Jane is travelling, and finds herself in an unfamiliar area. She turns a corner and sees a bank, a corner store, and a taxi. She's hungry and wants to get back to her hotel, so she enters the bank, uses her ATM card to withdraw some money, walks to the corner store and gets a local snack and drink, and finally hops in the cab and heads off.

How did Jane know that the bank could be trusted? How could she be sure that the food she was about to buy wouldn't make her sick? What convinced her that the taxi driver was on the level?

In the physical world, there are a variety of signals that Jane can use to establish a sense of trust. Some of these signals are physical in form such as the architecture of the buildings, the cleanliness of the taxi, and freshness seals on packages. Other signals are entirely conceptual such as brand recognition. In all cases however, Jane's assessment of trust is based on levels of familiarity. If Jane recognizes the name of the bank, she will likely trust it completely. Jane may also decide to trust the bank if she recognizes the pattern of the name of the bank (ie: First National Bank of Whereverland) or if its physical characteristics match her mental image of a bank. There is a chance that Jane will be fooled, but we tend to be very effective at pattern matching, and even small inconsistencies would very likely raise suspicion.

Jane returns home from travelling, and decides to go online and plan her next trip. After using a search engine to look for recommendations, she finds herself on an unfamiliar message board. She sees a link to a website that builds custom vacation packages. Jane likes this idea, and follows the link, submits her preferences and identification information, and charges her next trip to her credit card.

This time, when Jane had to make her assessment of trust, she had a similar set of signals to choose from. The name of the website may be a recognizable brand, or have closely matched a pattern that was familiar to Jane. The look and feel of the website may also have matched Jane's expectation of what a professional website looks like. Finally, and uniquely, her web browser may have provided some indication to Jane about how she should trust the website being viewed.

There are some fundamental differences between signals available to an individual in the physical and online worlds, and it is these differences that make internet users so vulnerable to attack.

• Tangibility: Perhaps the most obvious difference is that the physical world is tangible whereas the online world is not. When an individual visits a location in the physical world, they can examine it directly as opposed to through some intermediary interprative tool. As a result, we experience objects in the physical world in many more dimensions than those of the virtual. The additional dimensions (ie: touch, smell, depth, tactile sensation) all provide contextual signals which are absent from objects in the virtual world, and which can contribute to one's evaluation of trust.

• Cost of Impersonation: Related to tangibility is the cost of impersonation. Because physical world objects must be convincing in so many dimensions, and because the human brain is so adept at recognizing patterns and exceptions to patterns, the task of impersonating an entity in the real world is is both complex and costly. Virtual world objects, on the other hand, are easy to impersonate as they exist in far fewer dimensions. In fact, even authentic virtual world objects are frequently just endorsed impersonations of real-world counterparts.

• Familiarity: The virtual world is new and unfamiliar to many of its users. As a result, there is less of an expectation of how an entity should appear in the virtual world. While it is true that many virtual entities such as banks have patterned themselves after one another (ie: similar features, navigation structure and use of a prominent client login area) these patterns are young and malleable. The physical world, on the other hand, has well established patterns that result in a expectation of what an entity such as a bank would look like (ie: tellers, thick doors, slips of paper, a security guard.)

• Consistency: Signals from the physical world are consistantly presented to us through our own senses. We cannot modify our senses, merely intepret the signals that we recieve through them. In the virtual world, however, there is an intermediary between the entity and our senses. The web browser we are using can present an entity -- and signals about that entity -- in an arbitrary fashion. As a result, signals from the virtual world are not neccessarily consistently presented, but are instead dependent on the tool with which we are viewing the entity.

Evaluations of trust in the physical world are assisted by the fact that entities are tangible, costly to impersonate, familiar and consistently interpreted by our own senses. In the virtual world, however, we are hindered by the fact that entities are intangible, easily impersonated, unfamiliar and interpreted by clients that are not neccessarily consistent.

Any solution that aims to simplify the task of evaluating trustworthiness in the virtual world therefore needs to address these limitations on our abilities.

• • status notification areas
  • security status notification techniques
  • terminology used, technologies supported

• Arguments for consistency
  • ability to move from browser to browser w/o relearning metaphors
  • shapes user expectations
  • promotes clarity

• What we know doesn't work
  • techno-centric terminology
  • expecting users to think deeply on these issues

And then, if we feel that a recommendation is needed, I was going to take a flyer with:

• What we propose
  • simple notification with plain language to tell user if the site they are visiting is
    • real: this website is who it says it is
    • secure: this website is encrypted
    • recommended: this person says this website is safe
  • potentially match up "zones" with these ideas

Comments / Proposed Edits

• I use evaluation of trust as opposed to authentication - should I go through and edit that? Beltzner 02:20, 25 Jan 2006 (PST)