Reputation and Trust Communities

I just bought a cell phone cover on eBay from someone in Hong Kong. Normally, I'd consider an international purchase pretty risky. But eBay provides a means for me to gain trust in someone living in Hong Kong. The trust is based on feedback from other eBay users. Each time an eBay seller completes a transaction, the buyer can rate the seller on a number of different points. When I bought my cell phone cover, I was able to review the seller's history on eBay and determine that other buyers were happy with their interactions with this seller. In the same way, sellers can see a buyer's reputation to determine if the buyer is trustworthy and therefore likely to complete the transaction. eBay's feedback system creates a social network wherein reputation can flourish. This social network aggregates the reputations of eBay buyers and sellers into a community of trust.

In that way, eBay is like a village where trustworthiness is based on one's reputation. First-time sellers, like strangers in the village, have no reputation and are thus viewed with suspicion. Over time, this changes for better or worse depending on the actions of the person. On eBay, identities, rather than people, gain a reputation over time, and that reputation can be used to judge a particular buyer or seller.

eBay, of course, is not the only example of a system where this kind of trust community has developed. MSN Messenger, for example, serves as the infrastructure that supports a community for securities traders. Over the course of time, individual traders, identified by the MSN Messenger ID, build a reputation based on what they say and do.

Similarly, over time, people build up trust in the email addresses of people with whom they've interacted. Unfortunately, as we've seen, the lack of credible authentication for those identities makes them subject to exploitation by email worms and viruses.

Given that communities of trust are so important to trustworthy interactions, we might ask how they are constructed. As illustrated in Figure 3-1, a community of trust has five components:

Let's look at how each component plays a part on eBay. First of all, eBay has established a set of rules and policies about how sellers and buyers should act and what they can and can't find out about each other. Buyers and sellers are represented by digital identities that are protected by an authentication system. There is a process

Communities of trust are supported by five components

Figure 3-1. Communities of trust are supported by five components


for establishing feedback, and this process is embodied in the feedback tools that are part of the eBay site. Finally, the economics of this trust community are simple: the sellers pay for any costs needed to maintain the system out of their commissions. Moreover, the buyers and sellers carry the risk of the transaction, not eBay, which cuts the cost dramatically.

In contrast, Public Key Infrastructures, which will be discussed in detail in Chapter 6, is an example of a technology that has failed to develop a widespread community of trust, at least among individual users. Its true that many have struggled with the technology and tools—current tools are too complex—but more importantly, the economics of widely issuing digital certificates has been a hurdle. A large part of the cost comes from that fact that certificate authorities are legally certifying that the holders of the certificates are who they say they are. This means that they are liable and carry at least a portion of the risk. Certificate authorities have to charge money to cover this potential liability.