Maybe a vote weighting that gradually gets heavier, the more honest your account is measured - you are observed upvoting good content, and flagging spam or viruses (imagine if the top HN commenters votes counted more than regular commenters...)? And rapid banning for those who upvote spam. Maybe you unlock additional feaures (like HNs downvote ability as you level up with karma). It might create a "race to the top" if you published a "karma list" of the top accounts... sort of like HN has with the leaders list https://news.ycombinator.com/leaders
The problem with those is always going to be sybil attacks: anyone can create tons of accounts and upvote themselves. Even cross-verification can be defeated: you just make a small network that upvotes each other in some obfuscated manner.
I think there are only two long term solutions:
- Introducing some kind of proof of work -- e.g. you do work to downvote/upvote;
- Some very "localized" reputation -- e.g. you trust the friends of your friends more.
Those ideas are behind the Bitcoin protocol and the Web of Trust, respectively.
In this case each would have it's problems: proof of work is inefficient by design and needs a good hash function not to be exploited; local reputation by design makes it hard to find new/unrelated content.
I don't think "proof of work" works here because upvoting/downvoting content needs to be cheap... how do you make it expensive for a dedicated malicious force but cheap for legitimate ratings? Proof-of-work as a sort of "sign-on" to enable propagating a new "account"? That is, you need to have 1 Ghz-hour of wasted computation in order to introduce a new cryptographic hash into the network as a sort of "payment to create an account"? Again, a dedicated spammer could have a machine farming accounts 24/7 while this "payment" to create an account would be frustratingly expensive to a new user.
The user wouldn't have to pay anything to create an account, just to vote. Sure, spammers can farm large amounts of reputation through botnets, but that's really expensive: you're putting a cost on it. The returns are already not so high for disseminating this kind of spam.
Having no reputation wouldn't mean you can't do anything -- just that what you do is less trusted and has lower priority.
By whom? Remember, we're talking decentralized. In Gnutella and the like there is no authority.
So if you want to take the Pirate Bay approach of providing a small authoritative list of "trusted moderators" through the web and have all the users use that filter, you have to keep it simple so that it can be easily replicated if the web-component gets taken down.
Complicating the web/authority component means mirroring it and resurrecting it becomes hard.
