… or How a Web usability consultancy ignored the recommendations of their own trust report … a cautionary tale!!!
Last week I was pointed to a report on Trust from the Nielson Norman Group – specialists in User Experience. It discussed topics relevant to the research I am doing on user trust for e-services so I paid my $45 for a single use copy of the report.
Their recommendations included:
- Word of Mouth – people will accept and trust a friend’s recommendations more than a brand name
- Fair Pricing, Fully Revealed
- Provide honest information about products
- Remove outdated content immediately
- Offer free returns
- Access to helpful people
- Access to real human beings can increase trust
My ears pricked up when I read that the web sites tested were accessed over a 56k modem. It slowly dawned on me that the report was a “mere” 8 years old. While a lot of user experience information is timeless, I felt cheated.
I checked – the web site did not list a publication date for the report. They had broken recommendations 2, 3 & 4. So I looked for a way to voice my issues. Damn – recommendation 7 went down as well. But wait, I could send email! I complained that their advertising was misleading and that they had broken numerous recommendations in their own report.
Sigh, you guessed it, recommendation 6 went down in flames – an unsympathetic CSR retorted that my expectations were unreasonable. It was clear that recommendation 5 was not going to be honored either and I was still going to be out my $45.
At least recommendation 1 survives. My word of mouth recommendation is that you should treat statements from this group with skepticism – caveat emptor when purchasing any reports.
I have been out of the mainstream of the identity discussions for the last four years while I worked on issues of securing XML messaging and service oriented architectures. So the Internet Identity Workshop appeared with perfect timing in the second week of my new job – thanks for the invitation Phil.
There are certainly a lot of new endeavors that have started up and I enjoyed the content at IIW and the interaction with some very bright people. However, I was more than a little disappointed at the number of people who do not understand the underlying issues that make identity systems hard to construct. There was a lot of enthusiasm for OpenID and allied mechanisms and I am certainly in favor of the privacy and identity motivations behind Identity 2.0.
Unfortunately sessions dealing with “establishing trusted identity providers” or “how to trust an identity provider” kept dropping into discussions about low level mechanisms. Honestly, all the black lists and white lists or alternative schemes will not address fundamental questions like “How do you create a trusted identity authority?”, or “How do you determine if an identity provider is trustworthy for my intended identity use?”.
Still, that is about what you might expecdt for the maturity level of a new endeavor; there is lots of work on the technology and protocol level, but that has never really been the hard part – here’s to hoping that the issues that will make or break these efforts will make some progress here soon.
After an hiatus of a few years, I am back squarely in the middle of a number of enterprise efforts that directly rely on identities, have the need for authentication, access control and entitlements, and have various aspects of single sign-on federation, privacy and all the other usual suspects.
I am hoping to engender dialog here about these issues and more – see the Musings about Musings page above for more. So jump on board, your comments are welcome within the bounds of good taste identified under the Conventions page.