Firefox Extension for Applied Social Networking

wanderingstan writes "Outfoxed is my masters thesis project about trust. (Nutshell overview) The extension uses a social network for personalized searching, phishing/spyware protection, file/process validation and more. It's related to del.icio.us, StumbleUpon, and those Kevin Bacon things, but goes a lot further. Mathematically, it's based on the network behavior of small world networks (pdf). Built with Javascript, Python, SQL, and XSLT. 366 testers so far, but we need the network to grow!"

did he say...

[bad_outlook]

he wanted the network to *grow* or get slashdotted to death?

bo

Using social networks for personalization

[glinden]

Chris Anderson (of Wired and The Long Tail fame) had a great post about why social networks might not be the best way to do recommendations and personalization. An excerpt:

No matter who you are, someone you don't know has found the coolest stuff.

The sad reality is that most of my friends have rotten taste in music (I don't hold it against them), while the music recommendations I actually follow are mostly from people I've never met.

The assumption that there's a correlation between the people I like and the products I like is a flawed one.

On the one hand, you trust your friends, so things your friends clicked on might be interesting for you to know about. On the other hand, friendships are not a good predictor for recommendations since your friends often have different interests from you.

It's a cool idea, but I'm not sure how many people would bother to set this up, how often this will change the search results, whether the changes will focus your attention on the most relevant result for your search, and whether you can scale a system that accesses data on everyone in your social network on every web search.

Re:Using social networks for personalization

[capt.Hij]

Another example is the state of Utah! Salt Lake City is the smallest city to have its own SEC office, and the state suffers from a high rate for people getting ripped off by people they know. This has been attributed by the close network of people within the LDS Church. Somebody who is intent on ripping someone off can join the church and instantly gain a large web of trust.

Re:Using social networks for personalization

[natrius]

As another person mentioned, the people you entrust while using this system don't actually have to be people you know. For instance, if you take a look at someone's del.icio.us links page and there are tons of things that interest you, you would probably trust them to inform your browsing decisions.

This system looks like a good way of implementing spyware/adware prevention and the like based on trust, but I don't think it will do so well for general browsing as you point out. There are plenty of people I would trust to help me stay away from spyware who I wouldn't want pointing me to web sites to read, mainly because I read vastly different things on the Internet from many of my friends. A system tha would work for this is something like Amazon's recommendation system. Without fail, Amazon emails me stuff that I'm actually interested in based on things I've bought from them. If something could use my web browsing history and compare it with that of others to suggest sites to read, that would be awesome. There are tons of privacy issues there, but putting those aside, I think such a system would be very effective.

One thing that might break such a system would be spammers. Spammers like to break anything that's good on the Internet with advertising, and this would be no exception. I think it would be hard to replicate a normal browsing history while inserting a few ad links, and submit those histories on a large enough scale to make those sites show up as results.

Anyway, I've gone off on a bit of a tangent. My point is that trust works well for many of the stated goals, but not so much for what I really want: all the good information on the Internet pumped straight into my brain.

Re:Using social networks for personalization

[joepeg]

On the one hand, you trust your friends, so things your friends clicked on might be interesting for you to know about.

Obviously, you've never had a friend relentlessly forward you email chain letters insisting "I know you hate these ... but this one is funny/great/interesting/etc..."

What?

[geekoid]

No Links?

Re:I wish there was a Firefox extension for...

[octalman]

... filtering stupid posts.

not trusting trusted people

[moz25]

Well, the thing is that I can trust many people I know with my life, but not with my computer.

Papers on similar work

[techmuse]

I've previously published two papers on a very similar idea - using distributed social trust networks to make trust judgements, which is essentially what Outfoxed is. You can find the papers at:

The Solar Trust Model
Michael Clifford, Charles Lavine, Matt Bishop
http://www.acsac.org/1998/abstracts/fri-a-1030-cli fford.pdf

Networking in The Solar Trust Model: Determining Optimal Trust Paths in a Decentralized Trust Network
http://www.acsac.org/2002/papers/9.pdf

kevin bacon things

[xtermin8]

I tried googling "kevin bacon things" and "extensions" the results I got were really disturbing. Please, we don't need any more of these on the net!

more links please

[joey_knisch]

I think he needed more random links.

Good idea in theory

[mister_llah]

... but in practice, you open the door to increased risk... navigating bookmarks of someone you don't know could run you right into spyware/malware... there aren't enough filters in the world to keep up with what is put out there.

Sadly, too, the concept of Monkey Sphere comes in, too...

http://www.pointlesswasteoftime.com/monkeysphere.h tml ...

Though it will start small, it will eventually become just too big, if it survives... it will become just another random maze of links for people to click through at 3am when they should be coding for a project due at midnight the next day.

===

Sorry to be a drag, just being realistic :/

User != Others

[Iriel]

What I wonder is this: Yes it does seem like an interesting idea, but how many of your friends run the same software you do? I still have friends that I'm trying to convert from IE, but it's too easy for them use what's already there. I know plenty of cliques that hang together because they all like running BSD/Linux and deal with programming and such, but none of them use the same distro or the same preferences.

My bottom line is this: Look at your best friends computer. Do they have the same extensions that you do? Do they even run Firefox? The network can only be as expansive as the people that decide to jump on board.

sql go boom

[farker+haiku]

Every file and process should have a chain of trust leading back to the user. Any file or process without such a chain is being taken on faith, and the user should be warned accordingly.
For example, every process run by a computer should have a chain that looks something like this:

wuauclt.exe [executed by] Windows Update [installed by] Windows OS [installed by] User [trusted by] Root User
matlabserver.exe [executed by] MatLab Application [installed by] User [trusted by] Root User
And similarly, every file should also have a chain:

desktopicon.ico [created by] FireFox Application [installed by] User [trusted by] Root User
mydocument.doc [created by] MS Word Application [installed by] Root User
Ideally, management of trust should be done at the lowest levels of computation: in the operating system or even in the microprocessor itself. This limits the ability of malicious software from disrupting the chain of trust back to the user. Outfoxed, because it is just an extension, has many vulnerabilities. Primary is the vulnerability of the locally stored trust database.

The next step would be to have trust storage implemented as a continuously running process that could be queried by other applications. [Note 22/03: The new version does this, using HTTP for queries.] So the browser, email client, and word processor could all draw trust information from the same source.

The best solution would be to have this process integrated into the operating system itself, so that the OS could also take advantage of the trust information by only running trusted applications. Trust managed at this level, combined with a good security methodology, would give us the ultimate trustworthy environment.

Interesting

[brontus3927]

Interestingly enough, this Firefox extention is more or less the same premise that someone on K5 thinks would be the perfect base of a p2p file sharing program. But like others, I think the problem is friends don't share the same interests a lot of times, especcially to the same degree. My friends all have the same basic interests: computers, music, movies, and sports. However, for friend 1, the priority is music, movies, sports, computers. Friend 2 is music, sports, movies, computers. My priorities are computers, movies, music, sports.

I think a hybrid approach between a social network and Amazon recommendations would be ideal. Based on bookmarks and preferences that you post to the server, an algorithm could reccomend other uses with similar tastes. I could then agree or disagree (on a 10 point scale) with the recommendation. That user would then enter my network, and I could browse other users in their network. You would be able to see their rating by other users. Additional ratings would refine the algorithm's ability to find new "friends" You would be notified when someone made you their "friend" so you could check them out and decide whether or not to reciprocate.