One of the methods we propose for building our trustworthiness metric is to establish a single identity for our users by linking their Trust Machine identity to their other online identities on sites such as Ebay, Facebook and Twitter. The aim is to link an account to one on another service and only allow one link per Trust Machine user, so that once a profile has been used to create a Trust Machine account it can never linked to another one. The in degree of the profile on each external site will contribute to the users trust rating. Social network identities with a high in-degree, e.g. large friend list, high number of followers take considerable time to build and allowing a user to link only once to one identity on the other site makes it hard to game the trust machine by making the time involved impractical. Users with a bad trust rating will find building trust rating on a new account much more difficult without access to established social media profiles.
Various studies of trust have also shown that users who interact with others over a long period have built up trust in those individuals and so we consider a person’s in-degree on social networks to be an important indicator of trustworthiness.
At this stage we propose to use three API’s: Twitter, Facebook and Ebay. These are all complex beast, documented to variable standards – Investigations are ongoing…
Ebay
Ebay have a number of APIs we can interrogate to get information about users. Some provide access to publicly available information without user authentication, however we will use one which does because we need to require users to log into an online identity so we will be relying on oAuth. Initially I looked at the Trading API, an XML RPC API which can provide us with users statistics, using a call to https://api.sandbox.ebay.com//ws/api.dll and invoking GetUser. We are interested in:
- Ratings for ‘communication’ and ‘item as described’
- Number of positive feedbacks
- Number of negative feedbacks
- Lifetime of the account in months
The Trading API is one of eBay’s older APIs and is now very poorly documented. Support for it in the Sandbox testing environment is patchy and I was unable to get a working OAuth token, an issue many developers have experienced judging by the forums.
Ebay have recently opened several ReSTful API endpoints and one that is of particular interest is the analytics API which can provide details of the sales performance of a specific user using a call to GET https://api.ebay.com/sell/analytics/v1/seller_standards_profile/{marketplace}/{timeperiod. OAuth is used for this, and currently I have been unable to get it working with Postman due to the difficulties with using re-direct pages and because of an issue with Token and re-direct URL generation for my account. I am currently awaiting replies to a forum posting having realised that eBay’s level of support for non-premium developers outside the US leave something to be desired!
The next steps will be to use the rather better documented .NET SDK to see if I can get something working in C#. I will also continue to try and access the Trading API to see what the data looks like from both sources. eBay’s developer program has been a frustrating experience so far!
Facebook Graph
The Facebook graph API lets us verify the number of friends a user has. We can get the user to authenticate, which we need to do in order to verify they are the account owner and then make a call to GET graph.facebook.com/me? to access various profile fields including the friends list. Authentication is via OAuth 2.0
The possibilities offered by the Facebook graph API have the potential to let us look at quite a lot of trust building characteristics and behaviours. More research needed…
The Twitter API is the most forgiving of the ones we’ve looked at here. We can access user data without user level authentication, but we will still need to do this step in order to verify the user. More research into the possibilities needed…
Concluding Thoughts
Using data from third party platforms gives us several benefits when assessing trustworthiness.
- We can verify a user identity
- We can make it difficult for a user to change identity and track any attempts to do so
- We can look at a range of trust building online behaviours
However in order to do this we will need to store sensitive users data which means we are going to fall within the remit of the Data Protection Act*
Time to get back to my trusty IDE and testing tools…
To Be Continued…
*sound effect of a can of worms opening (no real idea what that sounds like yet)!