Trust levels

This post proposes a system of trust levels for SourceCred the system, which describe how we intend to handle the very real questions of adversarial actors and gaming resistance over different time scales.

The ideas proposed herein have been discussed informally within our community, but with somewhat confusingly varying semantics. It may help to have this shared reference to point to.

Please comment.

Note: The term trust levels as used in this post is largely separate from Discourse trust levels, which are a construct of our forum software and not related to the SourceCred protocol in any way.


To achieve its goals when applied to real-world projects, SourceCred will need to be resistant to gaming by people who explicitly (but perhaps covertly) attempt to maximize their short-term or long-term profits at all other costs. This is because SourceCred is intended to be used to allocate scarce resources, and so actors will have incentives to acquire those resources and may have no natural incentive to contribute back to the community or behave in accordance with our preferred norms.

However, full resistance to adversarial behavior will require substantial research, design, and implementation effort. Some of this effort cannot even begin until we have a fairly stable understanding of other parts of the pipeline. It doesn’t make sense to discuss defenses until we’ve defined the protocol in which everyone is to operate.

Furthermore, while the effort required to improve gaming resistance will surely bring us benefits in the long term, those benefits only materialize when they actually prevent gaming, which can in turn only occur if people are trying to game the system in ways that our existing systems cannot sufficiently mitigate. Thus, as long as our community remains small enough that manual chastising and blacklisting can rein in the renegades, we’ll receive no short-term reward for any effort spent on this. We have plenty of other initiatives into which we’d prefer to invest our energy.

Therefore, we propose that we change our approach to trust over time, and lay out a plan to do so.

Trust levels defined

We propose three trust levels, which characterize not the technical systems built by the SourceCred contributors but rather the composition of a community:

  • Trust level 3 (TL3): Collaborative. It is taken as common knowledge that everyone in the community is acting in good faith. People feel comfortable reflecting on their own incentives: “am I subconsciously skewing my ‘votes’ to benefit myself?”; “how have my motivations for votes, etc. changed over time?”. When asking the same questions of others, we trust that the responses are thoughtfully and truthfully given. Discussions of accidental or subconscious gaming are treated as precious data to be shared and analyzed, never as evidence of any kind of wrongdoing.

  • Trust level 2 (TL2): Wary. While the community’s core backbone of contributors are still dedicated to the original ideals, perhaps some new members are more interested in expanding their share of the pie rather than the pie as a whole. Primarily distinguished from TL3 because good faith is no longer a uniform assumption. Expect skewed voting records, underrecognition of others’ help, quarrels over attribution or allocation.

  • Trust level 1 (TL1): Alert. This community controls a scarce resource. That resource is considered intrinsically valuable by some people outside the community, who are willing to devote their time to acquiring that resource without much thought for scruples. Primarily distinguished from TL2 because gaming may now be the main goal rather than an opportunistic “side hustle” on legitimate contributions—noting, of course, that legitimate components may yet be a key component of effective gaming strategies! Expect voting cliques, sybils, chains of obfuscated self-dealing, attempts to corrupt structures of leadership and governance.

(As a point of syntax, note that the numbers decrease as the community is understood to be less trustworthy. That is, the number indicates the degree of trust, not the passage of time. This is for simplicity that “high trust level should mean more trust”, as well as consistency with systems like DEFCON or Discourse’s own trust levels.)


It’s important to recognize that trust level varies both with time and with community. As of late 2019, the SourceCred community is in TL3, but (e.g.) some cryptocurrency communities are surely in TL1.

A given iteration of the SourceCred system will be appropriate for some subset of trust levels. As of late 2019, SourceCred is probably only appropriate for communities in TL3. As we begin to service communities at lower trust levels—perhaps including our own at a later time—we’ll need to anneal down, investing into systems that can handle the corresponding heat.

Request for comments

Please provide feedback. Keep in mind that, above all, these levels are intended to be useful, so (e.g.) introducing additional trust levels should be done only if there is a compelling need.

This document is a reference for communication. It is not a specification. We may change it over time in accordance with our needs.



cc @decentralion @mzargham

This seems very similar to the SourceCred Trust Levels post from @mzargham a while back. Is the idea here just to focus solely on incentives for gaming at each trust level?

Thanks for the pointer! @decentralion and I had a feeling that something like this existed, but we couldn’t find it, so I wrote this up instead. I do want to counter-propose some things to that post, but I can take that discussion over there.

@burrrata thanks for finding that link, I had forgotten that post existed in such a clear form.

@wchargin, I really appreciate your writing this document; in my mind it’s the new “canonical reference” for trust levels. I think the expression is a bit clearer than in @mzargham’s original trust levels post, and I think re-ordering it (so that numerically higher trust levels == more trust) is a valuable bit of interpretive labor.

I’ve already found this post useful as I’m now linking to it from the SourceCred Beta and Pilot Partnerships post (pilot partners should be TL3 or TL2).

@wchargin, two asks:

  • Please add a “thanks to @mzargham for the [trust levels concept]” or similar to the root post, so that we properly flow cred.
  • Consider making the post a wiki so that others can help keep it updated over time.

Absolutely. Done, and linked to the original post, too, now that we’ve unearthed it. :slight_smile:

Sure, let’s try it. In general I’d encourage people to propose updates in comments or threads so that they can be discussed and agreed upon by the community rather than being effected as unilateral changes, so I’m not convinced that “wiki by default” is the right model, but I’m happy to see how it goes in a few cases.

@wchargin - would you mind PR’ing this against the docs repo so we can make this canonical?

Sure, I can do that today.

edit: For large values of todaydone.