Steve Rubel over at Micro Persuasion has a nice writeup on the Trust Issue regarding startups and I just cannot agree more. History has shown that any startup which wants to gain a big userbase and wants to keep it needs to invest in trust. There are many examples already where it failed.
He mentions a story in which a downloadable software collected GMail usernames and passwords. And as you might know there are also still many online services around which ask for your username and password, it doesn’t need to be a downloadable piece of software. Do you trust those? Enough to give them the key to many of your services. He also mentions Twitter and all the nice little tools which need your username/password though to function.
Other examples of breaking trust
But there are more examples out there. What do you know about what those companies do with data they collected from you? Do you read the TOS? Probably not. Probably you just trust them not to do malicious things with your data.
There are also more subtle areas of where trust applies. Look at flickr. They had some issues which at least affected some sub-community of flickr when they changed certain things. The first one I remember was when they moved from displaying photos via Flash to an AJAX based solution. The downside: Now everybody could save the photo by right-clicking and selecting Save as… But many people trusted in flickr that this wouldn’t be possible. Their fear was that it’s not easier to steal their work. Of course it’s nevertheless quite easy to save such a photo (e.g. via a screenshot) but the point was the loss in trust. There also was another issue when flickr started localized sites and germans suddenly found out that they had no access anymore to photos flagged as moderate or higher. The same goes when users with Second Life photos in their photo streams realized that their account was flagged as NIPSA (Not In Public Search Area, meaning that their photos did not show up in searches because according to flickr they are screenshots, not photos. This has changed by now though).
In all these cases users trusted in how the service works. These might have been wrong expectations but they all resulted from some form of trust and drama was big when their trust was broken.
How to keep trust?
In the case of flickr the main key is usually doing lots of communication, being transparent and honest. These issues might not have been forseen by the flickr staff (like the change from Flash to AJAX), some should have been communicated in front (e.g. the change to german users which wasn’t communicated at all, esp. not the reasons behind this). It also took quite long in the last case for flickr staff members to respond although many days later Stewart Butterfield posted an open letter to the community. Maybe a bit too late as many people left for other services already.
In the case of username/password combinations there are now technological solutions available to prevent this. Again look at flickr in how they do it with their photo uploadr (taking a positive example from them now). Here you don’t give your username and password to the tool but the tool redirects you to the flickr page, this asks you to login (if you aren’t already) and asks for permission for certain services the uploadr wants to use. For such a process there’s also an open standard available now, called OAuth. OAuth allows just that and was created in cooperation with Google, Yahoo and others to provide a general standard (because they all have their own way of doing that right now).
The same goes with extracting email addresses from Google addressbooks. Recently Google announced the Google Contacts Data API which allows just that using a similar mechanism like flickr does. Somebody also reported that something similar seems to be possible with Yahoo contacts. And Pownce, a twitter competitor already uses OAuth for authorizing read and write access (and Twitter is working on it as well).
So trust is important and it’s eventually not that easy to keep trust in your platform. It might be easy though to get it at the beginning, at least in my experience. Many people use twitter tools and many people enter their usernames/passwords to such services. The problem might be if more and more news appear that trust is broken in such scenarios, then people might get more careful about it and getting new users might be hard in the beginning.
Thus it’s important to check what you as service provider or software developer can do and what you as community manager should do do keep the trust in your system and keep the startup landscape honest.