Sybil’s Peanuts

Clay Shriky tells a story in his book “Here comes everybody:…”

“Fans of the TV show Jericho were so upset when CBS canceled the show that they started mailing peanuts to CBS in protest using the NutsOnline delivery service. This effort cost the fans real money, so there was no mistaking their commitment, especially not when twenty tons of peanuts eventually arrived at CBS.”

As an illustration to one of the “solutions” to what an apparently insoluble problem in distributed systems known as a Sybil Attack.  Sybil attacks are all about sock puppets.  For example I knew somebody, let’s call them Alice, once who maintained a handful of email addresses (let’s call those Bob, Bill, and Betty) all subscribed to the same mailing list.   When Alice ever got into a debate on the mailing list with another party one of her sock puppets would speak up to support her.

Socket puppet are the bane of lots of systems.  Ebay reputation, Google linking algorithm, voting of all kinds – but particularly on-line voting.  And the only solution that works dependably is to shift the problem to some other identity system – i.e. a central authority that hands out unique identities.  And that solution isn’t hard to critique either.

Assorted schemes have been invented to temper the problem.  The peanuts in the example above are one instance of schemes where you use cost (sometimes called proof of work) to help.  Which of course only means that the rich get more votes.

If you interested here’s a survey of tricks people have come up with.

Years ago i needed a way to generate unique identifiers for components in a distributed system.  This was years before people invented GUIDs.  I was pleased with my little trick.  In the manual I prescribed a little algorithm for generating the component’s ID:  take a one dollar bill and use its serial number, then deface the bill slightly with a smile-face so nobody else will use that bill for this purpose.  Cheaper than a peanut.   As an aside I continue to be surprised how currency serial numbers don’t have check digits, etc.

I was reminded about that trick recently when I bought a candy bar.  This candy bar was part of a contest Google was running.  Each wrapper had number printed inside for use in entering a contest.   I got to thinking that could be used for a unique identifier.   What is nice about the dollar bill and these candy wrapper numbers it they are pretty anonymous.

But if you were going to try to mix those into your trick to temper a Sybil attack you could encode some more information into the candy wrapper numbers, such as information about where they were distributed.  That might be used to invalidate batches of them when an attacker, who would obviously buy in bulk, was identified.

Apparently in the 2nd world war the US stamped all the currency in Hawaii so that if it fell to the Japanese they could declare currency with that stamp upon it to be invalid.  I inherited from my father the habit of occasionally asking a retail clerk if they accept Hawaii money?



Leave a Reply

Your email address will not be published. Required fields are marked *