Private torrent trackers have been doing this for a while. If some number of your downstreams act like shitheads - you get nipped and so do your other downstreams.

> Note that "attestation through a web of trust" means something like needing an invite from an existing user.

It's probably better to call this something like vouching and leave "attestation" as the contemptible power grab by megacorps delenda est. The advantage in using the same word for a useful thing as a completely unrelated vile thing only goes to the villain.

PGP’s web of trust was kinda bad privacy-wise in some regards, as it basically revealed your IRL social network.

If my PGP public key has 6 signatures and they’re all members of the East Manitoba Arch Linux User Group, you can probably work out pretty easily which Michael T I am.

Are there successful newer designs, which avoid this problem?

Then how can you have a community that is welcoming to people who are not part of the ingroup?

I want to create a community for immigrants. How would I make it welcoming to recent immigrants for whom no one can vouch?

A web of trust is a wonderful tool, but it's exclusive by design. This is a problem for some communities, even though it makes others much better.

Which is, funnily (?) enough, how a lot of IRL organizations used to be. And basically don't be of the wrong ethnicity or religion.

It still happens more informally today, of course, but it used to be a pretty (if un-spoken) part of how a lot of WASPy organizations operated to a greater or lesser degree.