Stengthening Weak Identities Through Inter-Domain Trust Transfer

(This work was done by Bimal Viswanath during his time as a PhD student at the Max Planck Institute for Software Systems (MPI-SWS)) Abstract: On most current websites, untrustworthy or spammy identities are easily created. Existing proposals to detect untrustworthy identities rely on reputation signals obtained by observing the activities of identities over time within a single site or domain; thus there is a time lag before which websites cannot easily distinguish attackers and legitimate users. In this paper, we investigate the feasibility of leveraging information about identities that is aggregated across multiple domains to reason about their trustworthiness. Our key insight is that while honest users naturally maintain identities across multiple domains (where they proved their trustworthiness and acquired reputation over time), attackers are discouraged by the additional effort and costs to do the same. We propose a flexible framework to transfer trust between domains that can be implemented in today's systems without significant loss of privacy or significant overheads. We demonstrate the potential for inter-domain trust assessment using extensive data collected from Pinterest, Facebook and Twitter. Our results show that newer domains such as Pinterest can benefit by transferring trust from more established domains such as Facebook and Twitter by being able to declare more users as likely to be trustworthy much earlier on (approx. one year earlier).