Do you trust your friends? I know it is obvious that your response will be, “Of course I trust them! Why would I not?”. Yet, take this to the perspective of social networks or communication on digital networks and you might change your mind.
Paulo, the author of Introduction to Cyber-Warfare, states that there are dangers in transitive trust, which is a topic that is covered in class. Transitive trust is when User A trusts User C under the condition that User A trusts User B and User B trusts User C (see Figure 1). This creates a triadic closure among the three users. We will assume that the direct trust is a strong tie, and the transitive trust can be either a strong or weak tie. Paulo references an experiment performed by Thomas Ryan, in which he observes how a fake account spread through social networks and got people to trust it through transitive trust. Ryan created a fraudulent account called “Robin Sage” with made up information and put her profile on LinkedIn, Facebook and Twitter. This experiment provides some interesting results.
Ryan quotes one user messaging “Robin Sage” stating “I’ve never met you, but I saw you had Marty on your Facebook list, so that is good enough for me.” This shows a common action on social media which is that people tend to send friend requests to those who have mutual friends with them, which is a form of transitive trust common on social media. Another type of transitivity is when a person has a lot of connections with highly respected or trustworthy people. People tend to trust that person, even though they have never met or talked to each other in real life. In the experiment, “Robin Sage” has an extraordinary profile on social media platforms, having graduated from MIT and boasting NSA internship experience. Her extraordinary profile allowed her connect with Joint Chiefs of Staff, the CIO of NSA, etc. – which allowed her to gain the trust of many people through a cascading effect.
Another interesting thing Paulo references is the “tipping” model, introduced by Laureate Thomas Schelling. This model clearly points out that when there are two people believing or following a trend, their mutual connection will eventually believe or follow that trend as well. The following graph can give you an idea on how your friends who you trust can eventually influence everyone on what they believe.
Let’s go back to Ryan’s experiment. If we apply the “tipping” model on that experiment, provided that there is a network that indicates their connection (nodes are users, and edges between them means they are friends, or they trust each other), then, from the above diagram, a shaded node represents a user that trusts “Robin Sage” as a legitimate person, which is an effect that cascades throughout the network. From box 1, we can see there is a white node that trusts two gray nodes. The two gray nodes can then convince the white node to trust “Robin Sage” as a legitimate person, due to the “dipping” model. This action repeats recursively within the network, and eventually the whole network will believe that “Robin Sage” is a real person, even though they have never met her in person. This spread in the network is justified by the Strong Triadic Closure property.
As an analogy, consider a scenario where one person tries to spread a false message and one of your friends trusts his/her word. Your friend will bring that message into your network and gradually spread it to everyone. You cannot easily determine if the message is true or not, but since your friends trust it, you will generally trust them.
The PGP web of trust is a real world example that has this kind of issue, where you can never know if your friends trust the right person. It is dangerous to trust your friend on the Internet without really knowing them, in the perspective of the web of trust. If one of your friends trusted a malicious person, by the transitive trust property learned in class, you will trust the fraud as well. Transitive trust in PGP may bring us the convenience of quick verification but it also creates potential trust issues in the network. The best practice when dealing with trust online is only to trust people that you really know in person, and to exchange your PGP keys in a secure way.
So, ask yourself again: Do you still trust your friends on the digital network?
Citations:
- Shakarian, Paulo, et al. “Chapter 9 – Losing Trust in Your Friends: Social Network Exploitation.” Introduction to Cyber-Warfare: a Multidisciplinary Approach, Syngress, 2013.
- Herald, Sarvjeet et al. “A non-transitive trust model for key distribution.” (2010).
- https://medium.com/@bblfish/what-are-the-failings-of-pgp-web-of-trust-958e1f62e5b7
- https://www.csoonline.com/article/2633175/be-careful-with-transitive-trust.html
I think that unless you have known and met the person in real-life, you can’t really say that they are a trustworthy friend. In order to trust someone you don’t really know, lets say a friend of a friend, your trusted friend would first have to directly introduce you to his other friend and then you could have some nice friendly conversations with that said person. Only then would real trust possibly form. I also think that trusting someone on social media just because your trusted friends know that person links with the idea of how some people think that having a lot of friends or followers is a status symbol, where the more followers the better. Because of this ideology, people would become more blind to trust anyone just so they can add them to their friends list. Although, I can’t say this for sure with any personal experience since I don’t have that many friends on social media.