Chapter Twenty Nine. Users and Trust: A Microsoft Case Study

Blake Ross

BACK IN THE GOOD OLD DAYS, if you lived in a small town, you wouldn't think twice about leaving your house unlocked while you ran errands, about letting kids play in the streets, or about sharing details of your family's life with other people in the town.

However, as the small town grew, and more new people started to arrive, you might have started to hear about unusual things happening: property disappearing, park benches getting vandalized, strange behavior from the new neighbors.

Over time, you'd learn that maybe it was safer to lock your door, to ask your kids where they would be going, not to lend out your lawnmower. Normally, you would learn this through newspaper articles or stories that friends told you. Sometimes, if you were unlucky, you'd learn through personal experience of having something bad happen to yousomething that would never have happened in the good old days.

The Internet has paralleled this move from small town to larger city life. With the advent of the first HTML browsers, the Internet became the World Wide Web, and many new neighbors moved in to what had previously been a relatively trusting small town. The new neighbors brought with them confidence tricks, unwanted mail, viruses, and lots of candy that it really wasn't safe to take.

The major difference between real-life small towns and the Internet is the compressed time scale of the Internet's growth. That growth rate, along with the relative anonymity afforded by the Internet and the extreme ease of creating a presence on the Web, has meant that many regular users of the Internet have not had enough time to build or adjust their perceptions of trust to deal well with the online environment.

Instead, the responsibility for helping users decide whom to trust online has fallen to the infrastructure providers: manufacturers of browsers and email programs, antivirus applications, and spyware scanners.

In the early days of the World Wide Web, fewer people were attempting to exploit the gaps in technological or social trust online. As the technologies matured and the user base grew, such exploits became more lucrative.

To counter this rise in the number of exploits, the infrastructure providers have incorporated technologies and user interface elements aimed at shaping users' behaviors, teaching them whom they can trust, and, where necessary, giving them the cues they need to make trust decisions. However, the code that infrastructure providers produce is much better at dealing with problems that have a logical right and wrong outcome (virus/no virus) than problems that have shades of emotional response, such as social engineering attacks.

Obviously, Microsoft is one of those technology providers. This chapter describes how research into users' trust mechanisms led to changes in user interface design philosophy for Internet Explorer and several other products at Microsoft. The changes represent a first step in respecting the emotional aspect of trust decisions, and in giving users the information they need to make good trust decisions within Microsoft applications.