Some websites on the Internet allow access to services or data after the
user authenticates using an account created at the website. Another way
of authenticating at the website is by using a social account. This
mechanism is generally implemented using delegated authorization
protocols such as OAuth, Facebook
Connect or OpenID. The user is redirected to the social network and
then requested to authorize the website. During this authorization
process, the website requests the user to share personal information.
User is allowed access to the website's service or data after the
personal information is shared. Pop up dialogs asking the user to share
personal information is common. This is the beginning of mistrust.
The well advised user understands the implications of sharing personal information although sometimes the potential implications are exaggerated. The dilemma results in the user either denying the access to personal information or allowing access and worrying about the possible problems it may cause. Similarly, dummy accounts are created by users just to access the website. The website's data collection systems may capture user information that is of no business use.
In either case a participant ends up worrying or loosing. This environment of mistrust does not benefit anyone. A system were mutual trust is built over time is needed. The idea should be to build trust over time and exchange data once the trust levels are reached.
It could start with the user agreeing to share personal information under the trust that the website will not use it initially. Over time, The user might visit the website again. This would mean that the user is interested in the service provided by the website. At this point, one can conclude that the trust level from the user's point of view has increased and the website could start using some of the personal information that was shared initially by the user. If the user accesses the website repeatedly the user's trust level could be increased further thus allowing the website to access more personal information belonging to the user.
The website might use account reputation services to identify the legitimacy of the user. Bogus accounts created by machines or accounts that are created on the fly just to access the website need to be identified. The website can collect valid information if the bogus accounts are filtered. The trust level from the website's point of view will be increased based on the reputation of the user.
An integrated system where trust is built over time will benefit users and websites. Advertising to users can be improved over time, website can categorize data based on trust levels per user and the users need not worry about loss of personal information.
The system mentioned above can be implemented using existing solutions. Trust is not a one way street. All parties involved should do their bit to build trust.
The well advised user understands the implications of sharing personal information although sometimes the potential implications are exaggerated. The dilemma results in the user either denying the access to personal information or allowing access and worrying about the possible problems it may cause. Similarly, dummy accounts are created by users just to access the website. The website's data collection systems may capture user information that is of no business use.
In either case a participant ends up worrying or loosing. This environment of mistrust does not benefit anyone. A system were mutual trust is built over time is needed. The idea should be to build trust over time and exchange data once the trust levels are reached.
It could start with the user agreeing to share personal information under the trust that the website will not use it initially. Over time, The user might visit the website again. This would mean that the user is interested in the service provided by the website. At this point, one can conclude that the trust level from the user's point of view has increased and the website could start using some of the personal information that was shared initially by the user. If the user accesses the website repeatedly the user's trust level could be increased further thus allowing the website to access more personal information belonging to the user.
The website might use account reputation services to identify the legitimacy of the user. Bogus accounts created by machines or accounts that are created on the fly just to access the website need to be identified. The website can collect valid information if the bogus accounts are filtered. The trust level from the website's point of view will be increased based on the reputation of the user.
An integrated system where trust is built over time will benefit users and websites. Advertising to users can be improved over time, website can categorize data based on trust levels per user and the users need not worry about loss of personal information.
The system mentioned above can be implemented using existing solutions. Trust is not a one way street. All parties involved should do their bit to build trust.
