammers like to break anything that's good on the Internet with advertising, and this would be no exception. I think it would be hard to replicate a normal browsing history while inserting a few ad links, and submit those histories on a large enough scale to make those sites show up as results.

      Anyway, I've gone off on a bit of a tangent. My point is that trust works well for many of the stated goals, but not so much for what I really want: all the good information on the Internet pumped straight into my brain.

    7. Re:Using social networks for personalization by NickFortune · · Score: 2, Insightful
      The assumption that there's a correlation between the people I like and the products I like is a flawed one.

      Well, I have a certain amount in common with my friends - that's one of the reasons they became friends. They assumption that I will like everything they like may be flawed, but the counter assumption, that there is no commonality in taste, seems equally absurd.

      On the one hand, you trust your friends, so things your friends clicked on might be interesting for you to know about. On the other hand, friendships are not a good predictor for recommendations since your friends often have different interests from you.

      This is about more than recommendations though. This is about whether to trust a site or product, and about what the processes on your computer do, and potentially about a lot of other stuff as well.

      It's a cool idea, but I'm not sure how many people would bother to set this up, how often this will change the search results...

      Isn't that the beauty of social networking apps though? If they work well, the spread; if they don't they die a horrible death. Even if this only works as a proof-of-concept, I'd say it was still tremendously valuable. We could have knowledge of trojaned downloads propagated across the net in hours, and without requiring naieve users to follow security boards either. Add in a thunderbird plugin and you could validate email links in the same way.

      That's aside from the functions it shares with stumbleUpon, orkut, del.icio.us and the rest.

      I do, however, take your point about setup - especially as a linux user. Still, with an established network, I can't see any reason that joining outofxed should be any more onerous than getting a gmail invite.

      --
      Don't let THEM immanentize the Eschaton!
    8. Re:Using social networks for personalization by joepeg · · Score: 5, Funny

      On the one hand, you trust your friends, so things your friends clicked on might be interesting for you to know about.

      Obviously, you've never had a friend relentlessly forward you email chain letters insisting "I know you hate these ... but this one is funny/great/interesting/etc..."

      --

      ZEN is a prime number in base-36

    9. Re:Using social networks for personalization by oasisbob · · Score: 2, Funny

      Are you sure there isn't another reason why SLC has it's own SEC office?

  3. What? by geekoid · · Score: 4, Funny

    No Links?

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  4. Re:I wish there was a Firefox extension for... by octalman · · Score: 5, Funny

    ... filtering stupid posts.

  5. Re:I wish there was a Firefox extension for... by bad_outlook · · Score: 3, Funny

    on Slashdot? What would be left to read? Change you modifier to +2 and see how much is left.

    bo

    --
    bad_outlook
    --
    Is this vague enough for you?
  6. not trusting trusted people by moz25 · · Score: 4, Funny

    Well, the thing is that I can trust many people I know with my life, but not with my computer.

    --
    see a Text Widget
    1. Re:not trusting trusted people by xMilkmanDanx · · Score: 2, Funny

      Sad but true. Very few people should be allowed to do anything of significance with a computer but could be trusted to not endanger your life (unless it was endangered THROUGH their use of your computer).

      This is probably why mac's only have one mouse button. Bet they'd have done away with the keyboard too if they could get away with it.

      --
      I am not in anyway affiliated with Max Cannon
  7. Papers on similar work by techmuse · · Score: 4, Informative

    I've previously published two papers on a very similar idea - using distributed social trust networks to make trust judgements, which is essentially what Outfoxed is. You can find the papers at:

    The Solar Trust Model
    Michael Clifford, Charles Lavine, Matt Bishop
    http://www.acsac.org/1998/abstracts/fri-a-1030-cli fford.pdf

    Networking in The Solar Trust Model: Determining Optimal Trust Paths in a Decentralized Trust Network
    http://www.acsac.org/2002/papers/9.pdf

  8. kevin bacon things by xtermin8 · · Score: 5, Funny

    I tried googling "kevin bacon things" and "extensions" the results I got were really disturbing. Please, we don't need any more of these on the net!

  9. more links please by joey_knisch · · Score: 5, Funny

    I think he needed more random links.

  10. Good idea in theory by mister_llah · · Score: 4, Interesting

    ... but in practice, you open the door to increased risk... navigating bookmarks of someone you don't know could run you right into spyware/malware... there aren't enough filters in the world to keep up with what is put out there.

    Sadly, too, the concept of Monkey Sphere comes in, too...

    http://www.pointlesswasteoftime.com/monkeysphere.h tml ...

    Though it will start small, it will eventually become just too big, if it survives... it will become just another random maze of links for people to click through at 3am when they should be coding for a project due at midnight the next day.

    ===

    Sorry to be a drag, just being realistic :/

    --
    MoM++ - A Classic Expanded - [Master of Magic 1.5]
    http://mompp.sourceforge.net/
  11. Identity evasion by Paul+Crowley · · Score: 3, Interesting

    For recommendations in favour, this sounds great, so long as the trust metric is attack resistant as described in Raph Levien's thesis. Google PageRank is an example of an attack resistant trust metric.

    For recommendations against, it's very hard to make this work, because it's hard to make the shit stick; every time the global reputation of a particular identity takes a dive, it's easy to shift to another one which has no recommendations either way.

    Creating hard-to-evade IDs is a very hard problem.

    --
    Xenu loves you!
  12. User != Others by Iriel · · Score: 4, Insightful

    What I wonder is this: Yes it does seem like an interesting idea, but how many of your friends run the same software you do? I still have friends that I'm trying to convert from IE, but it's too easy for them use what's already there. I know plenty of cliques that hang together because they all like running BSD/Linux and deal with programming and such, but none of them use the same distro or the same preferences.

    My bottom line is this: Look at your best friends computer. Do they have the same extensions that you do? Do they even run Firefox? The network can only be as expansive as the people that decide to jump on board.

    --
    Perfecting Discordia
    www.stevenvansickle.com
  13. sql go boom by farker+haiku · · Score: 5, Interesting

    Every file and process should have a chain of trust leading back to the user. Any file or process without such a chain is being taken on faith, and the user should be warned accordingly.
    For example, every process run by a computer should have a chain that looks something like this:

    wuauclt.exe [executed by] Windows Update [installed by] Windows OS [installed by] User [trusted by] Root User
    matlabserver.exe [executed by] MatLab Application [installed by] User [trusted by] Root User
    And similarly, every file should also have a chain:

    desktopicon.ico [created by] FireFox Application [installed by] User [trusted by] Root User
    mydocument.doc [created by] MS Word Application [installed by] Root User
    Ideally, management of trust should be done at the lowest levels of computation: in the operating system or even in the microprocessor itself. This limits the ability of malicious software from disrupting the chain of trust back to the user. Outfoxed, because it is just an extension, has many vulnerabilities. Primary is the vulnerability of the locally stored trust database.

    The next step would be to have trust storage implemented as a continuously running process that could be queried by other applications. [Note 22/03: The new version does this, using HTTP for queries.] So the browser, email client, and word processor could all draw trust information from the same source.

    The best solution would be to have this process integrated into the operating system itself, so that the OS could also take advantage of the trust information by only running trusted applications. Trust managed at this level, combined with a good security methodology, would give us the ultimate trustworthy environment.

    --
    Your sig(k) has been stolen. There is a puff of smoke!
    1. Re:sql go boom by Jerf · · Score: 2, Insightful

      This isn't a very good idea for a host of practical reasons, mostly centering around the fact it is too simplistic.

      IMHO, you are reaching for a capabilities-based model, which works out at least somewhat better in practice, though it is an open question of whether it works well enough to use. (Link leads to a group trying to build an OS on the idea, and I know it hasn't been completely smooth sailing, but I am not intimately familiar with the project.)

      That should give you a springboard for further investigation into the topic, if you like. (Way too big to cover in a Slashdot post, and I am only passingly familiar with it anyhow.)

    2. Re:sql go boom by dodobh · · Score: 2, Interesting

      Trusted by whom? Just because your OS vendor trusts someone does not mean that the rest of us do.

      A trusts B
      B trusts C

      does not imply A trusts C

      --
      I can throw myself at the ground, and miss.
    3. Re:sql go boom by Lorkki · · Score: 2, Interesting
      Interesting idea but when Micro$oft proposes the same thing the local /. denziens go bonkers.

      On the other hand, the real difference is that the Palladium concept insists on you, the user, to trust an omnipotent outside third party in determining what is trustworthy and what isn't.

    4. Re:sql go boom by Gorath99 · · Score: 2, Insightful

      Unfortunately, this would just lead to:

      Spyware Program [installed by] Spyware Installer [executed by]] KaZaA Installer [trusted by] User [trusted by] Root User

      or

      Spyware Program [executed by] ActiveX component [executed by] Internet Explorer [trusted by] Windows [trusted by] Root User

      Which is exactly what's already happening.

      While it would certainly be nice to have this kind of info so you can trace back where files and processes came from, it wouldn't stop malicious programs in the slightest.

  14. Maybe this is a FASQ, but by RealProgrammer · · Score: 2, Interesting
    what's to stop social-network-bookmark spamming?

    "Green Tennis Shoes are the best! Come see my kewl site about Green Tennis Shoes!"

    And you're taken to some guy's blog. Is there a rating system, and if so, how well does it work?
    --
    sigs, as if you care.
    1. Re:Maybe this is a FASQ, but by wanderingstan · · Score: 2, Informative
      See the Objections page, item 2:
      Within a web of trust, Googlebombing just doesn't work. If you are the would-be bomber, you have to convince a lot of people to add you as an informer. And then you have to hope that the people you have conned are informers to many other people. You must further hope that none of these other people will notice the bogus links and report you as untrustworthy. That's just too many levels of failure for googlebombing to be effective. (This also applies for straight-up hacking: Even though most of the trust pages will be presumably stored on low-security web servers, you'd have to hack a ton of pages to have any effect. And as soon as anyone notices, it's all for nothing.)

      The other way of googlebombing would be to create tons of dummy users who are all trusted by one "real user". Once the real user is trusted, then all the dummies get in and screw up the trust levels. However, this only works if you have some sort of Bayesian or other distributed trust calculation system (see below) that takes account of the shear number of people who are giving their opinion. Outfoxed doesn't care about the number of votes, but only about the vote of the person who is closest.
      This is also covered in "keeping your network clean":
      Within Outfoxed, every informer in a user's informer network has "authority" over any report or informer which is further from the user. (In the most simple case, distance is synonymous with the number of hops. See path length.) In this way, network maintenance is delegated to others, and many users can benifet from the action of one.
      Incidentally, I also wrote about this as a weakness of Zniff.
  15. max_user_connections by lbmouse · · Score: 3, Funny

    "366 testers so far, but we need the network to grow!"

    No, apparently you don't:

    Warning: mysql_connect(): User wanderin_drpl2 has already more than 'max_user_connections' active connections in /home/wanderin/public_html/getoutfoxed/includes/da tabase.mysql.inc on line 31 User wanderin_drpl2 has already more than 'max_user_connections' active connections

  16. Social networks cannot save us from dumb friends by Flinx_ca · · Score: 2, Insightful

    If people used the brains that are supposedly inside their skulls, there would be no need for these not very useful methods of 'protection.' How many people out there would have given a thumbs up to Kazaa? My friends are great to hang out with but tend to spread the computer equivalent of STDs.

  17. who are you going to trust? by udderly · · Score: 3, Interesting

    The example in the "nutshell example" seems like a good enough idea, but I'm curious, what's to ensure that the results stay good as the connections increase? In this example, it very quickly gets to a friend-of-a-friend-of-a-friend status. It seems that for each hop you take away from the most trusted people in your social network, good advice gets exponentially harder to find.

    For example, if you asked your brother--who just had his bathroom redone--for a recommendation on a good plumber, you might expect some good advice. But how much credence are you going to give the advice of your brother's co-worker's nephew's best friend?

    1. Re:who are you going to trust? by tdvaughan · · Score: 3, Insightful

      That's no problem. You just make trust decay. With every hop away from your own directly linked network the trust metric is reduced. So I might give my Dad a trust value of 10/10 (i.e. I would trust this person with my life), but I could assign second-generation hops (those outside of my control) 80% of the trust value that Dad gives them. Allowing users to tweak their own trust decay rates will let them manage the size of their trust pool and reduce the impact of malicious users (i.e. phishers, for example).

    2. Re:who are you going to trust? by wanderingstan · · Score: 2, Interesting

      I cover this a little bit in calculating path length. As tdvaughan said, there's a built-in decay factor. And moreover, it should be said that Outfoxed is just a metadata aggregator: it will dutifully tell you if a friend-of-a-friend-of-a-friend-of-a-friend thinks a plumber is good. But it's entirely up to you if you will trust the recomendation.

  18. Objections by Orion83 · · Score: 3, Interesting

    He answers objections about spamming and "dumb friends" by saying that the network will basically allow someone to be discredited fairly easily. Any sources that gives bad advice will quickly be given a few bad reviews.
    The problem with this is that "goodness" is somewhat subjective. If you ever use amazon, you know that pretty much everything has at least few marks against it. If you want a network to be big enoguh to come up on searches, chances are that you're going to have a wide variety of opinions

  19. Re:Two things ... by Bitsy+Boffin · · Score: 2, Informative

    It says right there on the download page

    Windows XP:
    Download outfoxed_beta_0.2.90d.xpi
    (Where are the Linux and Mac versions?)

    And from that page seeing as the site is flakey...

    2005-06-18 Note: Udo has compiled Mac and Linux versions. We need to wrap it up into an installation package though...so hopefully next week. Register to be notified by email when it's ready.

    --
    NZ Electronics Enthusiasts: Check out my Trade Me Listings
  20. Friends of friends are sometimes not friends by FunWithHeadlines · · Score: 2, Interesting
    "On the other hand, friendships are not a good predictor for recommendations since your friends often have different interests from you."

    That's been one of the little mysteries in my life. You know you have Friend A and Friend B, and you like them both a lot? Then one day you introduce A to B and realize they don't like each other...at all. Yet you still like A and you still like B.

    Some part of your personality is responding to something each of those people has, yet clearly they are each appealing to a different part of your personality, and sometimes those parts don't get along! :)

  21. Interesting by brontus3927 · · Score: 4, Interesting
    Interestingly enough, this Firefox extention is more or less the same premise that someone on K5 thinks would be the perfect base of a p2p file sharing program. But like others, I think the problem is friends don't share the same interests a lot of times, especcially to the same degree. My friends all have the same basic interests: computers, music, movies, and sports. However, for friend 1, the priority is music, movies, sports, computers. Friend 2 is music, sports, movies, computers. My priorities are computers, movies, music, sports.

    I think a hybrid approach between a social network and Amazon recommendations would be ideal. Based on bookmarks and preferences that you post to the server, an algorithm could reccomend other uses with similar tastes. I could then agree or disagree (on a 10 point scale) with the recommendation. That user would then enter my network, and I could browse other users in their network. You would be able to see their rating by other users. Additional ratings would refine the algorithm's ability to find new "friends" You would be notified when someone made you their "friend" so you could check them out and decide whether or not to reciprocate.

    --
    Free MacMini
  22. More bandwidth on the way by wanderingstan · · Score: 2, Informative

    Looks like my ISP was overconfident in saying they could handle a slashdotting. I'm moving to a dedicated server, and they say it'll be ready within a half hour. We'll see...

  23. You don't want Trust.... We want Experts by TedTschopp · · Score: 3, Interesting

    You want something else. There are different dynamics where you trust people. For example, no one should trust me with regard to South American history and politics. The reason, I know nothing about those areas. There needs to be a connection between Trust and areas of knowledge.

    For example, I trust my parents, but I would never trust them to make decisions about computers. But if it came to building a building, I'd trust my father a bit more as he is an architect and his field is related to the construction of buildings. But I would never trust my mom regarding that. Now if the issue was the development and educational patterns of children in a bi-lingual situation, I would trust my mom, but I would never trust my father. He isn't a highly trained educator, he is an architect.

    This type of trust network is good, but really is just an extension of the database that AOL has had for their buddy lists on AIM for years.

    What is really needed is a way to rate peoples expertise in areas. If this can be done, a whole new dynamic internet could be formed.

    Just one example of this would be to filter Wiki articles based on the level of expertise that author has in the subject.

    Another example would be to filter all the recommendations you see on amazon. Wow, an English professor at Oxford recommends I read this book about the development of the symbolic languages, perhaps I should pay attention. -OR- Wow, this Policy Wonk who works for this special interest wants me to trust his opinions about the enviroment. Nope!

    So to restate it, we need an Expert Network, on top of our Trust Network. And the trust networks are already in place. Just use any IM network, and apply a trust value to that connection. Now getting the Expert Network established, that's another problem. Perhaps tying a connection between each user and a DMOZ catagory. Or something along those lines.

    Ted Tschopp

    --
    Fantasy remains a human right; we make in our measure and in our derivative mode... -- JRR Tolkien
    1. Re:You don't want Trust.... We want Experts by wanderingstan · · Score: 2, Interesting

      You're might trust sources in only specific areas. The shot at this, IMHO, is tagging (which I wrote about here)

      Outfoxed uses tags to help resolve conflict within the database. If two equally-trusted informers give conflicting reports on a page, tags can be used to break the tie. When a user adds an informer, they can add tags indicating particular areas where this informer is trusted (or not trusted). For example, if your friend Bob is a good car mechanic but with very different political views from you, you might give him the tags "car repair auto -humor -funny". This means that his reports will take preference on pages tagged as auto, repair, or auto, and that his reports will be deprecated on pages tagged as humor or funny.

      [Disclaimer: This feature isn't implemented yet, although all the tagging hooks are in place.]

      But I don't think it's a ship-sinking issue for Outfoxed. It only tries to present you with the most relevant metadata for what you're doing, which you can look at or ignore.

      And all things being equal, someone trusted by you is more likely than a stranger to share your values about what constitues good, bad, boring, funny, etc...

  24. Re:Social networks cannot save us from dumb friend by wanderingstan · · Score: 2, Interesting
    "Against stupidity even gods struggle in vain."
    -Schiller

    Nice article on BBC (via) about how most users don't even know the words for threats on the internet.
    Confusing "geek speak" used by experts and media included "phishing", "rogue dialler", "Trojan" and "spyware".

    Eighty-four percent did not know that phishing describes faked e-mail scams.
    ...
    A quarter said they knew what "spyware" was, although almost one in 10 of those thought it was a computer program that kept an eye on unfaithful partners.
    This is why I something like Outfoxed is needed: Even if you had magic browsers which could tell users "This is a phishing website," most users wouldn't even know that this was a bad thing!

    The bottom line is that telling people to "get smart" will not help a computer novice who doesn't know the difference between Gator and Macromedia.

  25. Re:Only Windows... by wanderingstan · · Score: 2, Informative

    Mac and Linux versions are only a few days away.

    There was just some trouble getting pyana to link correctly in Python.

  26. Social Engineering by Sentry21 · · Score: 2, Funny

    Did anyone else read the title as Firefox Extension for Applied Social engineering ?

    The possibilities started flowing through my brain at a rapid pace. I envisioned a 'pretend to be a technician' wizard ('Do you know the name of the contractor which the target company uses for technical support?' 'Do technicians wear overalls to service calls?'), perhaps a research assistant, a disguise toolbar (a la Sims 2), maybe a letterhead forging wizard...

    This story is probably one of the biggest letdowns in the entire term of my Slashdot patronage.

  27. Re:I wish there was a Firefox extension for... by Tuross · · Score: 2, Informative

    Perhaps you've never heard of GreaseMonkey.

    http://greasemonkey.mozdev.org/

    --
    Matt
    1. Read Slashdot
    2. ???
    3. Profit