Interesting proposal Paul! I highlyappreciate the effort to tackle this in a decentralized way on AT Protocol rather than relying on centralized moderation.
A couple of questions that came to mind:
Account rotation: If a bot operator gets flagged, the rational move is to discard that account and create fresh ones. Each new account starts with no scores. Doesn’t that make bot scores (score = 1 in your example) mostly a signal for the operator to rotate rather than an actual deterrent? Bots can just create a 1000 new accounts as soon as they get a score that indicates they are a bot (as this is public info).
Labeling fatigue: The system depends on people manually evaluating accounts and keeping at it. But bot operators can automate account creation at scale, indefinitely. How to resolve that asymmetry? Honest participants have finite time and attention, the adversary… unlimited. How do you see this playing out without people burning out?
I’ve been thinking about similar problems for professional identity on AT Protocol (sifa.id) and we also discussed Trust Infrastructure on ATproto and Building a trust & reputation clearinghouse for atproto niche networks before.
For Sifa and Barazo I’m making a different bet: rather than detecting bad accounts after the fact, make credible identity something that builds up passively from real activity over time. New accounts just have no reputation, and the cost sits with the attacker: faking a believable track record takes sustained effort that’s hard to automate. The trust-web part of your proposal (weighting by source credibility) is the piece I find most interesting, and I think it could work well alongside activity-based approaches. In my docs I called this the “Google PageRank but for online accounts”.
How are you thinking about the cold-start problem on both sides: new legitimate users vs. new bot accounts? I find this one tricky either way, legitimate human users that are new to the network of course still need to have a good chance to build trust on the network, even if everyone else already has 20 years of history.