Webs of trust

Trust is a social thing.

September 2023

Trust is the willingness to be vulnerable to the actions of another party based on the expectation that the other will perform a particular action important to the person doing the trusting. This is regardless of whether the person can monitor or control the party they are trusting. Trust is a contextual quality and mechanism of human relations, of being social.

There is no need to trust that 2+2 will equal 4 tomorrow, it just will. Ditto other deterministic processes such as cryptography. Nevertheless, technologists love the word in the context of deterministic technology, particularly those predicated on some cryptographic technique.

Now we might say in everyday parlance “I trust my [tech thing]” but we actually mean we trust those who have designed and delivered it, and perhaps those who have tested and certified it, etc. We are willing to take the risk of making ourselves vulnerable to the product of this combined intelligence and labour.

So what about the idea referred to as the web of trust?

The idea emerged in the 90s with the advent and uptake of cryptographically secured electronic communication directly between individuals. The phrase expresses the hoped-for security and reliability qualities of two people (say Alice and Bob) forming a cryptographically secured communication channel and the process by which one can trust that a third person is who they claim to be solely courtesy of existing relationships (say Alice and Charlie exchanging cryptographic keys based on Bob vouching for both of them).

The web of trust approach lacks the convenience of trusting a centralised service but avoids the concentrations of power and inevitable vulnerabilities any such centralised service carries.

Interestingly, the approach involves both social and technological actions and so interweaves trust as social scientists understand it with trust as technologists have appropriated it.