FOAF, OpenID, and Trackback

Is a limited recursion through a FOAF graph based on OpenID the solution to Trackback? If that sentence isn’t understandable, don’t worry about it, but if it parses, continue…

The big problem, of course, is the initial trackback from those outside the limits of the graph. In such a case, the attempted trackback raises the barrier above which a bot can rise: you must have an OpenID and you must propose a path through the graph. Such trackbacks are submitted for moderation (who doesn’t check out those commenting on their posts? The A-Listers? Who gives a frack if this doesn’t work for them? As a person well up the power-curve of blogging (99.9th percentile), I can assure you that it’s not hard to read every mention that Technorati can find).  

OK, so the obvious failure mode is that Trusting Ted, who’s in my trustzone, allows into his zone a mole, who becomes a conduit for spammers. Several things occur to me about this: yeah, I have a blacklist in my trackback mechanism and it, too, is FOAF. Second, Trusting Ted FOAF probably has a distinctively low inbound:outbound ratio (again, the A-List bloggers love being supernodes, so they haven’t noticed that supernodes have downsides). Third, it seems to me that the graphs of spammer’s OpenID-based FOAFs would have characteristics: lots of transience, low connectivity to “real” FOAFs, non-power-law distributions (even if they developed mock supernodes, those would necessarily be transient), etc.

Given that the costs of any automated assault on such a system will approach zero, how is such a system vulnerable?