trust jason chalecki usable privacy and security – spring 2006
TRANSCRIPT
![Page 1: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/1.jpg)
TrustJason Chalecki
Usable Privacy and Security – Spring 2006
![Page 2: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/2.jpg)
Not much trust e-commerce sites
29% trust either "just about always" or "most of the time"
64% trust "only some of the time" or "never"
consumer advice sites 33% trust 59% low levels of trust
![Page 3: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/3.jpg)
An online problem? small businesses
68% trust newspapers and television news
58% trust financial companies such as banks, insurance
companies and stockbrokers 55% trust
charities and other nonprofit organizations 54% trust
federal government 47% trust at least most of the time
![Page 4: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/4.jpg)
From A Matter of Trust: What Users Want From Web Sites
![Page 5: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/5.jpg)
Lost or lacking trust Napster (2003)
Very long pauses between songs. I dropped the service and haven’t been back, even though, when it worked, I loved it.
Jakob Nielsen (Alertbox 1999) Would probably love the eFax service, but didn’t sign up because he
would be locked in. Amazon.com (1999)
They admitted that many favorable reviews had been paid for But the flawed policy was terminated and the damage to the customer
relationship was mended by an offer to refund any purchase that had been based on a paid recommendation.
![Page 6: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/6.jpg)
Trust is fundamental to security Lack of trust results in systems being ill-used
or used not at all Lack of understanding of trust results in
wrong decisions or no decisions Too much trust can be more dangerous than
too little E.g. I can open any file attachment because I run
anti-virus software
![Page 7: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/7.jpg)
Fundamental questions How to reliably represent trust in different
interactions and interfaces How to transform trust-based decisions into
security decisions while maintaining the meaning of the trust-based decisions
What are the building blocks of trust How is trust fallible How can trust’s fallibility be addressed
![Page 8: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/8.jpg)
Definition assured reliance on the character, ability,
strength, or truth of someone or something (Merriam-Webster)
Concerns a positive expectation regarding the behavior of somebody or something in a situation that entails risk to the trusting party (Patrick, Briggs, and Marsh)
![Page 9: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/9.jpg)
Layers Dispositional trust
Psychological disposition or personality trait to be trusting or not
Learned trust A person’s general tendency to trust, or not to
trust, as a result of experience Situational trust
Basic tendencies are adjusted in response to situational cues
![Page 10: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/10.jpg)
Granularity I trust you
I trust you this much
I trust you this much to do this thing
![Page 11: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/11.jpg)
Another axis Hard trust
technology
Soft trust social
![Page 12: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/12.jpg)
Processing strategies Heuristic approach making quick judgments
from the obvious information
Systematic approach involving detailed analysis of information
![Page 13: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/13.jpg)
Credibility How is this different than trust?
![Page 14: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/14.jpg)
Credibility How is this different than trust?
Credibility is believability Trust is dependability
![Page 15: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/15.jpg)
“Credibility and Computing Technology”
Four Types of Credibility Presumed credibility. Reputed credibility. Surface credibility. Experienced credibility.
![Page 16: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/16.jpg)
Presumed credibility Belief based on general assumptions
![Page 17: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/17.jpg)
Reputed credibility Belief based on third-party reports
![Page 18: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/18.jpg)
Surface credibility Belief based on simple inspection
![Page 19: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/19.jpg)
Experienced credibility Belief based on one’s own experience
![Page 20: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/20.jpg)
“Credibility and Computing Technology”
Four Types of Credibility Presumed credibility. Reputed credibility. Surface credibility. Experienced credibility.
How do these relate to the layers of trust?
![Page 21: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/21.jpg)
Judgments of credibility Prominence
Involvement of the user Topic of the web site Nature of the user’s task User’s experience Individual differences
Interpretation Assumptions in a user’s mind Skills and knowledge possessed by user Context for the user
![Page 22: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/22.jpg)
Time Initial trust Interactions Long-term trusted relationship
![Page 23: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/23.jpg)
Trustworthiness Ability
Capacity to keep promises Integrity
Actually keeping promises Benevolence
Acting in another’s best interest
![Page 24: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/24.jpg)
Bhattacherjee’s Model
Familiarity
Trust
Willingness to Transact
+ +
+
![Page 25: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/25.jpg)
Lee, Kim, & Moon’s ModelComprehensive
Information
Shared Value
Communication
Uncertainty
Number of Competitors
Specificity
Trust
Transaction Cost
Customer Loyalty
+
+
-
+
+
+
-
-
+
![Page 26: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/26.jpg)
Corritore’s Model
Credibility
Ease of Use
Risk
External Factors Trust
Perception of:
![Page 27: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/27.jpg)
Egger’s Model (revised)
![Page 28: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/28.jpg)
McKnight’s Model
Disposition to Trust
Institution-Based Trust (perceptions of the
Internet environment)
Trust Beliefs (perceptions of specific web vendor attributes)
Trusting Intentions (intention to engage in
trust-related behaviors with a specific web vendor)
Trust-Related Behaviors
![Page 29: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/29.jpg)
Riegelsberger’s Model
TRUSTER TRUSTEE
OutsideOption
Withdrawal
Fulfillment
Separation in Space
+UNCERTAINTY
Separation in Time
+UNCERTAINTY
Trusting Action
Signals
Nonfulfillment
![Page 30: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/30.jpg)
Models Comparison Can be successfully operationalized, typically
into questionnaires Components of trust
Ability Integrity Benevolence
Many factors may affect trust
![Page 31: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/31.jpg)
Trust Design Guidelines1. Ensure good ease of use.2. Use attractive design.3. Create a professional image – avoid
spelling mistakes and other simple errors.
4. Don’t mix advertising and content – avoid sales pitches and banner advertisements.
5. Convey a “real-world” look and feel – for example, with use of high-quality photographs of real places and people.
6. Maximize the consistency, familiarity, or predictability of an interaction both in terms of process and visually.
7. Include seals of approval such as TRUSTe.
8. Provide explanations, justifying the advice or information given.
9. Include independent peer evaluation such as references from past and current users and independent message boards.
10. Provide clearly stated security and privacy statements, and also rights to compensation and returns.
11. Include alternative views, including good links to independent sites with the same business area.
12. Include background information such as indicators of expertise and patterns of past performance.
13. Clearly assign responsibilities (to the vendor and the customer).
14. Ensure that communication remains open and responsive, and offer order tracking or an alternative means of getting in touch.
15. Offer a personalized service that takes account of each client’s needs and preferences and reflects its social identity.
![Page 32: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/32.jpg)
Stanford Guidelines for Web Credibility
1. Make it easy to verify the accuracy of the information on your site.
2. Show that there's a real organization behind your site.
3. Highlight the expertise in your organization and in the content and services you provide.
4. Show that honest and trustworthy people stand behind your site.
5. Make it easy to contact you.
6. Design your site so it looks professional (or is appropriate for your purpose).
7. Make your site easy to use – and useful.
8. Update your site's content often (at least show it's been reviewed recently).
9. Use restraint with any promotional content (e.g., ads, offers).
10. Avoid errors of all types, no matter how small they seem.
Stanford Persuasive Technology Labhttp://www.webcredibility.org/guidelines/
![Page 33: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/33.jpg)
Jakob Nielsen’s Guidelines Design quality Up-front disclosure Comprehensive, correct, and current Connected to the rest of the Web
Trust or Bust: Communicating Trustworthiness in Web DesignJakob Nielsen's Alertbox, March 7, 1999http://www.useit.com/alertbox/990307.html
![Page 34: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/34.jpg)
Guidelines Comparison
Professional appearance and ease of use are very important
Be correct and verifiable Be part of a larger community
![Page 35: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/35.jpg)
Microsoft and Users and Trust
![Page 36: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/36.jpg)
Trust Question Failings Often, the question being presented is a
dilemma rather than a decision Computers can’t help interpret emotional cues
because they behave in a purely logical way Users don’t want to deal with the trust issues
presented to them Users don’t want to reveal personal data
![Page 37: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/37.jpg)
User Behavior What users say they do and what they actually do
often differ Users don’t necessarily want to think about the
consequences of their behavior Users make one-off decisions about trust Users conceive of security and privacy issues
differently than developers do Users have many superstitions about how viruses are
propagated
![Page 38: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/38.jpg)
Before XP SP2
![Page 39: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/39.jpg)
XP SP2
![Page 40: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/40.jpg)
Help for “downloading” decision
![Page 41: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/41.jpg)
Help for “running” decision
![Page 42: Trust Jason Chalecki Usable Privacy and Security – Spring 2006](https://reader036.vdocument.in/reader036/viewer/2022062422/56649e8e5503460f94b9235c/html5/thumbnails/42.jpg)
Recommendations Let users make trust decisions in context Make the most trusted option the default
selection Present users with choices, not dilemmas Always respect the user’s decision