The Case for Reattempting Trust Graphs

Web2 spent two decades trying to compute trust and mostly failed. Crypto has spent its first decade avoiding the problem entirely, reducing trust to either a token balance or a signer list. I think it's time to try again, and this time we have the primitives to do it right. But there's a catch, and it's the whole ballgame: it only works if it's a completely open standard, owned by no one.

Trust Is a Graph, Not a Balance

Trust is relational. You trust someone because someone you trust vouches for them, or because you've transacted with them and they delivered, or because they've staked something they'd lose by betraying you. It has direction, it has weight, and it fades if it isn't renewed. In other words, trust is a graph.

Almost nothing we've built in crypto treats it that way. We've collapsed trust into one of two shapes: a number in a wallet, or a name on a multisig. Both are useful, neither is trust. A token balance tells you who can afford influence; a signer list tells you who was anointed. The actual web of who-vouches-for-whom, the thing every human community actually runs on, we've left on the table.

This isn't because the idea is new. The web2 era was, in large part, one long series of attempts to build trust graphs at scale. Most of them failed in instructive ways. Before arguing that crypto should pick the problem back up, it's worth being honest about why the last generation couldn't finish it.

A Short History of Web2 Trust Graphs

PageRank. Google's founding insight was that a link is a vote, and a vote from a trusted page counts more. That's a trust graph: trust as transitive, weighted link-flow. It worked spectacularly until it became worth money to game, and then an entire SEO industry sprang up to manufacture trust: link farms, paid links, comment spam. The lesson: any trust signal valuable enough to matter is valuable enough to attack, and a graph with no cost to add edges is a graph that gets flooded with fake ones.

The PGP Web of Trust. The most explicit attempt: people physically signed each other's keys, building a literal graph of cryptographic vouching. It was philosophically correct and practically dead on arrival. Key-signing parties were friction-heavy, the graph never reached critical mass, and in practice nobody revoked anything or let trust expire. The lesson: a trust graph that's too expensive to participate in never reaches the density it needs, and one with no decay or working revocation slowly fills with stale, meaningless edges.

Marketplace ratings (eBay, Uber, Airbnb). Reputation as an accumulated score, computed per platform. These actually worked, within walls. But they bred rating inflation (everything trends to five stars), retaliation dynamics (rate me badly and I'll rate you back), and total non-portability. Your years of eBay reputation are worthless on Airbnb. The lesson: trust computed inside a silo is captive to that silo, and the platform, not the user, owns the asset.

Klout, PeerIndex, and the influence-score era. A wave of startups tried to reduce your social standing to a single algorithmic number. They were opaque, trivially gameable, and quickly Goodharted. Once people optimized for the score, the score stopped measuring anything. The lesson: an opaque metric that people can optimize toward stops being a measurement and becomes a target. (Goodhart's law, in one sentence: when a measure becomes a target, it ceases to be a good measure.)

The platform social graphs (Google Circles, Facebook's Open Graph). The richest trust graphs ever assembled, and entirely owned by the companies that held them. The graph was the moat. You couldn't take it with you, couldn't inspect how it was used, and couldn't prevent its capture. The lesson: a trust graph owned by a platform is leverage over you, not a tool for you.

Step back and the failure modes rhyme:

• Sybil attacks. Cheap to create fake nodes and edges (PageRank, Klout).
• Gaming / Goodhart's law. The signal becomes a target and decays into noise.
• No decay. Stale trust counts forever (PGP, inflated ratings).
• No revocation. You can vouch but never effectively un-vouch.
• Lock-in / non-portability. Trust trapped in a silo (every marketplace).
• Opacity. Uninspectable computation you're forced to trust blindly (Klout).
• Centralization / capture. The platform owns the graph (Google, Facebook).

Every one of these is something crypto's primitives were, more or less, designed to address.

Why Crypto Keeps Dodging the Problem

Faced with the trust problem, crypto didn't attempt a better graph. It found two equilibria that let it skip the question.

The multisig. Trust as an explicit, hand-curated allowlist of signers. It's honest, you can see exactly who decides, and it's safe for small, high-stakes treasuries. But it's centralized by construction, it doesn't scale past a dozen-ish humans, and its brittle to churn: people leave, keys get lost, and rotating the set is a governance event in itself. The multisig says "trust these specific people" and stops there.

Token-weighted governance. Trust as purchasable stake. It's permissionless and it has a real Sybil defense: splitting your tokens across a thousand wallets doesn't buy you more votes, because weight follows the coins, not the addresses. But it's plutocratic by definition. It conflates owns a lot with is trusted, hands governance to whales and the exchanges holding their tokens, and gives a thoughtful delegate with a small bag almost no say. Delegation softens this, and projects like composable, off-chain voting power widen where weight can come from, but the underlying unit of trust is still the token.

These are the two poles crypto governance oscillates between: trusted-but-centralized, or decentralized-but-plutocratic. The interesting design space is the one we skipped: the synthesis in between.

Trust Graphs Between the Multisig and the Token

A trust graph is exactly that synthesis. Instead of buying influence or being appointed to it, you earn it through attested relationships, and those attestations are first-class, on-chain, programmable objects.

Picture weight that's a function of your position in a graph of vouches, not just your balance. A whale still holds tokens, but raw tokens no longer dominate; standing accrues to addresses that a web of credible participants actually trust. From the other direction, a multisig's membership stops being a frozen list of keys and becomes a derived property: the signers are whoever currently holds enough attested trust, which can rotate without a hand-managed ceremony every time.

That's the balance worth chasing. Against token-weighted plutocracy, the graph caps the influence of mere wealth, because edges are earned and (as we'll see) can't simply be bought. Against the centralized multisig, the graph decentralizes the signer set, because membership flows from attestation rather than appointment.

Agora already sits on most of the raw material. We hold delegate and multisig signer identity, proposal authorship, and the foundation-wallet attribution we described as a governance graph in our Clarity work, plus the OODAO machinery for binding off-chain identity to on-chain execution. The missing layer isn't the data. It's a principled way to let trust flow across it.

Three Fundamental Types of Trust Graph

Not every trust graph wants the same architecture. I'd argue there are three fundamental types, and most real systems are one of them.

Locked Snapshots. The graph is computed once and frozen, at a block or for an epoch, and used as-is for the duration. It's maximally auditable and tamper-evident: everyone can see the exact graph the decision ran against, and nobody can move an edge mid-vote. The tradeoff is that it can't react to new information once locked. This is the right shape for a single proposal, an airdrop allocation, or anything where reproducibility matters more than freshness.

Snapshot + Managed. Periodic snapshots, plus an operator who can publish updates, curate, or field challenges in between. This mirrors the Merkle-root-plus-challenge-window flow we built for composable voting power: a root is posted, participants can verify and contest it before it goes live, and the operator can refresh it on a cadence. It buys responsiveness without giving up auditability, at the cost of a trusted-operator surface that has to be deliberately minimized (bounded powers, challenge periods, public computation).

Organic. A continuously evolving graph where attestations accrue and decay in real time, fully on-chain and permissionless. No operator, no snapshot boundary: trust is a live quantity. This is the most expressive and adaptive form, and the hardest one to get right: it's where Sybil resistance is most fragile and where the cost of computing weight is highest. It's also the most genuinely crypto-native, and the one most worth building toward.

How the Math Has to Work

The reason this attempt can succeed where web2's couldn't is that we can now write the corrective properties directly into the system, on-chain, rather than bolting them on as policy. Each of the following maps to a failure mode from earlier.

• Decaying parameters. Trust ages out. An attestation loses weight over time unless renewed, so the graph reflects current relationships rather than accumulated history. This is the direct fix for stale trust, and it's the same instinct behind the re-attestation cadence in our Clarity tooling. Trust you don't refresh shouldn't keep voting for you.

• Scarcity. Attestation capacity can be optionally either bounded and costly. Each issuer gets a budget of trust to spend, or attestations carry a real cost, so trust can't be minted infinitely. This is the core Sybil defense, the thing PageRank and Klout lacked, because flooding the graph with edges now costs something the attacker can't cheaply replenish.

• Revocability. Attestations can be withdrawn, and the withdrawal propagates through the graph. Trust is a living claim, not a permanent badge. This is precisely what PGP's web of trust lacked in practice: the ability to say "I no longer vouch for this" and have it actually matter downstream.

• Non-transferability. Earned standing is bound to an identity, not packaged as a sellable asset. You can't buy someone else's reputation the way you can buy their tokens. This is the anti-plutocracy lever, the property that keeps the graph from collapsing back into "wealth equals trust."

• Sybil resistance via cost and topology. Weight may optionally depend on graph position and the number of distinct, independently trusted sources pointing at you, not on how many addresses you control. A thousand fake nodes vouching for each other contribute almost nothing if no trusted node points into the cluster. This is the topological answer to link farms.

• Transitivity with damping. Trust flows along edges but attenuates with distance, the way PageRank's damping factor kept authority from running away. A friend-of-a-friend-of-a-friend counts, but faintly, so distant or fabricated regions of the graph can't accumulate outsized weight.

• Portability. The graph lives on-chain and is owned by its participants, not by an application. It travels across apps and protocols instead of being trapped in one product's database. This is the structural fix for the lock-in that made every marketplace reputation worthless the moment you left.

• Transparency and verifiability. The computation is public and provable (Merkle proofs, on-chain attestations, reproducible weight calculations) so a result can be challenged rather than trusted blindly. This is the answer to the Klout problem: a metric you can audit is a metric that's much harder to quietly game.

None of these are exotic. Decay is a timestamp and a curve. Scarcity is a budget. Revocability is a second transaction. Non-transferability is a soulbound token. We have all of it. What we haven't done is assemble it into a coherent trust graph and point it at governance.

What This Looks Like in Practice

The abstraction is only worth as much as the things you can build with it. A few concrete journeys:

• Vendor scrutiny for a procurement council. You sit on a DAO's procurement council and you're about to commit treasury funds to a vendor. You stand up a managed trust graph of people qualified to scrutinize that commitment (domain experts, prior counterparties, affected contributors), and only their attested concerns carry weight in the review. The council curates who's in the graph; the graph decides whose scrutiny counts. Decay matters here: an expert who vetted a vendor two years ago shouldn't carry the same weight as one reviewing them today.

• Bicameral governance with deliberately mismatched graphs. A DAO splits decisions across two houses with intentionally distinct trust-graph properties, and the mismatch is the point. One house is token-weighted and fast, optimized for capital alignment; the other is an organic trust graph of long-tenured contributors with heavy decay and non-transferable standing, optimized for institutional memory. A proposal needs assent from both, so neither pure capital nor pure social standing can act alone. The two graphs check each other by design.

• Delegation that decays. A DAO keeps token delegation as the seed of voting weight, but runs it through a managed trust graph that discounts each delegation by how long it's been since the delegate last earned it: a vote cast, a forum post, a renewed delegation. Standing you were granted in 2023 and never refreshed quietly fades, so governance reflects who's currently trusted rather than who was popular three cycles ago. It's token-weighted governance with an expiry date.

• Grant review that resists capture. A grants or retroactive funding program derives reviewer weight from an organic graph of domain reputation rather than from who holds the most tokens or who volunteered first. Because standing is earned through distinct, independently trusted attesters and can't be bought, a well-funded applicant can't simply spin up reviewers to wave their own proposal through.

• A multisig whose membership is earned, not appointed. Instead of a frozen list of keys, a security council derives its signer set from a trust graph: membership goes to whoever currently holds enough attested standing, and revocation propagates, so a compromised or inactive signer loses authority without a hand-run governance ceremony every time the set needs to change. The multisig becomes a view over the graph rather than a static allowlist.

• Proposal rights gated by standing. To cut spam without gatekeeping by wealth, a DAO lets anyone with sufficient attested standing open a proposal, standing that decays, so dormant accounts lose the right and have to re-earn it. The bar is reputation, not balance, and it isn't permanent.

• Reputation that travels. A contributor's standing, attested across the DAOs they've actually worked in, is captured as a locked snapshot and used to seed an allocation or onboarding decision in a different community. Because the graph is portable and the snapshot is reproducible, the receiving DAO can verify the claim instead of taking a résumé on faith, the thing no marketplace reputation score could ever do.

Notice that these span all three types (locked, managed, and organic) and lean on different properties depending on what the DAO is optimizing for. That's the point of a graph: it's a substrate, not a single mechanism.

The One Non-Negotiable: It Has to Be an Open Standard

Here's the part I'm most sure about, and it's the part most likely to get compromised: a trust graph only works if it's a completely open standard, owned by no one.

This isn't an ideological preference. It's the lesson web2 already paid for. Every trust graph that got captured by a platform (Google's, Facebook's, every marketplace reputation score) failed its users in the same way: the graph became leverage over them rather than a tool for them. The moment one company owns the schema, the registry, or the canonical computation, the graph stops being trust infrastructure and becomes a moat. And a trust graph that's a moat is one its owner is structurally obligated to defend, gate, and eventually monetize against the people in it.

Crypto's primitives don't fix this on their own. You can put attestations on-chain and still build a closed system: a proprietary attestation format only your code can write, a canonical computation no one else can reproduce, a single front-end that's the only thing that can read the graph. That's just a platform graph with extra steps. The on-chain part is necessary but not sufficient.

To be clear, the non-negotiable is the openness of the standard, not unconditional permissionlessness. A trust graph can legitimately scope who participates, and plenty of real ones should. The line is honesty: gating has to be transparent and fixed at the onset, declared as part of the rules, never a switch flipped ex-post once people have already built on the assumption that it wouldn't be.

What sufficiency looks like is concrete:

• An open schema for what an attestation is. Anyone can issue and read one without permission, using a spec no single party controls. Formats like JSON-LD make this interesting.
• Optional and intentioned permissionless. some systems need a gatekeeper deciding who gets to be a node or an issuer. If so, it should be transparent and done at the onset. Not something that switched ex-post.
• Public, reproducible computation. The way weight is derived from the graph is specified openly, so any party can recompute and verify it, and no one's number is canonical because they say so.
• Multiple independent implementations. The standard is healthy only when several clients, indexers, and front-ends can read and write the same graph and get the same answer. One implementation is a product; many implementations are a standard.
• Credible neutrality. The rules apply the same way to everyone, including the people who wrote them, with no privileged backdoor.

This is also the only version that earns the network effects that make a trust graph worth anything. Trust graphs are dense or they're useless. PGP died for lack of density. Density only compounds when every protocol, DAO, and app can plug into the same graph instead of each spinning up a captive silo. An open standard is what lets the graph cross those boundaries; a proprietary one re-creates exactly the lock-in we're trying to escape. Openness isn't the nice-to-have on top of the design. It's the precondition for the design working at all.

Agora has no interest in owning this graph, and we'd argue no one should, including us. Our role is to help define and adopt the standard, contribute an implementation, and connect it to the governance systems we already support. The value isn't in owning the registry. It's in the governance that becomes possible once the registry belongs to everyone.

The Case, Plainly

Web2 didn't fail at trust graphs because the idea was wrong. It failed because the tools weren't there: no cheap way to make trust scarce, no native decay, no real revocation, no portability, no way to prove the computation without trusting the company that ran it. Crypto has, for the first time, all of those at once.

And it has somewhere to put them. The gap between the multisig and the token, trusted-but-centralized on one side and decentralized-but-plutocratic on the other, is exactly the space a trust graph is meant to occupy. We've been choosing between the two poles for years. We could build the thing in between instead.

But only if we build it open. The one way to repeat web2's mistake with better technology is to assemble all these primitives and then wrap them in a graph that someone owns. The whole case rests on the standard belonging to no one: open schema, reproducible computation, credible neutrality, declared rules. Get that part wrong and none of the rest matters.

If you're working on governance, identity, or reputation and you think trust deserves better than a balance or a signer list, we'd love to compare notes, especially on what the open standard should look like. This is a problem worth re-attempting, and worth getting right together.