Outfoxed
Outfoxed is the implementation side of my master's thesis about trust. The full [working] title is "The aggregation and distribution of trust information online." Outfoxed is a an extension to the Firefox web browser, which implements some of the ideas proposed in my thesis, and serves as a testing ground for new ideas. Coding began on Dec 27th, 2005.
This document first discusses the current features of Outfoxed: bringing trust information to web pages, searching, file downloading, and running processes. Next I give a little insight into how it works. And finally, I answer a few possible objections and criticisms. This is an evolving document, and will certainly grow as my thesis proceeds.
The essential idea of Outfoxed is that people make decisions of trust based primarily on people that they trust. The average person has a set of experts that they consult in designated areas: the computer expert, the car expert, the fashion expert, the financial expert. If the opinions of these experts can be collected, they are the most critical data that a person can have; it is this information that gives the most intelligent filtering and sorting of the nearly infinite information that is on the internet. For example, Outfoxed lets my Mom know that I think it's okay for her to install the Flash plugin, but that she should not install anything from Claria.
Trust applies not only to areas like financial information and computer security, but extends even to mundane things like movie or restaurant recommendations.
A word on the lingo: The opinions that people give are referred to as reports. These can be about just about anything. The people who you trust, and whose reports you want to know about, are your informers (screenshot). All this information is stored in a trust file, aka RTS file. (For example, my file is viewable here.)
Search
Trust information is also important when searching. Search engines are getting clogged with pages that are nothing but advertising. (See Google Bombing) Of course, some sites are consistently better than others, but the search engines themselves cannot make such subjective decisions. In fact, no company can make these decisions because (1) they don't know you, and (2) companies have to make money and so any recommendations they give are bound to be distrusted. The best choice, as always, is to have your friends and friends of friends deciding which content has the highest quality and thus is most likely to be what you're searching for.
Currently Outfoxed provides only annotations to existing searches, as seen in the accompanying screenshot. But even this is useful, as recommended sites can be easily spotted in a long page of search results. An Outfoxed-enabled search engine is already in development; positively rated sites bumped to the top search results and bad or dangerous sites eliminated.
Combined with locale-specific searches like Google Local, Outfoxed gives a great way to find a good plumber or restaurant.
Browsing
While browsing, Outfoxed indicates the status of the current page by displaying an icon next to the Outfoxed button on the browser toolbar. Clicking on this status icon toggles the display of the report sidebar, which displays all reports on the currently viewed page. Whenever the user navigates to a page rated as dangerous, a confirmation window gives them the full report (including who gave the report) on the page and asks if they really want to go there.
Outfoxed can also indicate the status of all links on the page. By default it only highlights the dangerous ones, by putting a thick red border around them. For example, if you had Outfoxed installed, the link to Claria in the top paragraph would look like this:
Files
Outfoxed can give a reports on anything that can be uniquely named. Of course it's easy to change the name of files, but there exist algorithms that can generate a unique "fingerprint" for any file. Should the file change --even by a single bit-- then the fingerprint will be different. Examples of these algorithms MD5 and SHA-1. By attaching a report to these files, Outfoxed can insure that your files have not been tampered with.
For example, a software publisher could make an RTS file containing the fingerprints of their products even though their software is actually distributed through a system of mirrors or via Bittorrent. After downloading the file, Outfoxed checks the file's fingerprint and compares it against your trust database. If the publisher is one of your informers, then you'll know right away if you got the right version.
Outfoxed also adds functionality to local file browsing, allowing you to check the validity or add reports about any file on your system.
Processes
Using the same file fingerprinting methods as above, Outfoxed can check for reports on all the processes that are running on your machine. Ever wondered what LTSMMSG.exe or ctmmon.exe were? All of this information can be found with a few online searches, but Outfoxed automates the process. And because it's using file fingerprints and not just the filename, you can know if your process has been modified. Of course, this all depends on you having at least one nerd in your informer group who knows of an uber-nerd giving reports on these things. This feature is a bit of a tagalong at this point, but it does offer a useful service and a good argument for why trust should be integrated at the OS level.
How it Works
Outfoxed reads and creates files written in RTS, the style of which is blatantly copied from RSS. But whereas RSS is for the distribution news stories and blog entries, RTS is for the distribution of trust assessments (and general evaluations) of online resources. So an RTS file might say (translated into English) that xyz.com is good, while zyx.com is bad, and xxx.com is dangerous. But the key to everything is that a RTS file can talk about other RTS files, and say that the file at xyz.com/mary.xml contains trustworthy information, while the file at abc.com/bob.xml contains not so trustworthy information.
The Outfoxed extension periodically downloads updated RTS files, and keeps a local database of all reports.
Advantages
There was an interesting flap when Microsoft released their first anitvirus software. It seems that their software counted a certain Weatherbug as spyware. The problem is that Weatherbug is bundled with AOL Instand Messaging. So who gets to decide what is spyware? Do we leave up to whomever can hire the most lawyers? A better approach is software that lets the people decide by consensus.
As the lines between malware and legitament software become blurry it will become more important that these judgement calls are made by (or mediated by) people you trust, and not left to companies with unknown motives.
Objections & Criticism
Bad companies will just give themselves "good" ratings, and then we're back to square one.
Of course anyone is welcome to make a page giving any sort of reports they want. But it won't do them any good unless someone decides to use (i.e. trust) those pages. Which brings us to the next objection:
Some idiot friend-of-a-friend of mine might get conned into trusting some terrible company, and then I'll have bad trust data.
It's true, there are a lot of sell-outs and idiots out there. But remember, their bad trust decision effects not only you, but everyone else connected to them. (Possibly thousands of others.) All that is needed is for one of these other people to have a little sense and give a bad report to (distrust) the idiot, and then the problem is cleared.
People won't want to give out trust data.
Consider the fact that LiveJournal has 1.6 million people actively keeping blogs. That's just one company. And what are these people writing about? What music and movies they like. Products that suck. Software they love. Political views. The bottom line is that people love to tell others whom and what they trust, and the internet has proven time and again that people will express themselves in any medium they find.
But isn't this private information people are giving out?
Even in the current implementation of Outfoxed, there is no requirement that any identifying information be given out. It is possible to create a page on a random server with a random filename and fill it with trust information. And this information isn't useless, because you can then give this address to your friends and thus give them your trust information. And their friends can benefit from your information too, even if they have no idea who you are.
The internet is a huge place. You can't expect people to have a local database containing reports on everything!
To an extent this is true: You can't expect every internet user to have reports on everything out there. But, the truth is that you don't need reports on everything. People tend to have similar interests to their friends -- that's one reason friends are trusted! So if you love collecting license plates, and some of your friends to do, then you can expect to have a lot of useful reports about websites and programs relating to your hobby. But someone might object further...
But that's still a lot of information! A user's network of friends will grows exponentially with each hop.
Here you need to run some numbers: If each person in a trust network introduces 10 new informers (which is quite optimistic), then with 3 hops the network is at 10,000 people. If each person gives 100 reports, that's a million reports total. At 1K per report, that's just one megabyte. If all those desktop search applications can search your 100 gig hard drive in a few seconds, you can see it's child's play to search a one gig (or larger) file.
Beyond Outfoxed
Every file and process should have a chain of trust leading back to the user. Any file or process without such a chain is being taken on faith, and the user should be warned accordingly. For example, every process run by a computer should have chain that looks something like this:
And similarly, every file should also have a chain:
Ideally, management of trust should be done at the lowest levels of computation: in the operating system or even in the microprocessor itself. This limits the ability of malicious software from disrupting the chain of trust back to the user. Outfoxed, because it is just an extension, has many vulnerabilities. Primary is the vulnerability of the locally stored trust database.
The next step would be to have trust storage implemented as a continuously running process that could be queries by other applications. So the browser, email client, and word processor could all draw trust information from the same source.
The best solution would be to have this process integrated into the operating system itself, so that the OS could also take advantage of the trust information by only running trusted applications. Trust managed at this level, combined with a good security methodology, would give us the ultimate trustworthy environment.