W3C home > Mailing lists > Public > public-wsc-wg@w3.org > November 2007

RE: ACTION-335 logotypes and ISSUE-96 discussion

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Wed, 14 Nov 2007 07:04:35 -0800
Message-ID: <2788466ED3E31C418E9ACC5C316615570E5466@mou1wnexmb09.vcorp.ad.vrsn.com>
To: "Serge Egelman" <egelman@cs.cmu.edu>
Cc: "Ian Fette" <ifette@google.com>, "W3C WSC Public" <public-wsc-wg@w3.org>

Serge,

	People can understand the argument you are attempting to make and still disagree with its validity.

	I know that merchants believe that people notice the siteseal because they are prepared to pay the significant premium of a VeriSign Class 3 cert over a domain validated cert. What I do not have access to is the data on which they form this decision.

	The problem here would be setting up a realistic test. To get a realistic sample we would want to do a double blind field test. That would require a merchant that was willing to risk a temporary drop in sales by turning off the siteseal. Not sure how to go about that in a viable way. Perhaps offer some GeoTrust customers a free upgrade to a VeriSign cert if they participate in the study?

		Phill

> -----Original Message-----
> From: Serge Egelman [mailto:egelman@cs.cmu.edu] 
> Sent: Tuesday, November 13, 2007 10:00 PM
> To: Hallam-Baker, Phillip
> Cc: Ian Fette; W3C WSC Public
> Subject: Re: ACTION-335 logotypes and ISSUE-96 discussion
> 
> I'm not sure if you really don't comprehend this, or are just 
> trying to be difficult, but:
> 
> If users do not notice the indicator, do not trust the 
> indicator, or otherwise do not use it when making a trust 
> decision, it has failed.
> 
> If user behavior when using these indicators is not 
> significantly different from behaviors when not using any 
> indicators, then they have failed as well.
> 
> Etc., etc., etc.
> 
> These metrics are in all of the studies cited in the shared 
> bookmarks. 
> This is nothing new.  If all we cared about is whether a 
> recommendation caused physical damage, then we could 
> recommend all sorts of crap that doesn't actually doing 
> anything productive.
> 
> serge
> 
> Hallam-Baker, Phillip wrote:
> > It depends what you mean 'they don't work'.
> >  
> > Absent a technology demonstrably causing the machine to ignite 
> > vaporizing the user instantly I don't think that we are going to 
> > obtain objective measures from lab tests.
> >  
> > Certainly we can determine which factors are in operation, but we 
> > simply cannot expect to predict which factors will be dominant.
> > 
> > 
> ----------------------------------------------------------------------
> > --
> > *From:* Serge Egelman [mailto:egelman@cs.cmu.edu]
> > *Sent:* Tue 13/11/2007 11:23 AM
> > *To:* Hallam-Baker, Phillip
> > *Cc:* Ian Fette; W3C WSC Public
> > *Subject:* Re: ACTION-335 logotypes and ISSUE-96 discussion
> > 
> > This is irrelevant for our purposes.  If we test them and 
> find that in 
> > a perfect world they don't work, then this is moot.  If we 
> test them 
> > and find that they're effective, then we make a recommendation, and 
> > it's out of our hands.  At that point the application 
> vendors aren't in compliance.
> > 
> > serge
> > 
> > Hallam-Baker, Phillip wrote:
> >  > I have never had the slightest difficulty selling the idea of 
> > logotypes  > to customers. The problem is purely on the application 
> > side. The logos  > have no value unless they are displayed.
> >  >
> >  > So we risk a chicken and egg situation where the 
> application side 
> > people  > refuse to do anything about implementation until they are 
> > assured that  > there will be 100% adoption by the site 
> owners which 
> > is not going to  > happen until there are applications to 
> present the logos.
> >  >
> >  > Someone has to make the first move, we cannot gate the scope of 
> > what we  > will consider by requiring an assurance of total 
> adoption 
> > by any market  > participant.
> >  >
> >  > 
> > 
> ----------------------------------------------------------------------
> > --  > *From:* public-wsc-wg-request@w3.org on behalf of Ian 
> Fette  > 
> > *Sent:* Fri 09/11/2007 4:49 PM  > *To:* W3C WSC Public  > 
> *Subject:* 
> > ACTION-335 logotypes and ISSUE-96 discussion  >  > This action 
> > (ACTION-335) was to provide discussion topics for ISSUE-96.
> >  > I only really have one point, and I will try to state it more 
> > clearly  > than at the meeting.
> >  >
> >  > To me, the effectiveness of any of the logotype 
> proposals (or the 
> > EV  > proposals, for that matter) depends greatly upon the 
> adoption of 
> > these  > technologies by sites. We can do really cool flashy things 
> > when we get  > an EV cert, or an EV-cert with a logo, but right now 
> > the only two sites  > I can find using an EV cert are PayPal and 
> > VeriSign. Therefore, I wonder  > how habituated people 
> would become in 
> > practice, if they never (or  > rarely) saw the EV/logotype 
> interface stuff in use.
> >  >
> >  > My proposal is that any usability testing of the EV 
> and/or logotype  
> > > things in the spec not only reflect how users would 
> behave in a land  
> > > where everyone is using EV-certs and life is happy, but 
> rather also 
> > test  > a more realistic case. That is, look at what the 
> adoption is 
> > presently  > and/or what we can reasonably expect it to be 
> at time of 
> > last call, and  > do usability testing in an environment 
> that reflects 
> > that adoption rate  > - i.e. some percentage of sites using 
> EV certs, 
> > some percentage also  > using logos, and another percentage still 
> > using "normal" SSL certs. My  > worry is that we may be 
> thinking "EV 
> > certs will solve X,Y, and Z", but  > that may only be the case if 
> > users are used to seeing them on the  > majority of sites, 
> and should 
> > that not end up being the case, we need to  > look at the 
> usability and benefit in that scenario as well.
> >  >
> >  > I think this is what the ACTION wanted, i.e. for me to 
> state this 
> > point  > more explicitly. I am going to therefore assume 
> that my work 
> > on this  > action is complete, unless I hear otherwise.
> >  >
> >  > -Ian
> > 
> > --
> > /*
> > PhD Candidate
> > Vice President for External Affairs, Graduate Student Assembly 
> > Carnegie Mellon University
> > 
> > Legislative Concerns Chair
> > National Association of Graduate-Professional Students */
> > 
> 
> --
> /*
> PhD Candidate
> Vice President for External Affairs, Graduate Student 
> Assembly Carnegie Mellon University
> 
> Legislative Concerns Chair
> National Association of Graduate-Professional Students */
> 
Received on Wednesday, 14 November 2007 15:12:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:53 GMT