The combined reputations of the voters for a witness is certainly a candidate for a signal that this isn't just a hostile take over by a single entity.
The absolute number of votes to somehow weight the net weight of the Steem Power would also make this kind of attack harder.
Since reputation is currently only really a measure of the value of the upvotes an account has received (and downvotes), the more benefit a user gets from a high reputation, the more chance there is of them buying votes and self upvoting etc.
The effects on Proof of Brain also have to be considered.
A truly effective reputation algorithm would be great, but I am not sure it can be done without some kind of KYC.
I very much believe it's possible to create a reputation system without what is traditionally known as KYC and I plan to write more on that topic in the future, once I have some free time again.
Great ok, I look forward to it. The majority of examples I have seen so far which are used to determine important (life changing) outcomes are the kind seen in the Chinese social credit system, which obviously goes too far down the route of centralisation. As soon as outcomes are based on reputation, I think there is a need to ensure that the reputation applies to a unique person or entity. I know that Voice (EOS) uses a patented system for identity involving multiple phones, but I personally don't like systems that force users to own a specific piece of hardware, especially when there are well known health risks (documented over decades by countless scientific studies) relating to elements of the tech. :/
I'd be interested in an algorithm that sorted humans from bots and gave accounts a kind of real human score. How many apps so they use? Bio data to from input devices like phones, range of non automated behaviors. Something very hard to fake.
I follow a company called Biocatch which does invisible security for banks. Their systems are proprietary and patented but worth reading their public details.
There has been a system for reliably identifying spam and bots on Steem for a long time, but it's creator @andybets left STEEM for EOS and didn't reply to my messages when I tried to contact him last time.
That is incredibly useful. What a pity it's defunct. The issue with this kind of system is that it really needs to be somewhat closed source and the algorithms hidden to prevent reverse engineering.
Such ideas have been suggested in the past, but an attacker can easily distribute his Steem Power over many sockpuppet accounts to counter that.