This section presents the two algorithms for WhatsTrust that manages its main components, node algorithm and system algorithm. We explain each algorithm in more detail below.

#### 4.2.1. Node Algorithm

Consider a user ${n}_{i}$, which has newly joined WhatsApp (for illustration purposes, ${n}_{i}$ takes the pronoun he). At system initialization, all contacts of ${n}_{i}$ are added to his local trust list with positive rating set to one, as they are considered as friends, and negative rating set to zero as no negative interactions have taken place yet. As ${n}_{i}$ interacts with other users, he updates their trust information in his trust list as well as the global lists.

When a node

${n}_{i}$ (recipient) receives a message from node

${n}_{j}$ (sender),

${n}_{i}$ computes his opinion about node

${n}_{j}$. As illustrated in

Figure 4, WhatsTrust considers multiple cases based on whether

${n}_{j}$ is a friend or an acquaintance of

${n}_{i}$, a friend of a friend of

${n}_{i}$, a friend of multiple friends of

${n}_{i}$, or a stranger. If

${n}_{j}$ is a friend or an acquaintance of

${n}_{i}$, then

${n}_{i}$ would use his own local trust information in the trust list to compute his opinion about

${n}_{j}$ based on SL. Trust is modeled using four factors: belief (b), disbelief (d), uncertainty (u), and base rate (α). Based on [

9], the opinion of node

${n}_{i}$ about another node

${n}_{j}$, denoted by

${\omega}_{{n}_{j}}^{{n}_{i}}$, can be calculated based on Equation (1).

where b, d, u, and α ϵ [0, 1]. Their values are computed based on the ratings of previous interactions between any two nodes according to Equations (2)–(4):

where

P denotes the number of positive interactions and

N denotes that of negative interactions. The summation of b, d, and u is equal to one. The base rate α can take one of the two values based on whether the node is a friend or not, as shown in Equation (5):

If ${n}_{j}$ is not a friend or an acquaintance of ${n}_{i}$, then, $\mathrm{he}$ would send a request to his friends to check if they have interacted with ${n}_{j}$, and hence, have local trust information. Three scenarios are possible:

First, only one friend (e.g.,

${n}_{c}$) responds, in which case

${n}_{i}$ would request the trust information from

${n}_{c}$ and compute the trust opinion about

${n}_{j}$ according to Equation (6) below.

Second, multiple friends (e.g.,

${n}_{c}$ and

${n}_{k})$ respond. In this case,

${n}_{i}$ requests the trust information and computes the trust opinion about

${n}_{j}$ based on Equation (7) below.

Third, if no friend responds within a predetermined period of time because they do not know

${n}_{j}$ or for any other communication issues,

${n}_{j}$ is considered a stranger. Therefore,

${n}_{i}$ requests

${n}_{j}$’s reputation value from the system, which, in turn, searches for the node’s ratings in the reputable and uncertain user lists. Once it has been found, the system computes

${n}_{j}$’s reputation according to Equation (10), presented in

Section 4.2.2.

Once the opinion or reputation of

${n}_{j}$ is available, that value is compared to a trust threshold

t to decide if

${n}_{j}$ is trustworthy as shown in

Figure 4. The node

${n}_{i}$ is then in a position to informatively decide how to react to the message. If

${n}_{i}$ reacts positively to the message received by replying to the message, starring the message, and/or adding the sender

${n}_{j}$ to his contact list, a positive rating of

${n}_{j}$ is sent to the system, while if

${n}_{i}$ reacts negatively by blocking or reporting

${n}_{j}$, a negative rating is sent to the system, which accordingly updates the node reputation in one of the global lists. Additionally,

${n}_{i}$ updates the trust information of the sender locally. Therefore, if

${n}_{j}$ is a friend or acquaintance of

${n}_{i}$, the node will update his information in the local list, and if not, the node will be added to

${n}_{i}$’s local trust list. The node’s information is updated to reflect whether the recipient’s reaction is positive or negative. If the reaction is positive, the sender’s positive rating is incremented by one in both the local and global lists, while if the reaction is negative, the sender’s negative rating is incremented by one in both the local and global trust lists. The number of rating users in the global list is only incremented if this is the first time the sender has been rated by the recipient, which is an important constraint to eliminate the false ratings coming from collectively malicious nodes.

#### 4.2.2. System Algorithm

The WhatsTrust system algorithm for updating nodes’ global ratings and calculating their reputations is shown in

Figure 5. The system algorithm is designed to take into account the behavior of collectively malicious nodes. As explained earlier in

Section 1, collectively malicious nodes distribute harmful content and work together, to deceive other nodes, by giving each other positive ratings, to increase their reputation scores while negatively rates all other nodes. WhatsTrust considers two factors, namely the number of raters and the node reputation weight, to marginalize the harm of such behavior. Below, we explain the two factors in detail and how they are embedded within the algorithm.

When a new user

${n}_{i}$ joins WhatsApp, he will be added to the uncertain users list. Once a rating of this node has been received from a node

${n}_{j}$, the system updates

${n}_{i}$ rating in the list by incrementing the node’s positive or negative rating according to the rating received and increases the number of rating nodes if the node rates

${n}_{i}$ for the first time. The system computes

${n}_{i}$’s reputation based on Equation (8):

where

P is

${n}_{i}$’s positive rating,

N is his negative rating, and

m is the number of unique nodes who rated

${n}_{i}$. As shown in Equation (8), the positive rating of a node is multiplied by the number of rating nodes, and hence, a (good) node that receives his positive rating from a wide range of distinct nodes has higher reputation than a collectively malicious node that has the same positive rating but given by a smaller number of other collectively malicious nodes. After each update of the trust information of the node in the global lists, the system evaluates the node’s candidacy to move from the current list to the other based on the following rule:

Therefore, if ${n}_{i}$ is reputable (i.e., ${R}_{ni}\ge $ r) and currently exists in the uncertain users’ list, it is moved to the reputable users list. On the other hand, if the node is uncertain (i.e., ${R}_{ni}$ < r) and is currently stored in the reputable users list, the system moves the node to the uncertain users list. In our experiments, the value r = 0.5 gives the best results.

If the system receives a request for the reputation of a node

${n}_{i}$, it calculates the node’s reputation according to Equation (8). Next, the system computes the node’s reputation weight

${w}_{ni}$, which reflects the consensus of the ratings that a node receives. More weight is given to the rating of good nodes that have received consensus ratings from others, while less weight is given to the rating nodes that have received varying ratings from others. The reputation weight is calculated using Equation (9).

where

P is

${n}_{i}$’s positive rating and

N is his negative rating. Then the system computes the

${n}_{i}$ weighted reputation,

$w{R}_{ni}$, according to Equation (10), and then, sent to the node that requested it.