Change the name of something and you change its essence.

          

It is a concept that has been explored for millennium. In the bible, to suggest a significant life change, a person’s name was changed… Abram became Abraham and Sarai (Abraham’s wife) to Sarah. That concept still holds true today. Most parents understand intuitively the significance of choosing the name of their child and naming of new products requires careful deliberation about what it invokes.

 So when I saw today Melih Abdulhayoglu CEO of Comodo tweet about DV SSL certificates, it reminded me of the concept only in reverse. Ever one for the clever turn of the phrase, Melih’s post suggested that the name of DV SSL certificates, which usually stands for “Domain Validated” connotes a level of trust that is inappropriate to what it actually delivers. His tweet today asked, “how can Certification authorities issue DV (Dangerous Validation) certificates to ecommerce and keep a straight face????”

 Well said. In the ecommerce world, it is important for the buyer to know who they are interacting with. A DV SSL padlock only tells the potential buyer that the information he is transmitting, like his precious credit card information, is encrypted. But what good is encrypting the information if you don’t know who you are encrypting for. It is like giving the keys to your house to a total stranger!

So friends, buying online a great thing, but do it well and do it safely. Ideally, when buying online, buy at sites with an EV SSL certificate, these sites have a noticeable green color in the address bar. The “EV” stands for extended validation and this authenticates the business information behind the site. That is what you really want to know – that there is a real, verifiable businesses selling you the merchandise.

If the site does not have an EV SSL certificate and you see the yellow padlock, it can get dicey. Some sites have verified business information because they bought an OV SSL certificates – “organizational validated”. To find out if a site has an OV certificate, click on the padlock and you should be able to find the business name and address. But many sites have these DV SSL certificates and these are the ones to watch out. The only thing you know about this site is that someone was able to buy a domain for $10. It does nothing to tell convey trust. Remember that!

Now I realize that the average consumer does not care about the name of an SSL certificates because they probably don’t know what an SSL certificate is in the first place. But for those of us who do know, spread the word…DV SSL certificates are “dangerous validation” …

Let’s see if we can the change essence of DV to be the bad thing it really is. We have to start somewhere.

Judy Shapiro

Why Twitter and Twine matter

Much digital ink has been spent trying to explain the likes of Twitter and Twine. Often, they are characterized as the poster children of the Web 2.0 techno trend. Pundits wonder if they represent a new, democratized broadcast platform. Others imagine that they serve as the next gen CRM tool. And skeptics believe these are just tech toys to be quickly dispensed with once the novelty is over.

As I read the plethora of opinions, I was left more and more unsatisfied largely because the answers ignored the “irrational exuberance” often surrounding media’s descriptions of these technologies. Either the media is very easily seduced when it comes to new technology (and that is not a hard argument to make) or they sensed these technologies represented an important trend taking shape beyond the current Web 2.0 craze.

I come down on the side of the latter opinion and believe these technologies do represent “something different”. Yet I could no more articulate the “something different” than anyone else until a recent conversation I had with some colleagues about Twine. I was explaining why I like Twine and how even the name appeals to me because it suggests interconnectivity where like-minded people form a “mini, trusted search circle” among themselves. When you participate in a Twine, you can get more trusted information about the subject of the Twine because it is strengthened, enhanced and expanded by real people. The “twine”, in effect, creates a “trusted search community” becoming more relevant and thus more trusted over time. The name says it all.

And Twitter matters for the same reason. You can follow people whose opinion you trust within a loosely bound and loosely trusted community. Or, you can share with your “followers” (a.k.a. your trusted community) what you think is useful, important, even trusted. Taken even further, I attribute Twitter’s popularity to the media friendly way reporters can get bite-sized updates from their “trusted sources” which is probably one reason why the Twitter scent carried so far and wide. But don’t let the hype around Twitter obscure the value of this technology – it is a means to receive or broadcast personal, relevant and yes, trusted information.

Now I think I can better put my finger on the “something different” I detect in these newer technologies and it revolves around how we use trust in this new web world. In today’s Web 2.0 world, we don’t expect much trust nor does it drive much how people use these social networking technologies. And if “trust” comes up at all, it is thought of as a risk mitigation requirement as in; “I need to be sure I can trust this person trying to friend me because I don’t want to get scammed.” But for this new web to materialize, trust will have to be transformed from the risk mitigation attribute to the key driver for how we optimize our personal, web experience. In essence, the next gen web hinges on the next gen kind of trust that is a proactive, positive part of the web experience.

When thought of in this light, then it becomes clear that the likes of Twitter, Twine and the many other forms of communities (from forums to bloggers to chat rooms) lies at the heart of how the next gen web will accomplish its charter. People today are creating all forms of communities as a way to proactively create different kinds of trust through relevancy made more potent via communal sharing. In the cases of Twitter and Twine, they provide a key, community-based “trusted information filter” to help sort through the deluge of relevant data, (after all, there are only so many “OMG, check this URL/ video out” emails we can sort through). Forums provide a different kind of trust by letting users share experiences and the sharp rise of bloggers’ influence in the social media celeb heap is proof of their power to create trusted communities.

As more and more people become more dependent on the Internet, the community creation groundswell is one indication of how people are imaginatively and proactively filling the “trust gaps” (a phrase I gratefully attribute to Melih Abdulhayoglu, CEO of Comodo) using their trusted communities. I broadly think of Twitter and Twine as variant versions of communities and this is why I assert it makes sense to think of all these emerging communities as smack in the middle of the next gen web rather than the Web 2.0 landscape. They represent people’s desire to create a personal, relevant web and that will, increasingly, be a function of how people are able to create trust in their ever widening web world.

That’s why Twitter, Twine and all forms of communities matter. They are the building blocks of the next gen web – the Trusted Web.

Welcome home.
Judy Shapiro

The Connected Singularity Is Near

                                      

I have read with relish the book by Kurzweil, The Singularity is Near and I respectfully borrow the phrase. The fundamental premise of his book is that we have approached “the knee of the curve” in our technological evolution, the moment where the pace of change will fundamentally change our biological evolution. Essentially, he argues with good cause, that change is happening faster and more fundamentally than most fully appreciate. 

And I think he’s right based on my personal experience. Much like a woman born at the turn of the last century, who saw in her lifetime the evolution from horseback to space travel, I too have seen a similar step change evolution in the connectiveness of the planet in a mere 15 years. In that time, I saw the transition from limited, one to one communications that was very expensive (I remember the days when a long distance call was a big thing) to a model where we can be connected with virtually no limits in terms of distance or scope.   

It is breathtaking … but I think Kurzweil limits his scope. Kurzweil places technology at the center of the change engine but I think if we focus on technology as the key driver, we limit its potential. We must remind ourselves to put the human factor at the heart of the technology evolution – not the other way around.  

And this focus on the human element must also apply to how the next generation Internet, sometimes called Web 3.0, will evolve. We must give full expression within this evolution to our human instinct to establish trusted connectedness in the web world in the same way we enjoy trusted connectedness in the real world.  

Yet in the conversations today about next generation web there is decided lack of focus on the human factor, (heck even the name Web 3.0 betrays the techno focus). For Google, the next generation web is about technology that delivers a personal web experience via intelligent search agent. For other companies, semantic technology that lets computers understand meaning better, is how the new, next web will evolve. All these technologies are all important, but they are a only a means to an end.  

The end game for the next generation web is the creation of this trusted model of community, commerce and communications for everyone just like we have in our everyday, real worlds. This model puts the human need to trust as central to the conversation — not be peripheral to the thinking. This, for me, suggests we are creating a connected singularity in a Connected Web enabled by a concept of Social Authentication™ put forward by Comodo. For this new “Connected Web” to work, it must be grounded on trust and trusted networks.  

This is why Paltalk will be hosting the third TechNow event; Transforming the Web into YOUR Web airing March 19 at 3:00 (EST) with Melih Abdulhayoglu, CEO and Chief Security Architect of Comodo. During this live, interactive event, Melih will challenge conventional thinking about how we create the emerging next generation Web, sharing his vision about how a Connected Web needs to be based on trust. Melih will be joined by noted industry analyst, Henry Blodget of Alley Insider, in a discussion about:  

·         Current technical versions and major scenarios associated with next generation Web (semantic, 3D, pervasive, media-centric, etc.)

·         The potential and benefit of web 3.0 for every day people?

·         The functional model of how next generation Internet technologies will combine to deliver this new, next Connected Web  

·         How do we leverage the intelligence of people within a social authentication™ framework as is being defined today by Comodo?

·         How will a trust and authentication layer be introduced into connected community, ecommerce and communications networks?

 

Live, interactive video chat: 

Date: Thursday, March 19th

Time: 3:00pm EST

Room Name: TechNow Network

 

Visit http://technow.paltalk.com/crashdummies for more information, to watch past shows and to sign up for a reminder email. 

 

Join the conversation. Join the movement towards a trusted Connected Web.

 

Judy Shapiro

What if?

            

As I explore the in’s and out’s of the business of social networking given my work at Paltalk, I have concurrently, unknowingly, also began an exploration on the meaning of nothing less than – everything.

 

Exploring the dynamics of social networking causes one to become philosophical about everything because social networks reflect every endeavor of the human spirit. Within a short span, I read three wonderful books, God Delusion by Richard Dawkins, The Courtier and the Heretic by Matthew Stewart and Dalai Lama’s work – the Universe in a Single Atom – the convergence of science and spirituality.

 

These books explore how great thinkers understood the essence of life and our relationship with the universe. Are we accidental cosmic tourists? Is the notion a personal God “improbable” as Mr. Dawkins suggests? Is God merely the combined “substance” (the term Spinoza used) of all there is?

 

Before I knew it, these two threads wound themselves around each other and begun to form a new shape in my mind. Social networks will become the filter of how we will see the world. It will shape what we think, what we believe. To understand our world, we will look to our social networks.

 

And that evokes some interesting what if’s.

 

What if…

* We could create the different kinds of social networks in our online world as we have in the real world

* We could manage our fabric of networks fluidly to be most useful

* We could authenticate different networks to be trusted for different things.  

* We could leverage the collective intelligence of authenticated networks to help us transform the generic web into a personal web

* We could use our social networks as our eyes and ears into the digital universe

 

Hmm – more reading to do J.

 

Judy (burning the midnight oil) Shapiro

“Trust relates to a function”

                            

I stumbled upon this recent quote from Melih Abdulhayoglu in the Comodo Forum. The context for this quote was that in software security, applications may be trusted to do certain things but not other things. Said simpler, Melih introduced in my mind the concept of limited trust – all trust is related to the function at hand.

 

He meant it in a technical sense of course, but that idea just grabbed me and wouldn’t let go. Taken to its logical (albeit cosmic) conclusion, his simple technical idea started a storm in my mind that suggested that there can be no situation where one person completely and wholly trusts another, all the time. 

 

This idea put a knife in my highly precious set of beliefs that include you can trust completely or, that love triumphs over all and I was determined to protect this idealistic concept.

 

At I first tried to answer the question by looking at my own experience. Was there anyone, when I really analyzed it rationally, that I totally trusted? On everything? I thought long and hard and the answer was a depressing no. There was no one I trusted all the time for everything.

 

Then I thought – damn he was right. I was feeling worse. It was going to be a long night. But the more I tried to rationalize this concept, the further the knife was driven into the heart of my now, on life support idea, that we can trust people in our lives completely.

 

I needed to be inspired and so I turned inward. I started to think about the people I love in my life and I realized how closely tied love and trust really are. Once I made that connection, the answer became clear.

 

Trust can be bestowed wholly and unquestioningly … but there is a trick. Just like love, we can trust completely but we must really understand the people we give our trust to because then we know what not to count on them for. If trust is “done right”, trust can be maintained because there is no situation where they are being “set up to fail”. And there’s a sweeter side too if we trust this way. The power of trusted-ness, means that it can withstand the occassional dings of disappointments that inevitably occur.

 

In the end, if someone we trust disappoints us too much – we should look to ourselves first. The answer is not that they failed (if our trust was well placed), but that we failed to observe well enough. It’s not that we can’t trust universally, it is that we did not do it right.    

 

It’s a meaningful difference that frames the concept for me better. After all, trust so fundamental to how we live a rich life – I couldn’t let that sad “you can’t trust anyone” thought roam freely in my mind.   

 

I’m glad that’s settled.

 

Judy Shapiro

“…but Mom, 500 Million people go to that site everyday…”

I heard my 12 year old boy exclaim to me in an exasperated voice when he asked to go a music site to listen to some music. I peppered him with questions as though I was interviewing someone for a job. What is the site? Do you see any security seals on it? How do we know if the site safe? By the time I was done grilling my son about the credibility of the site (“blah blah blah” to my son at this point) he exclaimed in frustration, “…but Mom…”

In that moment I understood the schizophrenic nature of the Internet itself. On the one hand, we appreciate the way the Internet can expand us in virtually every aspect of our lives – directly and intimately. And yet we seem to sense that the more dependent we become on our online network, the less secure we think our online interactions are becoming.

How we learn who to trust in the online world is at the heart of how we continue to use the Internet.   

But trust is a BIG word – not easily won but very easily lost. And in the online world today, we know enough to know that there are many more threats are out there eroding our trust faster than our ability to even understand the nature of these new threats. We question whether sites are secure or whether hackers can steal sensitive information. We wonder whether we will be a victim of a drive by download attack. We rightly fuss that our computers will get destroyed by some virus. So we must proceed with caution especially when it seems like the bad guys are gaining the upper hand. 

Can we learn to trust on the Internet?

I optimistically think we can. It’s not just wishful thinking on my part but reflects the reality of how the Internet is evolving to be more secure and to be more trusted.  More secure because we are incorporating better security practices with better solutions that mitigate some threats. And it is more becoming more trusted because there is a new maturity surrounding group of specialized security companies called Certification Authorities. They are, in effect, the unsung Trust Police of the Internet.

What exactly then is a Certification Authority?

To get a definition, I start where every good tech wannabe geek starts, at Wikipedia;  “In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates … for use by other parties. It is an example of a trusted third party.”

Huh?

I continue my hunt, Webopedia gives this explanation. “…a trusted third-party organization or company that issues digital certificates used to create digital signatures and public-private key pairs. The role of the CA in this process is to guarantee that the individual granted the unique certificate is, in fact, who he or she claims to be. Usually, this means that the CA has an arrangement with a financial institution, such as a credit card company, which provides it with information to confirm an individual’s claimed identity. CAs are a critical component in data security and electronic commerce because they guarantee that the two parties exchanging information are really who they claim to be.”

Now that’s more like it. Note that the main idea is that CAs are organized and built to create online trust. They issue digital certificates that attest to different elements of trust – site identity, site security and even whether content or information can be authenticated. In essence, CA’s are guys that do the heavy lifting in online authentication working to ensure that identities are verified.  

Nor can any software company claim to be a CA as becoming a CA requires significant infrastructure to authenticate digital interactions. Plus becoming a CA means that you adhere to best practices and security standards reflective of the highest standards around and are subject to regular audits.  

So it is this rarified breed of software companies that are doing important work by creating the basis for online authentication. They are creating the “Authentication layer” of the Internet to deal with the exponential need to authenticate all this online “stuff”. We want to authenticate our online surroundings and that’s where CAs come in. Today, CAs are already at the center of authenticating online interactions. When you see a gold padlock on a secure page, a CA has verified that the transaction is encrypted. When you see the address bar go green in IE7 that means a CA has authenticated the identity of the site owner.

These indicators are important in that they authenticate critical aspects of our online transactions. Other new ways to authenticate “stuff” are also being introduced. For instance, Comodo CA has a trust mark called HackerProof that authenticates that the site is safe from hackers. There is even a way to authenticate that web content to ensure that what you see is authentic.

More and more digital authentication is being introduced into how we browse and shop. CAs are leading the way in building this authentication layer enabling all of us to truly live in a trusted internet.

Judy Shapiro