A recent article in the NYTimes about the Connecticut attorney general’s office probing Facebook for not doing enough to combat sexual predators and predatory behavior on the site is interesting to me. In the early years of Facebook, it was only open to students (those with a confirmed .edu email address). Later, in an effort to expand their market and allow students graduating to continue to use the service, it was opened to “established” .com company addresses.
However, now – in what one can only cynically assume is a bid to increase traffic as much as possible to try to raise the company’s valuation for sale – anyone can sign up with any email address (including “disposable” addresses from web mail products like Hotmail, Yahoo and GMail).
This seems like a classic issue of simply needing to provide a more robust “web of trust” mechanism to their users. As long as Facebook is open to all, it can never hope to eliminate entirely prior criminals from signing up. However, it can provide highly visible mechanisms to allow users to make more informed decisions on if they should trust another user. Thanks to their heritage, starting as a restricted sign up service, much of the plumbing should already be there. Here’s some ideas:
- Make network affiliated users the only “first class” citizens. To be affiliated with a network (example: University of Michigan or Microsoft are both “networks of users” in Facebook today), one must posses a valid email address with the entity that that network represents. Ensuring that this list of entities continues to be of only well known institutions and companies goes a long way to ensuring that a person’s identity has, in some way, been “validated”.
Facebook has this today, now it needs to make the difference between those that are in at least one confirmed network, and those that are not, more visible. The GUI should brand the two tiers of users more clearly. It should require users adding non-network friend candidates to their friend permissions to be “really really sure” (e.g. call attention to the fact that no amount of “confirmation” of this user’s identity has occurred) and non-network users may even have more restricted levels of ability (e.g. cannot start groups, cannot upload photos, etc.).
- To ensure that network affiliation continues as a valid “endorsement” of a user’s trustworthiness, Facebook should reconfirm network membership on a regular basis (probably by just requiring that the same registration process via email used prior, be used again – quarterly or annually).
- For those folks who work at small/micro companies or just don’t want to register their with employer/school/alumni network, Facebook should allow for unaffiliated users to “establish their bona fides”. Specifically, a non-networked user can become more “trusted” if they get endorsements from networked users.
To prevent gaming of this by getting some unsuspecting users who will endorse anybody, if an endorsed user is reported to be unsavory by multiple trusted users, the value of the endorser’s endorsements drops (and can eventually go to zero if they endorse many untrustworthily members).
Finally, a user may choose to not trust non-networked (even if endorsed) members, and thus ignore them, unless endorsements come from friends in their own social group.
These mechanisms allows for non-network users to become “more trusted”, while preserving the “first class citizen based on trust” model.
At the end of the day, the best a service like Facebook can really hope for it to provide enough information to its users to allow them to make informed decisions. Providing more explicit coupling of trust to verified (or at least trusted) identity can help this. As an added bonus to Facebook, it should encourage more folks to signup with their trusted entity email addresses, which only helps the business side of Facebook (allowing them to have a more robust understanding of the demographics of their user population, thus providing a richer value to advertisers).
