Trust Jason Chalecki Usable Privacy and Security – Spring 2006.
-
Upload
eleanor-todd -
Category
Documents
-
view
221 -
download
5
Transcript of Trust Jason Chalecki Usable Privacy and Security – Spring 2006.
TrustJason Chalecki
Usable Privacy and Security – Spring 2006
Not much trust e-commerce sites
29% trust either "just about always" or "most of the time"
64% trust "only some of the time" or "never"
consumer advice sites 33% trust 59% low levels of trust
An online problem? small businesses
68% trust newspapers and television news
58% trust financial companies such as banks, insurance
companies and stockbrokers 55% trust
charities and other nonprofit organizations 54% trust
federal government 47% trust at least most of the time
From A Matter of Trust: What Users Want From Web Sites
Lost or lacking trust Napster (2003)
Very long pauses between songs. I dropped the service and haven’t been back, even though, when it worked, I loved it.
Jakob Nielsen (Alertbox 1999) Would probably love the eFax service, but didn’t sign up because he
would be locked in. Amazon.com (1999)
They admitted that many favorable reviews had been paid for But the flawed policy was terminated and the damage to the customer
relationship was mended by an offer to refund any purchase that had been based on a paid recommendation.
Trust is fundamental to security Lack of trust results in systems being ill-used
or used not at all Lack of understanding of trust results in
wrong decisions or no decisions Too much trust can be more dangerous than
too little E.g. I can open any file attachment because I run
anti-virus software
Fundamental questions How to reliably represent trust in different
interactions and interfaces How to transform trust-based decisions into
security decisions while maintaining the meaning of the trust-based decisions
What are the building blocks of trust How is trust fallible How can trust’s fallibility be addressed
Definition assured reliance on the character, ability,
strength, or truth of someone or something (Merriam-Webster)
Concerns a positive expectation regarding the behavior of somebody or something in a situation that entails risk to the trusting party (Patrick, Briggs, and Marsh)
Layers Dispositional trust
Psychological disposition or personality trait to be trusting or not
Learned trust A person’s general tendency to trust, or not to
trust, as a result of experience Situational trust
Basic tendencies are adjusted in response to situational cues
Granularity I trust you
I trust you this much
I trust you this much to do this thing
Another axis Hard trust
technology
Soft trust social
Processing strategies Heuristic approach making quick judgments
from the obvious information
Systematic approach involving detailed analysis of information
Credibility How is this different than trust?
Credibility How is this different than trust?
Credibility is believability Trust is dependability
“Credibility and Computing Technology”
Four Types of Credibility Presumed credibility. Reputed credibility. Surface credibility. Experienced credibility.
Presumed credibility Belief based on general assumptions
Reputed credibility Belief based on third-party reports
Surface credibility Belief based on simple inspection
Experienced credibility Belief based on one’s own experience
“Credibility and Computing Technology”
Four Types of Credibility Presumed credibility. Reputed credibility. Surface credibility. Experienced credibility.
How do these relate to the layers of trust?
Judgments of credibility Prominence
Involvement of the user Topic of the web site Nature of the user’s task User’s experience Individual differences
Interpretation Assumptions in a user’s mind Skills and knowledge possessed by user Context for the user
Time Initial trust Interactions Long-term trusted relationship
Trustworthiness Ability
Capacity to keep promises Integrity
Actually keeping promises Benevolence
Acting in another’s best interest
Bhattacherjee’s Model
Familiarity
Trust
Willingness to Transact
+ +
+
Lee, Kim, & Moon’s ModelComprehensive
Information
Shared Value
Communication
Uncertainty
Number of Competitors
Specificity
Trust
Transaction Cost
Customer Loyalty
+
+
-
+
+
+
-
-
+
Corritore’s Model
Credibility
Ease of Use
Risk
External Factors Trust
Perception of:
Egger’s Model (revised)
McKnight’s Model
Disposition to Trust
Institution-Based Trust (perceptions of the
Internet environment)
Trust Beliefs (perceptions of specific web vendor attributes)
Trusting Intentions (intention to engage in
trust-related behaviors with a specific web vendor)
Trust-Related Behaviors
Riegelsberger’s Model
TRUSTER TRUSTEE
OutsideOption
Withdrawal
Fulfillment
Separation in Space
+UNCERTAINTY
Separation in Time
+UNCERTAINTY
Trusting Action
Signals
Nonfulfillment
Models Comparison Can be successfully operationalized, typically
into questionnaires Components of trust
Ability Integrity Benevolence
Many factors may affect trust
Trust Design Guidelines1. Ensure good ease of use.2. Use attractive design.3. Create a professional image – avoid
spelling mistakes and other simple errors.
4. Don’t mix advertising and content – avoid sales pitches and banner advertisements.
5. Convey a “real-world” look and feel – for example, with use of high-quality photographs of real places and people.
6. Maximize the consistency, familiarity, or predictability of an interaction both in terms of process and visually.
7. Include seals of approval such as TRUSTe.
8. Provide explanations, justifying the advice or information given.
9. Include independent peer evaluation such as references from past and current users and independent message boards.
10. Provide clearly stated security and privacy statements, and also rights to compensation and returns.
11. Include alternative views, including good links to independent sites with the same business area.
12. Include background information such as indicators of expertise and patterns of past performance.
13. Clearly assign responsibilities (to the vendor and the customer).
14. Ensure that communication remains open and responsive, and offer order tracking or an alternative means of getting in touch.
15. Offer a personalized service that takes account of each client’s needs and preferences and reflects its social identity.
Stanford Guidelines for Web Credibility
1. Make it easy to verify the accuracy of the information on your site.
2. Show that there's a real organization behind your site.
3. Highlight the expertise in your organization and in the content and services you provide.
4. Show that honest and trustworthy people stand behind your site.
5. Make it easy to contact you.
6. Design your site so it looks professional (or is appropriate for your purpose).
7. Make your site easy to use – and useful.
8. Update your site's content often (at least show it's been reviewed recently).
9. Use restraint with any promotional content (e.g., ads, offers).
10. Avoid errors of all types, no matter how small they seem.
Stanford Persuasive Technology Labhttp://www.webcredibility.org/guidelines/
Jakob Nielsen’s Guidelines Design quality Up-front disclosure Comprehensive, correct, and current Connected to the rest of the Web
Trust or Bust: Communicating Trustworthiness in Web DesignJakob Nielsen's Alertbox, March 7, 1999http://www.useit.com/alertbox/990307.html
Guidelines Comparison
Professional appearance and ease of use are very important
Be correct and verifiable Be part of a larger community
Microsoft and Users and Trust
Trust Question Failings Often, the question being presented is a
dilemma rather than a decision Computers can’t help interpret emotional cues
because they behave in a purely logical way Users don’t want to deal with the trust issues
presented to them Users don’t want to reveal personal data
User Behavior What users say they do and what they actually do
often differ Users don’t necessarily want to think about the
consequences of their behavior Users make one-off decisions about trust Users conceive of security and privacy issues
differently than developers do Users have many superstitions about how viruses are
propagated
Before XP SP2
XP SP2
Help for “downloading” decision
Help for “running” decision
Recommendations Let users make trust decisions in context Make the most trusted option the default
selection Present users with choices, not dilemmas Always respect the user’s decision