the client is in the hands of the enemy
Yes, of course, but if we start to talk in these terms, the first in line is the standard question: What is your threat model?
I also don't think there's a good solution to sockpuppetry short of mandatory biometrics.
But the existing reputation systems don't let you make that trade-off
Why not? The trade-off is in the details of how much reputation matters. There is a large space between reputation being just a number that's not used anywhere and reputation determining what, how, and when can you post.
very vulnerable to attack
Attack? Again, threat model, please.
"Bad" posters are tautologically a disincentive for most users
Not if you can trivially easy block/ignore them which is the case for Twitter and FB.
What is your threat model?
An attacker creates a large number of nodes and overwhelms any signal in the initial system.
For the specific example of a reddit-based forum, it's trivial for an attacker to make up a sizable proportion of assigned reputation points through the use of sockpuppets. It is only moderately difficult for an attacker to automate the time-consuming portions of this process.
I also don't think there's a good solution to sockpuppetry short of mandatory biometrics.
10% of the problem is hard. That does not explain the small amount of...
This thread is for asking any questions that might seem obvious, tangential, silly or what-have-you. Don't be shy, everyone has holes in their knowledge, though the fewer and the smaller we can make them, the better.
Please be respectful of other people's admitting ignorance and don't mock them for it, as they're doing a noble thing.
To any future monthly posters of SQ threads, please remember to add the "stupid_questions" tag.