Formally modelling a trust network – a sign of hubris?

“Interactivity. Many-to-many communications. Pervasive networking. These are cumbersome new terms for elements in our lives so fundamental that, before we lost them, we didn’t even know to have names for them.” Clever man Douglas Adams. You see he wrote this in 1999 and clearly understood, even then, the nature of the web so much better than most of us do even today.

"Camp fire on the beach" by joaquimb. Used under license.
Camp fire on the beach, by joaquimb. Used under license.

As Douglas Adams points out the Internet is still novel – it’s very easy to forget that despite it’s incredible uptake the world has only had the Web since 1991. That’s really not very long. We are still getting use to it, still working out how to use it. But back in 1999 Douglas Adams clearly understood that one thing you shouldn’t be trying to do is model human trust and that’s because our brains do the job so much better.

Working out the social politics of who you can trust and why is, quite literally, what a very large part of our brain has evolved to do.

Although the Internet is a new technology, it is in many ways a return to a more traditional form of entertainment. The sit back and consume world of 20th century entertainment is the abnormality. TV, radio and the cinema are the aberrations because they aren’t interactive – all other forms of entertainment up until the early 20th century (and an increasing amount of entertainment since) are ‘interactive’ its just that we didn’t call them interactive entertainment because that would be silly – “a game of interactive cricket anyone?”

Unfortunately we currently looking at the Internet from the perspective of the non-interactive entertainment world of TV and radio. And that perspective isn’t helpful, as Adams puts it:

Newsreaders still feel it is worth a special and rather worrying mention if, for instance, a crime was planned by people ‘over the Internet’. They don’t bother to mention when criminals use the telephone or the M4, or discuss their dastardly plans ‘over a cup of tea,’ though each of these was new and controversial in their day.

Possibly because people see interactive entertainment as new and different they believe that they therefore need to build policies and models to express human trust into their web apps. The trouble is it just isn’t necessary – worse it doesn’t work. Our brains are great at working out who and what to trust – you just need to expose enough information so we can make the decisions. On the other hand it seems to me that attempts to formally model a trust network is a sign of hubris.

Of course you can’t trust what people tell you on the web anymore than you can trust what people tell you on megaphones, postcards or in restaurants… For some batty reason we turn off this natural scepticism when we see things in any medium which require a lot of work or resources to work in, or in which we can’t easily answer back like newspapers, television or granite. Hence “carved in stone.” What should concern us is not that we can’t take what we read on the internet on trust of course you can’t, it’s just people talking but that we ever got into the dangerous habit of believing what we read in the newspapers or saw on the TV – a mistake that no one who has met an actual journalist would ever make. One of the most important things you learn from the internet is that there is no “them” out there. It’s just an awful lot of “us”.

What you need then is not a model of trust instead you need a mechanism to answer back. You actually need a bit more than that – you need a mechanism to identify a person online – ideally wherever they appear on the web – via OpenID and FOAF for example. You also want to know who their friends are, or more specifically who claims to be friends with them. So for example, if I can see that someone is a friend of a friend I’m more likely to trust them than if neither I, nor my friends, have a connection with that person.

I also want to be able to read what they say and do online. If I can read their blog, look at their comments, check out their feed or twitter stream etc. then all the better. And since we are talking about online social networks this shouldn’t be too unreasonable.

Our brains are very good at processing this kind of social relationship information so we can assess whether or not we should trust a person, or more importantly to assess when and in which context to trust a person. I would trust Nick’s advice on say how to build my own home brew radio (in a lunch box) but not which pet to buy.

I remember Dan talking about the social graph and saying how he felt uncomfortable about the way XFN encouraged you to assert the nature of the relationship: “nope you’re not my ‘friend’ you’re an ‘acquaintance’ or ‘co-worker’ etc.” Which is why FOAF just has ‘friends’. This might be just because Dan is a nice bloke but I have to agree it is just a bit weird categorising the nature of your relationships the XFN way. But more pragmatically it’s also just not that helpful to model this information. All you really need is a mechanism to assert that there is a relationship and a URI to identify the person; you can then go and dereference the resource to work out whether you should trust that person or not for a given context.

Foo Camping

I’ve just published a short piece on my recent trip to San Francisco and the O’Reilly Foo Camp over at the BBC Radio Lab’s blog.

It was my first trip to San Francisco and I loved the city (you can see my photos on Flickr). But I was also struck my how meme friendly the place is. I guess that’s not that surprising – it’s a relatively small city with a high density of tech companies in and around the bay area, but none the less it does appear to be a good place for tech memes to arise and flourish. One reason why that corner of the world produces so much innovative technology?

Anyway below is my blog post as published on the Radio Lab’s blog.


“I’ve recently returned from a very enjoyable and educational trip to California where I was honored to be invited to attend the Social Graph Foo Camp. Although I do have to say that while I found the whole thing very exciting I was also, at times, left realising just how far behind some of the conversations I have become, it really is amazing how rapidly the issues and technology within this space are developing – and that’s in the context of a fast moving industry.

It was, however, clear that the really big issues are social not technological: user expectations, data ownership and portability. Although a key piece of the technology puzzle in all this is the establishment of XFN and FOAF which are going to play an ever increasingly important role in glueing different social networks together. And with the launch of Google’s Social Graph API (released under a Creative Commons license by the way) data portability is going to really explode; but with it expect more “Scoblegate” like incidents.

But the prize for getting this right are great, as illustrated by this clip of Joseph Smarr of Plaxo presenting on friends list portability and who owns the data in social networks.

For my part what I took away from this and other discussion is that although on the surface moving data between one social network and another is no different from copying a business card into Outlook people’s expectations make it different. People don’t (yet) expect the data they enter in one site to suddenly appear in another. But they do expect to be able to easily find their friends within a new network. Google’s Social Graph API will make it easier – but there will be a price, as Tim O’Reilly points out:

“Google’s Social Graph API… will definitively end “security by obscurity” regarding people and their relationships, as well as opening up the social graph to “rel=me” spammers. The counter-argument is that all this data is available anyway, and that by making it more visible, we raise people’s awareness and ultimately their behavior.”

Tied to all of this, of course, is the rise of OpenID, the open and decentralized identity system, and OAuth an open protocol to allow secure API authentication between application. Both of which appear to be central to most people’s plans for the coming year.

So what were the other highlights? For me I’m really exited by Tom Coates and Rabble’s latest Yahoo! project: Fire Eagle; which allows you to share you location with friends, other websites or services.

You can think of Fire Eagle as a location brokerage service. Via open APIs other people can write applications that update Fire Eagle with your location so that further applications that can then use it. So for example, someone might write an application that runs on your mobile that triangulates your position based on the location of the transmitters before sending the data to Fire Eagle. You could then run an application on your phone that let you know if your friends where near by, what restaurants are in your area or where the nearest train or tube station is.

Obviously what Fire Eagle also provides is lots of security so you can control who and what applications have access to your location data. I can’t wait to see what people end up doing with Fire Eagle and I’m hoping that we can come up with some interesting applications too.

Finally, XMPP, which I have to say caught me a bit by surprises. If you’ve not come across it before XMPP it’s a messaging and presence protocol developed by Jabber and now used by Google Talk, Jaiku and Apple’s iChat amongst others (with a lot more clients on the way if last weekend was anything to go by).

XMPP is a much more efficient protocol than HTTP for two way messaging because you don’t require your application to check in with the servers periodically – instead the server sends a signal via XMPP when new information is published. And there’s no need to limit that communication to person to person – XMPP can also be used for essentially machine-to-machine Instant Messaging which means you have real time communication between machines.

So based on last weekend’s Foo Camp it looks like XMPP, OpenID, OAuth are all going to be huge in 2008, Google’s Social Graph API and related technologies (FOAF and XFN) will result in some head aches while people’s understanding and expectations settle down but it will be worth it as we move towards a world of data portability.”