Are you familiar with the UAC prompt in Vista?
Or the “%Application would like to use your current location” prompt on the iPhone?
We – the nerds – can make fairly accurate decisions about the security of a product.
My mum probably can’t. Strangely, she’s being asked all the same questions as I am.
This disconnect is something that Aza, Atul and Jono at Mozilla Labs are trying to solve. Last night, the team discussed some of these issues at an open Labs event held at the Twitter offices. Can your computer just know what the right answer is without pestering you? How can it get that information?
Let’s say that you come across a piece of code on the web that you want to use. This could be:
- A Ubiquity script
- A Greasemonkey script
- A Facebook application
- A regular thick client application for your PC or mobile device
We can extend this idea a little further. Let’s say you come across a piece of information on the web that you want to use. Do you trust it? This could be:
- A blog entry detailing how to set up X11 for your video card
- A forum post on how to optimise your website for online advertising
- A site giving out fashion tips
- Or whatever
There are a few different ways of figuring out whether you trust information.
- Do you judge it, or do you take someone else’s word?
- Whose word do you take? Someone you know? Someone you don’t know? An authority?
- Does that degree of trust change over time?
- Can you just mitigate the risk of bad information / naughty code?
You Judge It Yourself – a traditional solution
If the user is looking at something they’re familiar with – a regular person looking at fashion tips, or a geek looking at code, this can work well enough. If it’s an area you’re not familiar with, you might be able to use some extra information to guide your way.
Does the information seem sensible?
Is it spelled correctly?
Is someone proposing that you wear A-line flares with pockets in the knees?
As before, the problem here – especially with code – is that not many people have the skills to review the thing accurately.
Mitigate The Risk – also known as sandboxing
In the case of code, allow it to execute in an area where even if it is naughty code, it can’t do too much damage. Or, you test out some advice on your online advertising strategy with 1% of your user population only. Or, you decide to wear your new clothes around the house, and invite some specific people in to check out how you look.
There are two obvious downsides. One, setting up a sandbox can be annoying. Two, you are probably going to have to restrict what sandboxed code can do. If you look fabulous in your new outfit, you probably want to be out on the street rather than inviting just a few people over.
Take Your Friends’ Advice
Women shop for clothing, in general, in a very particular way. They gather together in a group, try on outfits, and ask their friends / gay male friends / husbands how they look.
Frankly, the thought fills me with dread. But it works. It’s another trust model – basing your trust of information or content on people that you trust.
In real life, that trust is weighted. You might trust your friend Alice’s opinion on style, but Bob doesn’t quite have it.
Online, we might think of using a social graph like Facebook to pick up who trusted what. For example, when you consider adding a new Facebook application, FB tells you how many of your friends have added the application. That’s great, but it makes two important assumptions:
- If someone trusts you, you trust them
- You trust all of your friends equally
… neither of which is always true in real life. For example, if you want to install a piece of code and you want to know if it’s malicious, you’d probably trust the geeks you know more than your friend in marketing.
Take Everyone’s Advice
When you look up a popular item on Amazon.com, a whole bunch of people have reviewed it and given their opinions. With enough volume, these add up to sensible suggestions of which movies are good, and so on. When browsing the App store, the number of people who have downloaded a top 10 app adds up to a sensible suggestion of which apps are useful and don’t screw too much with your phone.
Also known as the wisdom of crowds.
This works very well at scale. When you’re starting off, the effect of outlier reviewers in the population is large, so it doesn’t work so well. Too many good startups flounder because of this – they’d work great at scale, but getting scale is tough.
The further assumption here is that everyone’s opinion has equal value.
Believe The Popular Kids
If we break that assumption, we can weight the opinions of some people over others. For example, in a web forum, one poster might have a better reputation that others, so you might trust their advice over someone else’s.
The more authority someone has, the more trust you have of their opinions, and the more weight you apply to them.
Don’t read beauty magazines, they will only make you feel ugly
If you don’t take Baz Lurhmann’s excellent advice, and you do read beauty magazines, you might be taking your fashion tips from an authority. SSL works in the same way – you trust that a website is who they say they are, because they registered with a certificate authority. This is having the ultimate trust in someone or something, because they are the ultimate authority.
OK – thanks. What was the question again?
How can your computer understand whether a piece of code it comes across on the web should be trusted?
- You could trust an authority to tell you.
- You can take advice from your friends.
- You can let everyone vote with their feet, and follow the crowd.
- You can try and figure it out for yourself.
- Maybe you can sandbox and not have to worry about it.