(originally published on NewOrder Newsletter, #12) ---[ 10,000 Monkeys and a Webpage . by Izik ] A lot has been said on the Peer2Peer structure and how flexible and useful it could really be. But in reality the only concept that has proven to be working on top of it, is mostly File sharing. The main advantage and disadvantage in the Peer2Peer structure is lack of the central server which acts as an authority figure. In this article I will explain a concept, a theory on how one can implement a trust system within a Peer2Peer structure, without any authority figure nor previous assumption toward peers in the network. To implement this concept we will take a goal, that goal will be to surf to a given webpage from within the Peer2Peer network, using the peers as proxies, thus providing the anonymity aspect. Each peer in our theoretical network is equipped with a simple plugin that accepts a GET request, processes it and then returns back the data. This situation is a bit tricky, as we relay on peers to give us back a piece of data which we never encountered before. This could easily be abused by evil peers to return a false or modified context to mislead us. So how can we trust a given peer to give us back the actual data without modifying nor fixing it? The answer is by applying democracy. Democracy in our case would be to a make a poll on the given GET request (e.g. GET /index.html) and sample back the results. If all the peers were telling the truth we should have only one type of result data, if for some reason a few peers decided to be evil and fake back the data or return it modified, the poll will let us know about it. To compare between one result and another we will use a hash function like MD5, and will go with the MD5 hash that has been returned most often. Of course this method isn't bullet proof, as massive amount of evil peers returning the same MD5 will poison the poll, and lead us into thinking that their data chunk/reply is the right one. But this as well can be dealt with. We can perform a polygraph test by accessing a dummy site which can be any site and sample different parts on it and keep the MD5 to ourself and ask the peers to go to the same site and examine first hand who's telling the truth and who's not. Another method could be the Human Factor as in some cases it would be easy to spot a context spoofing as such 'Wrong Picture' or 'Broken Text' and based on Human judgement to issue out individual trust levels for peers and increase their weight in the next poll. To conclude I would say it's possible to implement a trust system within an Peer2Peer structure without having a well defined authority server. It's just a matter of how much one is willing to risk.