Users of Question & Answer websites often include code fragments in their questions. However, large and unexplained code fragments make it harder for others to understand the question, thus possibly impacting the time required to obtain a correct answer. In this paper, we quantitatively study this relation: We look at questions containing code fragments and investigate the influence of explaining these fragments better on the time to answer. We devise an approach to quantify code explanations and apply it to ~300K posts. We find that it causes up to a 5σ (single-tail significant) increase in precision over baseline prediction times. This supports the use of our approach as an `edit suggestion': Questions with a low score could trigger a warning suggesting the user to better explain the included code.@en

Web3 is emerging as the new Internet-interaction model that facilitates direct collaboration between strangers without a need for prior trust between network participants and without central authorities. However, one of its shortcomings is the lack of a defense mechanism against the ability of a single user to generate a surplus of identities, known as the Sybil attack. Web3 has a Sybil attack problem because it uses peer sampling to establish connections between users. We evaluate the promising but under-explored direction of Sybil avoidance using network latency measurements, according to which two identities with equal latencies are suspected to be operated from the same node, and thus are likely Sybils. Network latency measurements have two desirable properties: they are only malleable by attackers by adding latency, and they do not require any trust between network participants. Our basic SybilSys mechanism avoids Sybil attackers using only network latency measurements if attackers do not actively exploit their malleability. We present an enhanced version of SybilSys that protects against targeted attacks using a variant of the flow correlation attack, which we name TrafficJamTrigger. We show how the message flows of Round-Trip Time measurements can be used to expose attack patterns and we propose and evaluate six classifiers to recognize these patterns. Our experiments show, through both emulation and real-world deployment, that enhanced SybilSys can serve a fundamental role for Web3, effectively establishing connections to real users even in the face of networks consisting of 99% Sybils.@en

The digital world is evolving toward representing - and serving the interconnection of - natural persons. Instead of depending on the intrastructure of Big Tech companies and governments, users can cooperate and use their hardware to form public infrastructure. Instead of existing by virtue of a reference in some institution's database, users can interact based on a digital representation of their own choosing. It is no longer sufficient to depend on users to act out of system-imposed altruism. A new digital world is emerging that aims to provide systems that respect the rights of users to control their own digital representation. The complete control over one's own representation and all the data that belongs to it is what we know as Self-Sovereignty. Solutions for digital Self-Sovereignty are wildly sought after, though their solution space remains woefully underexplored. Numerous global entities, e.g., the European Union, have stated their support for Self-Sovereign systems. However, many old problems of peer-to-peer systems that have gone ignored for decennia resurge with the need for Self-Sovereignty. For example, interconnections in peer-to-peer networks are vulnerable to attacks using fake identities and attackers can manipulate peers by depriving them of data. As most deployed peer-to-peer solutions have very little incentive for disruption by attackers, we have seen very few attacks. However, cryptocurrencies have shown that these attacks do surface when there is sizable monetary gain for attackers. In order to secure our future digital society, we must define and study these systems for Self-Sovereignty. In this thesis we take the first steps toward defining the systems that can power a Self-Sovereign "Web3" ecosystem. In particular, we explore systems that apply Self-Sovereignty for identity, for public infrastructure, and for the execution of shared code. We describe four prototype mechanisms to form a guide for future work and to derive their general properties. Each mechanism is evaluated as realistically as possible. Thereby, this thesis mostly fulfills an exploratory role to guide the further evolution of our digital world.@en

Digital identity is unsolved: after many years of research there is still no trusted communication over the Internet. To provide identity within the context of mutual distrust, this paper presents a blockchain-based digital identity solution. Without depending upon a single trusted third party, the proposed solution achieves passport-level legally valid identity. This solution for making identities Self-Sovereign, builds on a generic provable claim model for which attestations of truth from third parties need to be collected. The claim model is then shown to be both blockchain structure and proof method agnostic. Four different implementations in support of these two claim model properties are shown to offer sub-second performance for claim creation and claim verification. Through the properties of Self-Sovereign Identity, legally valid status and acceptable performance, our solution is considered to be fit for adoption by the general public.@en

Web3 networks are emerging to replace centrally-governed networking infrastructure. The integrity of the shared public infrastructure of Web3 networks is guaranteed through data sharing between nodes. However, due to the unstructured and highly partitioned nature of Web3 networks, data sharing between nodes in different partitions is a challenging task. In this paper we present the TSRP mechanism, which approaches the data sharing problem through nodes auditing each other to enforce carrying of data between partitions. Reputation is used as an analogue for the likelihood of nodes interacting with nodes from other partitions in the future. The number of copies of data shared with other nodes is inversely related to the nodes’ reputation. We use a real-world trace of Twitter to show how our implementation can converge to an equal number of copies as structured approaches@en

Successful classification of good or bad behavior in the digital domain is limited to central governance, as can be seen with trading platforms, search engines and news feeds. We explore and consolidate existing work on decentralized reputation systems to form a common denominator for what makes a reputation system successful when applied without a centralized reputation authority, formalized in 7 axioms and 3 postulates. Reputation must start from nothing and always reward performed work, respectively lowering and increasing as work is consumed and performed. However, it is impossible for nodes to perform work in a purely synchronous attackproof work model and real systems must necessarily employ relaxations to such a work model. We show how the relaxations of performing parallel work, allowing unconsumed work and seeding well-known identities with work satisfy our model. Our formalizations allow constraint driven design of decentralized reputation mechanisms.@en

Existing digital identity management systems fail to deliver the desirable properties of control by the users of their own identity data, credibility of disclosed identity data, and network-level anonymity. The recently proposed Self-Sovereign Identity (SSI) approach promises to give users these properties. However, we argue that without addressing privacy at the network level, SSI systems cannot deliver on this promise. In this paper we present the design and analysis of our solution TCID, created in collaboration with the Dutch government. TCID is a system consisting of a set of components that together satisfy seven functional requirements to guarantee the desirable system properties. We show that the latency incurred by network-level anonymization in TCID is significantly larger than that of identity data disclosure protocols but is still low enough for practical situations. We conclude that current research on SSI is too narrowly focused on these data disclosure protocols.@en