On the limits of privacy in reputation systems

This paper describes a formal model for multiple privacy notions that apply to reputation systems and shows that, for certain classes of systems, very strong privacy notions are unachievable. In particular, it is shown that, systems where a user's reputation depends exclusively on the ratings he received, necessarily leak information about the relationship between ratings and reputations. In contrast, systems where a user's reputation depends both on the received ratings, and on the ratings received by others, potentially hide all information about this relationship. The paper concludes with guidelines for the construction of reputation systems that have the potential to retain high levels of privacy.

[1]  Sandra Steinbrecher Design Options for Privacy-Respecting Reputation Systems within Centralised Internet Communities , 2006, SEC.

[2]  Tal Malkin,et al.  Reputation Systems for Anonymous Networks , 2008, Privacy Enhancing Technologies.

[3]  Andreas Pashalidis,et al.  Relations Among Privacy Notions , 2009, Financial Cryptography.

[4]  Sandra Steinbrecher,et al.  Privacy and Liveliness for Reputation Systems , 2009, EuroPKI.

[5]  Max Mühlhäuser,et al.  A Privacy Preserving Reputation System for Mobile Information Dissemination Networks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[6]  Daniele Micciancio,et al.  An Indistinguishability-Based Characterization of Anonymous Channels , 2008, Privacy Enhancing Technologies.

[7]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[8]  Yolanda Gil,et al.  A survey of trust in computer science and the Semantic Web , 2007, J. Web Semant..

[9]  L. Bygrave Data Protection Law, Approaching Its Rationale, Logic and Limits , 2002 .

[10]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[11]  Chrysanthos Dellarocas,et al.  Immunizing online reputation reporting systems against unfair ratings and discriminatory behavior , 2000, EC '00.

[12]  Florian Kerschbaum,et al.  A verifiable, centralized, coercion-free reputation system , 2009, WPES '09.

[13]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[14]  Sandra Steinbrecher,et al.  Fairness and Information-theoretic Privacy for Reputation , 2011 .

[15]  Chrysanthos Dellarocas,et al.  The Digitization of Word-of-Mouth: Promise and Challenges of Online Feedback Mechanisms , 2003, Manag. Sci..

[16]  Frederik Vercauteren,et al.  A New RFID Privacy Model , 2011, ESORICS.

[17]  Chrysanthos Dellarocas,et al.  How Often Should Reputation Mechanisms Update a Trader's Reputation Profile? , 2006, Inf. Syst. Res..

[18]  Marco Voss,et al.  Privacy Preserving Online Reputation Systems , 2004, International Information Security Workshops.

[19]  Jeffrey S. Rosenschein,et al.  Supporting Privacy in Decentralized Additive Reputation Systems , 2004, iTrust.

[20]  Lik Mui,et al.  Computational models of trust and reputation: agents, evolutionary games, and social networks , 2002 .

[21]  Sandra Steinbrecher,et al.  Enhancing Multilateral Security in and by Reputation Systems , 2008, FIDIS.

[22]  Paul Resnick,et al.  Reputation systems , 2000, CACM.

[23]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..