The traditional concept of a Web of Trust (WoT) originates from systems like PGP (Pretty Good Privacy) or CACert.org, where trust is built through a hierarchical structure of verified attestations. In these systems, each person vouches for the authenticity of another’s identity, either through personal relationships or official documentation. This creates a "tree" of trust, where you may not know every individual personally, but you trust them because they are vouched for by someone you trust.

For instance, in the PGP WoT, certificates are signed to indicate different levels of confidence in an individual’s identity. These levels range from casual introductions to personal verification, often involving face-to-face meetings or the presentation of government-issued IDs. This system is built around real-world identity validation, ensuring a robust anchoring in actual trust relationships.

In contrast, social platforms (like The Nostr or even Twitter) often use a follow system as a very loose form of "trust." When you follow someone, you are indicating some degree of interest or confidence in their content or identity. However, this trust is often implicit and not backed by the same rigor that PGP or CACert demands. A "follow" on a social platform does not mean that you have verified the identity or the authenticity of the person you're following in the real world.

The challenge with using a follow-list as a form of Web of Trust is that it lacks strong, real-world anchoring. There’s no inherent process to verify identities beyond someone’s claim or online presence. People might link their The Nostr public keys (npubs) to social media profiles, but this still falls short of a rigorous, verifiable trust model. Without an external oracle—like linking to an official, trusted source or a verified social profile—the system becomes more "obtuse," meaning it's harder to determine what level of trust is warranted.

In this sense, the term "Web of Trust" needs more precise definition when applied to systems built purely on social connections, as the trust is more fluid and less structured than in traditional identity verification frameworks.

I agree, terms need to be defined.

In the context of The Nostr, i've observed that if a profile is active (posts regularly) AND has many follows AND the "degree of separation" is a short path to a "trusted circle" of a community, than the identity should be treated as more authentic than ones that may have a large following but does not regularly post and is connected with "real" people. If an identiy is not posting regularly, then many people may be fooled to follow but they would never get pruned because they aren't posting often. On the other hand, if its an inauthentic identity that DOES post often, they will eventually get "sniffed" out by real people. The reason it needs to be anchored to some authentic group of people is to avoid the WoT scheme from being "scammed" by bots that post often and follow eachother.