Why Recovery Connections are Strong
Recovery connections can be used as a stronger connection than one that is simply subjectively labeled (such as “already known”), because they inherently have something at stake: the ownership of a BrightID account along with its verifications and links to apps. The value at stake makes it far less likely that a person would choose an attacker as a social recovery connection. The separation between sybil and honest regions would be maintained; this is what is meant by a “strong” connection: one that isn’t likely to span sybil and honest regions. By contrast, a “weak” connection could more easily be the result of social engineering and therefore connect an honest person to an attacker’s sybil. For example, it doesn’t cost much to label someone “just met,” so it can be done casually and would be considered “weak.”
Considerations for Graph Analysis
When someone chooses a recovery connection, the person they choose doesn’t have to agree to it. Even if they did, the relation would still be a directed one: the person choosing the recovery connection has much more at stake than the person accepting it; the connection is only strong in one direction. Several anti-sybil analysis methods rely on trust propagating through a graph of connections. When considering social recovery connections, trust would flow in the “strong” direction only or at least be greatly attenuated in the “weak” direction.