Trustability and transparency

By Johannes Ernst


We want to deliver trustable products. This requires many things, one key aspect of which is transparency.

Consider two organizations, each of which delivers an otherwise identically looking product. Organization A is entirely opaque; customers know nothing about them, other than the fluff they put on their marketing website. On the other hand, organization B publishes their product’s source code, has a public customer support forum accessible to all, and frequently hosts events in which users are encouraged to speak up.

Organization B and their product, in this example, are clearly more trustworthy. It is worthwhile to think about why exactly:

If we apply the breakdown from this post, we can see why:

  • Column 2: if their product was overtly doing some bad things, (some) customers would complain, and because customer discussion is encouraged and in public, others would soon learn about the problem. Soon, more and more customers would abandon the product. This creates an incentive for the organization to not do bad things.

  • Similarly, in column 3: if the product does something bad, but covertly, anybody who detected it, could easily communicate the problem to other customers, who would abandon the product. Again, the organization is incentivized not to do bad things.

  • Additionally, it is of course harder for an organization that is transparent to hide and keep bad things covert in the first place. The more transparent the organization is, the less it is possible for anybody to hide bad stuff.

  • In the second group of columns, the more transparent the organization is, the more room exists for detection of problems, and therefore the likelihood of them being fixed increases.

So transparency is good for incentivizing the delivery of justifiably trustable products.

It’s important, however, to also mention some downsides of transparency. That’s because higher transparency hands extra ammunition to the opposition. (If there isn’t an opposition, these are not relevant; but at Dazzle we can expect – perhaps fierce – opposition from certain surveillance capitalism quarters and perhaps, due to the privacy aspects of what we do, certain governments. So it’s worthwhile to think about this from the beginning.) To pick just two:

  • If specific people can be identified who play a key role in the project, they become potential targets for personal harrassment or worse. We have seen this recently in the political realm, from election workers to certain law enforcement officers. They are also much easier to target for blackmail or bribes, which indirectly would reduce the trustworthiness of the product. This attack vector would be harder to use by the opposition if the organization was opaque from the outside.

  • Full transparency makes surprises impossible, which removes many successful marketing, and competitive, tools from the arsenal. Imagine if Apple designed iPhone in public! While we would be able to trust the product more – we know exactly how it was built and by whom – there would be no more “One more thing” announcements and competitors could compete much more effectively.

We will have to find a way through these constraints. Perhaps we should put different aspects of the overall system into different tiers:

  • Some things are globally transparent: anybody world-wide can see them at any time. Source code for the core platform might be in this category.
  • Some things are “town-wide” transparent: Dazzle members in good standing, who have committed to our values, can see – and perhaps contribute to – any time. Community deliberations might be in this category.
  • Some things are transparent “indirectly”: only a select set of people get to see what’s going on, but that set of people is accountable to the larger community in some transparent fashion. This clearly includes things such as access to the root keys used for code signing, for example.
  • Some things might not need to be transparent at all. It’s important that this does not comprise anything that could materially affect the trustworthiness of the product. Perhaps certain marketing campaigns are best planned that way.

What do you think?