Web of Trust 2025-12-16
Web of Trust came up the other day and I realized I had never written about it. For something so central to decentralized systems, it deserves a post.
Current Internet
The current internet relies on trusted centralized entities. We query DNS servers for domain name resolution. We check Certificate Authorities to validate SSL keys. If these are compromised, any website can be impersonated.
There are other scenarios where you are trusting centralized applications. When you go to someone's social media profile, you are trusting the site to show you correct information. When you check a business review online, like on Yelp, you trust the site to give you accurate reviews. These centralized entities have a lot of power to manipulate what you see.
When you go to social media and lookup a celebrity, there can sometimes be lots of fake accounts impersonating them. Some networks try to solve this by verifying identity and adding a Blue Checkmark to trusted profiles.
Decentralized Trust
We don't have to rely on centralized entities. Public key infrastructure provides a way for decentralized trust. With public keys, you can verify that a message came from a specific person without needing a central authority.
But there is a bootstrapping problem: how can you trust someone's public key if you don't know them? You find someone you know in common. Or a chain of people you know in common. Or every chain of people you know in common.
The idea is that people publish who they trust. From this data you can create a web of connections. Using this trust web, you can calculate trust of indirect connections.
This concept has been around for decades. PGP introduced web of trust in the early 90s for verifying encryption keys. People would attend "key signing parties" to verify each other's identities in person and sign each other's keys. The more signatures your key had from trusted people, the more others could trust it.
For instance, I might know Alice and Bob, but not Carol. But both Alice and Bob know Carol and trust her. If I trust both Alice and Bob, and they trust Carol, then I can give Carol some trust. The more connections I have in common with someone, the more I can trust them.
This is how the real world already works. Humans build relationships with each other. The less connected we are with someone, the less we trust them. If I need my car repaired, I ask around to get trusted friends' opinions.
Consider a street vendor versus a storefront. At least a storefront has an identity. If you get sick from the food, you have somewhere to return to. A street vendor is basically anonymous. You have little recourse if something goes wrong. Trust is built through identity and reputation.
Even the internet already works like this in some ways. On Twitter, anyone can pay for a checkmark, so verification means little. Impersonation is common, especially in niches like crypto. One way people combat this is by checking "Followers you know" on a profile. The more people you know who follow someone, the more likely you are to trust them.
Memo Web of Trust
Memo is a decentralized social networking protocol. There is no central entity for people to trust. The Memo website is centralized, but it is just one front-end. The Memo website could implement some centralized trust, but that would defeat the purpose of Memo. Memo is meant to work without the website.
Being decentralized, Memo has no enforcement of unique names. Since the beginning there has been an account with the name Memo. People started creating clone impersonation accounts with the same name and profile. Impersonation accounts started posting fake information and misleading users. It was the wild west and no one knew who to trust.
Memo implemented web of trust to address impersonation. Accounts you don't directly follow are given a score. The score is based on how many of your connections are connected to them. The more connections in common, the higher their score. This pretty much solved the problem, even at a small scale like Memo.
Web of Trust becomes more robust at scale. It creates a tight web that becomes more difficult to subvert. It incentivizes being trustworthy. As Web of Trust becomes more used, people won't want to lose connections or trust with others.
Web of Trust is not a new idea, but it is an underutilized one. If we want a more decentralized internet, having a robust way to establish trust without relying on central authorities is essential. Instead of asking a company to verify someone for you, you can rely on your own network of trusted connections. Not only does Web of Trust bring individual freedom and remove dependency on centralized entities, it unlocks a world of innovation opportunities.