Love all. Trust a few. Do wrong to none.

-- William Shakespeare

In the real world, establishing trust is something we expect to take time, something developed through familiarity and experience, and tested in interaction and results. Years ago I read that when you meet someone you make up your mind about that person within the first 5 seconds and do so, to all intents, permanently.

Not surprisingly, establishing trust online is a whole different can of worms. Online the clues are missing. There's no opportunity to press flesh and see people's expressions, no way to pick up the nuances of gesture and voice that are evaluated in the blink of an eye through the experience of a million years of evolution.

This problem was dealt with in the legendary product Pretty Good Privacy (PGP) through the concept of a "web of trust." PGP is a system for encrypting data (messages, files -- pretty much any digital content) using strings of numbers called "keys." The data is accessible to only the sender and the recipient, and each party can establish the identity of the other party. This leads to interesting features such as the ability to ensure that the sender can't repudiate a message or other content once sent.

Of course, the problem here is that the core of the system is the keys, and to know that a particular key belongs to a specific person requires that either you meet that person and he gives you a copy of his key or someone else you trust -- who in turn trusts the person you are trying to authenticate -- verifies that person's key.

So to make it possible for someone else to confirm your identity, you have to get him to "sign" your key and, of course, you sign his. And once you've done this with a few people, you and they become part of what is called a "web of trust".

This is good, but still rather technical. Moreover, all the PGP web of trust says about the people involved is that the key that they claim is theirs, really is theirs. Wouldn't it be nice to be able to find out more about someone, such as are they a reliable judge of good music, is their opinion on software useful, or do they know what they are talking about in their wine-tasting notes?

This is the territory of a few online services that aim to create webs of trust for a broader range of topics. I've been looking at one of the entrants in this market, RepCheck (www.repcheck.com).

The idea behind RepCheck (a free service at present) is that members, who are verified through credit card checks, score each other on attributes that include trustworthiness, respect, honesty, responsibility, compassion and creditworthiness.

What an interesting idea. In theory, I can look you up and see whether other people think you are honest and do business with you accordingly (note that you can rebut negative comments).

The key to RepCheck working well will be to get as many people registered as possible so opinion is "averaged out" -- preventing one person from destroying or over-inflating your reputation. This also requires that if you sign up, you start rating other people to get the network going.

RepCheck plans to make money from licensing its technology and adding premium services in the future. I think this is a fascinating and valuable idea, but I think that given the current level of paranoia about online privacy, it could be hard to jump-start the site.

» posted by ITworld staff

Network World

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine