When calculating personalized web of trust metrics, follows are a good place to start. Follows data is abundant and can be analyzed with well-established algorithms like personalized PageRank that can be used to filter and stratify content.

But follows are not enough. Personalized PageRank is highly susceptible to the well-known “Link Farm” attack, illustrated in Figure 1:

In this attack, a bad actor spins up a large number of bots (red circles) with most or all of them following each other (green arrows). Ideally, the “real” users (green circles) will take care only to follow other “real” users. But if the bad actor then invests a small amount of effort making one or a small handful of those bots entertaining – not hard to do with AI – it is inevitable that the bot will eventually be followed by one or a few “real” users, as in this example where the real user Eric follows bot1. When we use the personalized PageRank algorithm to calculate Alice’s web of trust, bot1’s PageRank score gets off zero due to Eric’s follow. Bot1 then boosts the scores of all of the other bots off zero. The fact that the bots all follow each other means that they all push each others’ scores up, spiraling higher and higher until all of the bots have scores as high as any other real user. We can tweak the algorithm to mitigate this attack, but try as we might, the link farm attack is highly effective, and will get even more effective as AI bots become easier and cheaper to operate.

If we relegate ourselves to follows and PageRank, the only remedy is for all of the “real” users to unfollow all of the bots. But does anyone expect that to happen? Not a chance.

NIP-56 reports to the rescue!

The Unreasonable Efficacy of NIP-56 Reports

It could be argued that mutes and reports are much less abundant that follows, and that the scarcity of data means that their integration would have only a marginal improvement in score results. But that logic ignores the fact that not all data points are created equal. A single, well targeted report can be worth many times more than an individual follow in terms of the value of the information.

Figure 2 illustrates what I mean by a “well targeted” NIP-56 report. Here, the “real user” Chuck has identified bot1 as the link between the community of real users (green circles) and the link farm (red circles). He reports bot1, as depicted by the thick red arrow. In the real world, people tend to follow rather indiscriminately; but when people use NIP-56 reports, they usually mean it. For this reason, GrapeRank gives a lot more weight to a report than to a follow. In this example, Chuck’s report of bot1 is more than enough to outweigh Eric’s follow of bot1, the result being that bot1’s GrapeRank score stays at zero. Since bot1’s score never gets off zero, none of the other bots’ scores get off zero. With a single well targeted report, the entire link farm is excised like a tumor. All of the bad actor’s efforts are for naught!

Conclusion

Follows are useful, but they are not enough. Empowered by the GrapeRank algorithm, mutes and NIP-56 reports turn into sniper rifles that can be used by trusted members of your community to cleave away entire armies of bots, using less time, energy and effort than it takes for the bad actors to launch their attacks in the first place.