Â

There’s lots of good stuff in the New Scientist article Don’t let cyber-spite ruin your good name, and a bunch of great companies mentioned – ClaimID, TrustPlus, and ReputationDefender . The issue is not just reputation, and the protection of your reputation (which is certainly the end result), but is the person posting a comment, negative or positive, really real or completely anonymous?

Just like in the real world, someone is more likely to shout some craziness from the bleachers, versus in an in person forum, where they have to introduce themselves in some fashion but they do have to prove they are identifiable.

Don’t let cyberspite destroy your good name

You buy a television on eBay. When it arrives, you eagerly unwrap it, only to find it is badly scratched. You return it, and leave a negative comment about the seller on the site. The next day, you find the seller has retaliated by posting a nasty comment about you, branding you as a time-waster. Suddenly, no one wants to sell to you and your reputation is in tatters.

Until now eBay’s rating system, which allows users of the auction and trading site to leave good or bad comments about their trading partners, has worked well. Sellers who ship out damaged goods, or items that do not match their online description, rightly get a black mark against their name. However, this system has recently come under increasing pressure from an all-too-human failing: spite. Sellers can easily retaliate against buyers who have named and shamed them, leaving unwarranted but highly visible comments – perhaps claiming that the buyers do not follow through with purchases, or needlessly return items they have bought.

Fear of this retaliatory renegging can deter buyers from posting negative comments about their trading experiences. In turn, this threatens to undermine the trust that buyers place in sellers ratings.

So severe has the renegging problem become that this month eBay was forced to change its rating system, preventing sellers from posting negative comments about bad buyers on the site.

In an online auction site like eBay, your reputation is your livelihood. Economists Daniel Houser of George Mason University in Fairfax, Virginia, and John Wooders of the University of Arizona, Tucson, have shown that sellers with positive ratings are able to sell items at higher prices, because buyers will willingly shell out greater sums just to be sure they are buying from a trustworthy source. And more people are likely to bid on items offered by those of good standing (Journal of Economics and Management Strategy, vol 15, p 353).

In a study to be published in the Journal of Consumer Research next month, Amar Cheema of Washington University in St Louis also found that when a seller’s reputation is less than squeaky clean, bidders are more likely to scrutinize additional costs such as shipping charges and bail out if they are too high. When the seller’s reputation is good, however, buyers are less interested in such surcharges, and sellers are more likely to secure a deal.

Trading websites are not the only place where nasty comments can have serious financial implications. When someone writes something malicious about you online it can be read by anyone typing your name into a search engine for years to come – including potential employers and university admissions staff. And as the number of websites that people use to buy and sell or make new friends and business contacts increases, so too does the need to guard against such acts of cyber-spite.

There’s an active discussion among privacy and digital rights management groups about the recent disclosure that Apple is embedding some identifying information in songs purchased from iTunes. Apple is embedding its customers’ names and email addresses in the clear (e.g. without encryption) into files purchased from the iTunes Store. The ostensible rationale for this is to discourage people from sharing music purchased on iTunes via P2P networks.

Randy Picker of the University of Chicago Law School posted about this yesterday, with a thoughtful analysis from the legal perspective. He examines various possible justifications for this practice, and questions the need for open disclosure of the identification information, versus encryption. Picker concludes that Apple should tread carefully in this, and clarify its intent.

‘So far, Apple doesn’t seem to be saying much about what it is doing. It needs to be careful. As the Sony BMG fiasco—also discussed in the paper—emphasizes, content owners may not get that many opportunities to establish technological protection schemes. Each one they get wrong makes it that much harder to try another scheme later, given the adverse public relations fallout.’

The EFF reacted more stridently to the situation, saying that there was no justification for this undisclosed invasion of privacy.

‘But there is simply no good excuse here for Apple to embed PII in the clear into every song purchased from the iTunes Store. Especially when they didn’t inform customers that they were doing so.’

And even popular Apple blogs have questioned the rationale behind this approach to DRM.

‘The big question, of course, is what might Apple do with this information? Because it can be spoofed, it’s not exactly the best way to determine who is sharing music …’

We’re big fans of Apple here at Trufina. Most of us are devoted Mac users and we admire their insight into consumers and brilliant marketing and product design strategies. That’s why it’s truly strange they would begin such an anti customer-centric practice.

Apple isn’t saying much about this issue. I hope they clarify things soon. Piracy prevention is one thing. Privacy invasion is another.

Update:

Kim Cameron posted on this issue several times over the weekend. There’s not a tremendous amount of analysis, but he ends with one interesting question:

‘I would have thought that in light of their previous experience, Apple would have been very up front about the fact that they are embedding your name and email address in the files they give you. After all, it is PII, and I would think it would require your knowledge and approval.

I wonder what the Europeans will make of this?’

He’s right, that will be interesting.

There’s a growing awareness of the importance of online identity as well as issues related to security and privacy. Internet users find themselves increasingly scrutinized, whether it’s to make a purchase on craigslist or to meet someone on MySpace. As we spend more of our lives online these issues become increasingly important. Today’s New York Times (subscription required) featured several articles on the problems of privacy and protection of minors on MySpace.

Technologists are teaming with policy experts and consumer advocates to sort through these thorny issues. One axis of conversation is happening this week at the Internet Identity Workshop in San Jose. I became aware of this conference and the work of the Identity Gang when I was introduced to Kaliya Hamlin earlier this year.

I wasn’t able to make the conference but my colleague Heather Schlegel is there and posting about it on her blog.