Credible Web TPAC Breakout -- 24 Oct 2018

<mweksler> present

<ChristopherA> scribe: karen myers

Sandro: My plan for session is to play by ear
... tell about what group has been doing, then discussion
... two documents group has been working on for some context
... group's site is credweb.org

<phila> --> https://credweb.org/ CredWeb website

Sandro: photo is screen grab of participants
... group started over one year ago
... we had a breakout last year at TPAC [Burlingame]
... we have come a good distance since then
... did not have a mission then; took a few months to get in gear
... Let me navigate through the CG page
... mission
... broadly is to deal with mis-information, dis-information, fake news
... in the world
... some threats; no one really knows what is happening there
... there has always been the case what to trust online
... online many of those ways go away
... can we change the web stack to give people better ability to discern
... but no one likes to be mis-lead
... help people being avoid mis-lead
... probably a mission people can get behind
... the general approach is sharing data
... many sources of information to help you assess credibility
... going back to the group site
... two main documents, this draft report
... and credibility signals, the spec for parts of info
... a skeletal spec
... CCIV
... we wrote first as Google doc
... not software developers who are participating
... even FB participants used the Google doc; then I turned it into a spec
... you are welcome to comment or annotate
... I am going to walk through sections to level set
... First is "do no harm"
... Tech in past years is perceived as having messed things up
... not dig ourselves deeper
... Censorship
... Anything that regulates content could make it worse
... Let's not tip the tables
... Web is hard to do anonymously
... through domain names, balance
... accountabillity
... issues around centralization that come up
... web folks not so fond of that
... solutions runs into human problems sometimes called "tribalism"
... and privacy concerns
... First do no harm framing is a medical motto
... medical intervention idea seems fitting
... like introducing a drug to human body; there are approval processes
... maybe a tech intervention idea
... W3C has processes with external and horizontal reviews
... We're suggesting a review board around these interventions
... one of my favorite recommendations
... Terminiology
... how you assess trust
... lots of techniques people use on how to check trust
... we broke it down into four kinds of assessment strategies that people use
... Inspection
... font good, visual cues
... corroboration
... check elsewhere and check the facts
... reputation
... social instinct and how others react
... transparency
... what others willing to say, share
... we merged these to get a view there
... Granularity
... credibility at different scales
... how to trust a single claim for example
... fact checkers often look at that
... or do you trust a whole company, person behind a web site
... We enumerate threat models
... attack motivations, attack resource levels
... mental attacks like 'emotional hijacking' where people get so upset they cannot think straight
... and some technological attack vectors
... many attack vectors
... others like copying web sites
... Like to fill this out more
... Stakeholders, who all is involved in this
... Skip forward to promising technical approach
... where we are organizing what people said could be done

<scribe> ...done by effort level of the user

UNKNOWN_SPEAKER: zero means user is not willing to make effort
... often means a feed algorithm
... people doing search results also considering
... Problem for users who don't want to give up that much control
... level zero is nice in some sense, but problematic in another sense
... Maybe move up to level one where a user marks their evaluation
... and maybe a warning box
... or an interstitial for a site
... Users start to be curious
... "i wonder if this is true"
... Some want to dig in to find reputation graph; fact checks and who is behind those fact checks

Sandro: Feel free to raise your hand [or q+] on irc

Potential new web standards

UNKNOWN_SPEAKER: involves data, interchange from one system to another
... one user is curious and wants to share; or some service for sharing it
... review board process I mentioned
... under browser features

Dan Appelquist: I am interested in this area

scribe: we have ad blockers and tracking blockers in browser
... aiding for greater privacy
... is there an analogue for fake news
... where browsers or browser plug-ins can help user
... even social network is not taking it into account

Sandro: In all these interventions we abstract platform to whatever is feeding the user; could be browser, Facebook, Google
... so many different strategies
... would be nice to have different credibility assessment strategies
... that feed into some aggregate score
... when they flag high enough browser marks the page
... I think that makes a lot of sense
... no one has built as a plug-in yet
... i think that makes sense

ChristopherA: One of issues in your model one

<ChristopherA> https://github.com/WebOfTrustInfo/rwot7/blob/master/draft-documents/resource-integrity-proofs.md

ChristopherA: what prevents people from spoofing that artifact
... some discussions about this in the credentials community
... about a resource
... badges for example on courses
... secure JS; you could present and trust that badge
... similarly useful could be imaging credibility

Sandro: laughable thing is seals of approval that we know does not mean something

ChristopherA: maybe a plug-in where it's real and there are origins
... is this a reputation system?

<ChristopherA> https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2017/blob/master/final-documents/reputation-design.pdf

Sandro: this third column is reputation

<ChristopherA> https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/ReputationAndTheRealWorld.md

Sandro: only that column is reputation
... corroboration
... has a reputation element; have to know which fact checkers to believe
... Google and FB say here is the list of fact checkers

ChristopherA: I posted two links
... if you don't have the resources to explore
... positive reputation is the easiest to influence
... be careful with false facts
... focus on positive checks that validate

Sandro: reputation often person to person
... but also org to org
... most mainstream orgs would be reluctant to give positive orgs to others
... but others not
... could be useful

ChristopherA: be careful

<Zakim> fabien_gandon, you wanted to mention other modalities in giving feedback e.g. whistling privacy bird

Fabien: Most of feedback you have is visual
... privacy @ used a different modality

Sandro: this is imagined for normal brower

<burn> privacy bird/music works until sites start to copy it . . .

Phil: my question is, is my use case in scope for what you are trying to do?
... my use case is fake merchandise
... you can fight a bit with one of our identifiers on the box
... we work for Coke, Walmart, etc.
... have a verified by GS1 identifier for a Nike branded shoe for example

Sandro: What stops the counterfeiter from copying the markup

Phila: nothing
... but is it in scope for you
... if we return data in a known structure like schema.org
... and this info got back matches and it's a green light

Sandro: not sure

Phila: we are building a repository of trusted identifiers for things

Sandro: we are kind of early on this
... people building products are not interested in interoperating
... they're interested to solve the 'fake news' problem
... Google and Facebook think there should be an ecosystem and no one solving it

ChristopherA; There was a colon bin colon

scribe: that pulls up a public data base
... with digital signatures; car and VIN match

<nage> did:vin:car_vin_number

scribe: something of that order might be possible in some of the more valuable things you have

Phila: for high value products
... is it a jar of marmite or cereal in my online shopping
... for a high value you need something more secure

Sandra: A different bar for each jar of marmite?

Phila: no, but will be on cigarettes starting next year
... each packet identifiable

Dan Druta: good question

scribe: if signals being attached to URL

Sandro: most of the time we imagine an article on a web page
... but sometimes it's a fragment or text and not a clear URL

Dan: Hard to attach signal and get propogated
... how I know fake news works is they keep cloning
... they will fight that system
... I will use analogy from network services; we do fault management and event suppression
... we lump them as the same thing
... that would be useful provided you could address the other part
... and does it provide integrity along the way

Sandro: that is necessary
... hard to share that data
... some real data
... Group Credibility Coalition paid people to inspect articles for signals
... I am converting their data to RDF
... and see what it looks like on graphs
... once we have real systems we can start to go
... and asses web pages that change
... not there yet

<Zakim> manu_, you wanted to building community / sharing w/ CCG.

Manu: we have at least two of the Credentials CGs in the room
... Sandro and I were talking about how to get more eyeballs on this work
... in Credentials CG people have attempted to tackle reputation
... some good material here
... my hope is to have Sandro present to the CCG
... Christopher, Joe
... talk about the work
... also Rebooting Web of Trust people are very interested in this topic; great to circulate this material

Christopher: stopped a bit; some called it Claims/Credentials

Manu: advice as a meeting

Christopher: they expected we would solve verifiable news
... was not quite what we were offering, but sounds like it

Manu: we need data vocab and expressions
... please come to CCG and Rebooting

Sandro: maybe after we convert [data] to RDF and see graphs
... and sign and authenticate

Dmitrz: where would this live
... three options
... maybe different combitations; store on application, host itsself
... some registry, web site
... like a better business bureau for URLs
... or something like a browser plug-in that checks a data base and is an overlay by the browser

Sandro: platform vendors are maintaining their own
... Claim Review markup
... fact checkeres
... Google exposes on datacommons.org
... FB does not expose yet
... said they intend to
... at this point the platforms want to cooperate and not compete
... FB and schema.org are cooperating
... go on to talk about the signals document a bit
... reading list
... that has some pretty good stuff
... starts with two exhaustive literature reviews
... ten articles you should read if you want to do anything in this space
... Go back to signals
... back to web site
... This document is driven out of a Google doc
... that is world writeable
... CG is not well represented because MisinfoCon is happening today in London
... they are having workshops now to brainstorm more of these
... this view of it
... is intended to include a bunch of datafeeds
... study results
... correlation to experts
... plan to show up in this document
... and test it scientifically
... organized by what is subject of the triple
... claim, article
... title of an article
... how everyone comes into it
... or web page
... rest has not been expanded
... there are many more signals
... only ones that have been studied
... migrating over last week
... Look into emotional valence
... documentation could be measure by some piece of software
... language is negative
... simple RDF triple
... or language could be positive
... idea of doc is to be understandable to journalists and journalism researchers and not just techies
... they want people to be looking for the signals
... effort called Journalism Trust Initiative in European part of ISO
... to set standards for journalistic organizations
... look at levels and get journalistic checkmarks
... good people, not happy with some of the checkmarks
... separate them and platforms can weigh them
... could run long
... I want those folks
... journalism standards professionals

Dan: using both carrots and sticks
... sticks for platforms and carrots for standards orgs

Sandro: one thing
... feedback risk
... if you adopt a standard
... if you say a signal like "clickbait title"
... a signal of low credibility
... the people will stay away
... bad actors will stay away
... a bunch of innocent people like librarians to get an article out
... could distort market; a feedback risk
... different signals
... a good one is journalistic language
... fairly hard to use journalistic language
... a lot of fly by night places my have a harder time
... a security analysis needs to be done
... high risk of negative feedback

<phila> Karen: I've not read all the docs, but I'm not sure what content you're looking at. There are advertorials, mushy areas of journalism, fact checking can't always work. Crazy titles might be very deliberate

Sandro: scope is the whole web and especially news articles
... a few people care about all of the web
... our concern is about being mislead
... information that leads you to believe something that is false
... that could be marketing materials
... if headline is funny, but not false then you have been mislead
... there are fun articles but some ads where they went too far
... you will mislead a small fraction some of the time
... some line where it start

<phila> Karen: The creative community might go nuts over this. Example from NU Library - had done an exhibit, into social norms, looked at ants as an analogy of bad human behaviour.

<phila> ... Intent was a +ve artistic piece, but seen as horrible by media

Sandro: there is a classification you are trying to establish
... sometimes disinformation claims to be parity
... so you want platform to make sure the user sees it's parity

Phila: amazing that we are having this conversation
... my intro to web standards was to trust marks
... in those days
... when I was doing this work and then gave up
... educators; where does parity fit in
... Take Jane Austin novel
... writing about sex
... implications
... if journal has a good reputation and they break your rules, do you take the checkmark off
... it's the bits in the middle; extremes are easy

Sandro: My time is supported by Google and FB
... they are hoping to get some better data
... try to get more people to share the data they have
... won't be a perfect solution
... a mess right now
... let's try to make things better and not worse

Phila: It feels like [movie] Groundhog Day

Sandro: give more minutes
... Easy to comment

Matt Stone: looking back to comment on feedback risk

scribe: wondering how much time you should spend on that as an issue
... does not feel different from an escalating arms race
... try to do good, bad actors subvert it
... Seems like going back to original check box
... there are feedback groups happening
... not sure how much time to spend

ChristopherA: Comes back to social science people investigating trends
... it's not about facts
... facts push people further
... how people attach to personal identity and authority

Matt: biases; you want to believe X so you will

Sandro: Different strategies like inspection
... ends up in an arms race
... some signals are harder than others
... Corroboration is hard; no one cares about the facts
... transparency
... that does not stop someone from lying

ChristopherA: Trump is quite transparent

Sandro: try to have an overall architecture
... have a bunch of tools to use these strategies; give you a credibility store
... if any one or all flag as bad, I as user would appreciate

ChristopherA: even though I am a bit pessimistic
... there are a lot of small problems that can solve this
... like LinkedIn, small group accountability
... I would like to have this on Google docs

Sandro: Hypothes.is is fairly active in our group
... and want to flag Google docs
... we are out of time
... q?
... Thank you all for coming

- DRAFT -

Credible Web TPAC Breakout

24 Oct 2018

Attendees

Contents

Potential new web standards

Summary of Action Items

Summary of Resolutions

Scribe.perl diagnostic output