Skip navigation.
Personalize your internet.

Beyond Outfoxed

Trust Resources Online

The Future of Trust (Trust Online)

Seventh International Workshop on Trust in Agent Societies

T3 Group (Trust: Theory and Technology.)

Trust in Game Theory

Trust in a Cryptographic Economy and Digital Security Deposits (MIT Masters Thesis)

How can I trust Firefox?

Phishing and other bad stuff
Toolbar that distributes id's of Phishing sites.

Alarming trend in spyware could undermine IT industry

Phishing hole discovered in IE

Intelligence Aggregation
Mass Intelligence
Interpersonal Connections
Microsoft Social Computing Group (Wallop, etc..)

GoodBlock (Offers recommendations based on those of your friends.)

Insider Pages (Another recommendation site)

I Was Stalked on (How can we trust recommendations from strangers?)

Identification + Trust gives success in prisoners dilemma.

Every file and process should have a chain of trust leading back to the user. Any file or process without such a chain is being taken on faith, and the user should be warned accordingly.
For example, every process run by a computer should have a chain that looks something like this:

  • wuauclt.exe [executed by] → Windows Update → [installed by] Windows OS → [installed by] User [trusted by] → Root User
  • matlabserver.exe [executed by] → MatLab Application [installed by] → User [trusted by] → Root User
  • And similarly, every file should also have a chain:

  • desktopicon.ico [created by] → FireFox Application [installed by] → User [trusted by] → Root User
  • mydocument.doc [created by] → MS Word Application [installed by] → Root User

Ideally, management of trust should be done at the lowest levels of computation: in the operating system or even in the microprocessor itself. This limits the ability of malicious software from disrupting the chain of trust back to the user. Outfoxed, because it is just an extension, has many vulnerabilities. Primary is the vulnerability of the locally stored trust database.

The next step would be to have trust storage implemented as a continuously running process that could be queried by other applications. [Note 22/03: The new version does this, using HTTP for queries.] So the browser, email client, and word processor could all draw trust information from the same source.

The best solution would be to have this process integrated into the operating system itself, so that the OS could also take advantage of the trust information by only running trusted applications. Trust managed at this level, combined with a good security methodology, would give us the ultimate trustworthy environment.