Open Source Developers @ Google Speaker Series: Lessons From Advogato
Google Tech Talks
June 25, 2007
Lessons from Advogato
Advogato is a community blog for free software developers, founded in 1999 as a testbed for ideas on attack-resistant trust metrics. The site now has 13k registered users, of whom over 3000 are ranked with one of the "Apprentice", "Journeyer", or "Master" certifications. Though I neglected the maintenance of the site for many years, it has retained an active community, and is seeing significant new life since it was handed over to the new maintainer, Steven Rainwater.
By the exponential-growth standards of the dot-com boom, Advogato has been only a modest success. Yet, the experience of the site over the years contains a number of lessons. First and foremost, attack-resistant trust metrics do work. The site succeeds in being remarkably spam-free, as well as completely open to the worldwide community of free software developers, and achieves these goals without needing a huge amount of manual input to delete spammers.
Thus, the main lesson is that trust metrics do work, but they need to be applied with care. Experience with the site teaches the importance of choosing and implementing the appropriate trust metric for the assumptions at hand. There is widespread "cert inflation," where many users are ranked higher than the guidelines would recommend. The trust metrics also did not bring a flow of very high quality articles to the front page.
Another important lesson is that openness and transparency work. The workings of the trust metric (including the complete source code) is public. Thus, Advogato strongly refutes the prevailing wisdom that secrecy is needed for spam protection. This lesson is similar to the ineffectiveness of "security through obscurity".
Lastly, I'll spend some time discussing why Advogato failed to catch fire in the public's imagination, despite its qualities. Possible factors include lack of promotion, and fact that the trust metrics were never tested against real money.