In consent we trust

The concept behind Consento - Human-Factor Authentication - requires trust. Consento aims at delivering a novel way to securely store confidential data encrypted without central cloud solution, and access them without depending on complex passwords. Instead, with Consento users can request the consents of peers they have decided to rely on.

Such a new way to secure confidential data requires appropriate UX (user experience) & UI (user interface) to guide users in handling data privacy. But before discussing about the right UX/UI, we need to discuss a bit about a fundamental object: trust.

Indeed, before it comes to build trust in the UI, we need to build trust in the system. And before the system, there is the belief in the system. Consento story requires quite some thoughts about various forms of trust: trust in the system build by the web of devices, and in the other peers who act as trustees, if not also trust in the Consento business and team itself. So, to start with, what do we speak about when we speak about trust?

Trust

We like the definition of trust as "a psychological state comprising the intention to accept vulnerability based on positive expectations of the intentions or behaviour of another"(Rousseau et al., 1998). Trust depends both on the individual abilities to trust and on the trustworthiness another is able to display.

Said otherwise, trust is neither a cognitive process nor an innate human feature, it is both (Mújdricza, 2019). Studies have shown that trust is an a priori given human faculty, and therefore the possibility of trust is always present. But visual cues, human contexts and past experiences affect positively or negatively the level of trust. Trust happens to be 'learned' more than 'earned', and it requires a certain affective warmth for a start.

Contemporary online experiences of trust

Internet users experience online services as a fast pace changing context. They regularly confront with new offerings, new companies, new standards, etc. In such an uncertain context, the aspect of trustworthiness can be built on social constructs like reliability and on individual constructs like integrity (Rousseau et al., 1998).

Among the services internet users experience online (van der Werff et al., 2019), display of trustworthiness emerge on levels such as reputation systems, third party endorsement, transparency mechanisms, etc. And novel ones keep on emerging.

• The reputation systems provide a hint about trustworthiness based on other peers' previous experiences, as well as an incentive to behave trustworthy. Think for instance about peer-to-peer platforms tw-ways rating systems.

©️ by Blablacar

Efficient 2-ways rating systems can bring trust. Blablacar is a carpooling service.

In the case of a decentralised architecture like Consento, with no central platform enforcing the rules, that system in itself might be less effective than the reputation in real life of these peers. Research (Nielsen, 2012) have demonstrated also that despite a tendency to trust more people who are similar to us, high reputation of peers (and stakeholders) eventually beats strong similarity among peers.

• The endorsement by third parties such as insurance companies, governmental institutions or civil origins is never a discrediting thing to get. Commercial companies also rely on customers' endorsements. However, studies report that online consumers pay little attention to endorsement itself. Third party endorsements bring on credibility more than trust.

©️ by Dropbox

Dropbox display for instance its customers' endorsement.

• The transparency mechanisms rely on disclosing the code, the information about the company activity or the team members' affiliations. Fairphone for instance, discloses its full supply chain as a token for its commitment to transparency. On this aspect, Consento intends to embed transparency at its core, even though transparency _might be a concept antinomic with keeping data confidentially _hidden (this will be the topic of the next article eventually).

©️ by Fairphone

• Third party endorsement and transparency can be complemented by public self-assessments of governance.

Digital and in-real-life consents

As for one's ability to trust, it is constantly reassessed depending on the lived experiences, online and offline. A personal dramatic event, or a worldwide pandemic for instance, do impact people's ability to trust each other or their institutions. Even if Consento is first a digital tool, we remain aware that the evolution of people's trust capacities happens mainly off-line.

The 'nudge' approach represent an interesting look into that matter. Humans are inherently biased cognitively. For instance, we would rather avoid loosing than risking to win, we weight the same information differently depending on the credits we give to the speaker, we assess value differently depending on the initial frame given to us to look at the matter, etc.

We have to remember that Cass Sustein and Richard Thaller approach spurred discussion on how much governments or corporations should be allowed to 'nudge' us to do what they want us to do. But when we speak about trust, we should not dismiss our cognitive biases, because before being rational, we are first human.

Roadmap

So here are the track on which we'll work and test our assumptions : build on peer's IRL reputation, third party endorsement and transparency mechanisms. On these aspects, if you have any comments or recommendations of relevant actions for Consento team to take on, we are open to suggestions.

Else, what do you think? Is there any other ways of trust building we should keep in mind while developing Consento?

License: CC-BY-NC-SA by Marc Chataigner, 2020