Tags: trust

19

sparkline

Wednesday, August 15th, 2018

Google AMP - A 70% drop in our conversion rate. - Rockstar Coders

Google hijacking and hosting your AMP pages (in order to pre-render them) is pretty terrible for user experience and security:

I’m trying to establish my company as a legitimate business that can be trusted by a stranger to build software for them. Having google.com reeks of a phishing scam or fly by night operation that couldn’t afford their own domain.

Tuesday, May 29th, 2018

Superfan! — Sacha Judd

The transcript of a talk that is fantastic in every sense.

Fans are organised, motivated, creative, technical, and frankly flat-out awe-inspiring.

Sunday, December 17th, 2017

Mozilla betrays Firefox users and its nominal principles

That’s a harsh headline but it is unfortunately deserved. We should indeed hold Mozilla to a higher standard.

Monday, July 31st, 2017

The Evolution of Trust

Such a great primer on game theory—well worth half an hour of your time.

Friday, July 28th, 2017

Distributed and syndicated content: what’s wrong with this picture? | Technical Architecture Group

Hadley points to the serious security concerns with AMP:

Fundamentally, we think that it’s crucial to the web ecosystem for you to understand where content comes from and for the browser to protect you from harm. We are seriously concerned about publication strategies that undermine them.

Andrew goes into more detail:

The anchor element is designed to allow one website to refer visitors to content on another website, whilst retaining all the features of the web platform. We encourage distribution platforms to use this mechanism where appropriate. We encourage the loading of pages from original source origins, rather than re-hosted, non-canonical locations.

That last sentence there? That’s what I’m talking about!

Saturday, June 3rd, 2017

Christina Xu: Convenient Friction: Observations on Chinese UX in Practice on Vimeo

This was my favourite talk from this year’s Interaction conference—packed full of insights, and delivered superbly.

It prompted so many thoughts, I found myself asking a question during the Q&A.

Christina Xu: Convenient Friction: Observations on Chinese UX in Practice

Thursday, January 19th, 2017

Certified Malice – text/plain

Following from that great post about the “zone of death” in browsers, Eric Law looks at security and trust in a world where certificates are free and easily available …even to the bad guys.

Monday, January 16th, 2017

The Line of Death – text/plain

A thoroughly fascinating look at which parts of a browser’s interface are available to prevent phishing attacks, and which parts are available to enable phishing attacks. It’s like trench warfare for pixels.

Wednesday, December 7th, 2016

Designing digital services that are accountable, understood, and trusted (OSCON 2016 talk)

Software is politics, because software is power.

The transcript of a tremendous talk by Richard Pope.

Saturday, December 14th, 2013

Trust

My debit card is due to expire so my bank has sent me a new card to replace it. I’ve spent most of the day updating my billing details on various online services that I pay for with my card.

I’m sure I’ll forget about one or two. There’s the obvious stuff like Netflix and iTunes, but there are also the many services that I use to help keep my websites running smoothly:

But there’s one company that will not be receiving my new debit card details: Adobe. That’s not because of any high-and-mighty concerns I might have about monopolies on the design software market—their software is, mostly, pretty darn good (‘though I’m not keen on their Mafia-style pricing policy). No, the reason why I won’t give Adobe my financial details is that they have proven that they cannot be trusted:

We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.

The story broke two months ago. Everyone has mostly forgotten about it, like it’s no big deal. It is a big deal. It is a very big deal indeed.

I probably won’t be able to avoid using Adobe products completely; I might have to use some of their software at work. But I’ll be damned if they’re ever getting another penny out of me.

Friday, March 23rd, 2012

The Case Against Google

An in-depth look at where Google is going wrong.

Thursday, December 18th, 2008

Maybe the effort we go to as we think about the... · Ben Ward's Scattered Mind

"Facebook has rolled out an identity system — Facebook Connect — with a slick UI that trains a gazillion tech-naïve users to slap their identity credentials into any old website."

Sunday, June 29th, 2008

Mickipedia » Blog Archive » Social Networking Fatigue. I has it.

Good Reads is responsible for one of the most egregious abuses of trust — using the password anti-pattern to spam your address book. Micki has the details.

Wednesday, June 4th, 2008

Beyond CAPTCHA: No Bots Allowed! [Privacy and Trust]

Brothercake looks at the problems, issues, and alternatives to requiring a human to prove that they're not a bot.

Friday, March 14th, 2008

Coding Horror: A Question of Programming Ethics

A cautionary tale that explains just why the password anti-pattern needs to die. Coding horror indeed: in this case, 1,777 GMail accounts were compromised.

Wednesday, December 19th, 2007

QuirksBlog: Opera's antitrust complaint and political control of web standards

PPK points out a potentially dangerous aspect to Opera's actions, one that that the rest of us have missed: "Without consulting anybody, Opera is trying to give a political body the right to decide what does and what does not constitute a web standard."

Saturday, December 1st, 2007

Facebook's Misrepresentation of Beacon's Threat to Privacy: Tracking users who opt out or are not logged in. - CA Security Advisor Research Blog - CA

An excellent piece of research that shows how Facebook affiliates' cross-site scripting (Beacon) sends information back to the mothership regardless of whether the user has opted out.

disambiguity - » Design Ethics - Encouraging responsible behaviour

Leisa joins in on the password anti-pattern. As she says, this is a question of ethics. I've already made my position clear to my colleagues and clients. Have you?

Wednesday, April 25th, 2007

Identity and authority

When Richard talks, I listen. That’s a lesson I learned even before Clearleft existed. Right now Richard is talking about civility online mentioning the specific example of Digg—something I’ve touched on in the past.

If there’s any truth to the Greater Internet Fuckwad Theory then anonymity online can exacerbate the lack of civility. A key issue here is identity: you’re more likely to be rude or aggressive when posting an anonymous comment on a blog post than when you’re posting to your own blog—a place that’s associated with you and your online identity.

Just to be clear, when I talk about identity here I’m not talking about the issue of consolidating scattered online identities (a job for OpenID and, to a certain extent, microformats). I’m talking about identity as a basis for trust.

In order for an opinion to carry any weight online, the person posting needs to establish trust. A lot of the time this simply involves providing background material: “this is me, here are my photos, here are my bookmarks, etc.”

If you can’t provide a backstory, it’s becomes very hard to establish trust. Take for example the recent discourse on Flickr when some asshats ripped off Dan’s logo. To begin with, everyone was quite rightly joining the fray in support of Dan—with the exception of the Chief Executive Asshat from the rip-off company. But then some people showed up and started taking the side of the asshat. The other commentators did some quick’n’dirty background checks by simply clicking on the usernames and found empty photo pages. This lack of history pointed pretty strongly to these people simply being sock puppets.

But if your history establishes your identity and consequently your trustworthiness, then how can you instil trust if you’re just showing up to the party? As Kaliya was at pains to point out in her talk at the Web 2.0 Expo:

Trust is not an algorithm.

It’s important to realise that there’s a big difference between trust and authority. Trust is a personal judgement, different for everyone. Authority is a top-down value. There may well be an algorithm for authority—based on past achievements—but on the Web, authority isn’t nearly as important as trust.

Richard’s musings were prompted by an article in The Times that falls victim to the usual trap of mistaking a lack of authority with a lack of merit, citing the usual examples of Wikipedia and political blogs. The argument is based on the idea that someone who is paid to write (encyclopedias, newspapers, whatever) is likely to be more authoritative—and therefore trustworthy—than someone who writes merely because they have a passion for the subject. In my experience, the opposite is true.

Take some recent articles in The Independent:

These articles were written by journalists and so they have authority. Yet they are entirely without merit because the stories are sloppily-researched, hastily written and downright untrue. Authority, in this case, does not equate to merit. I am far more likely to trust a blog post by Ian Betteridge debunking the articles precisely because he wasn’t paid to write it.

The word “amateur” has come to mean “unprofessional and sloppy” in common parlance. But it wasn’t always that way. The word can also be used to refer to someone who does something out of passion and enthusiasm.

The problem with those articles in The Independent is not that they are amateurish: the problem is that they are professional.