| How to Make Your Website Trusted - Website Testimonials |
|
|
The simple protocol described in this section can be easily utilized by any website owner to show visitors that the testimonials on their website are genuine. The protocol also
brings value to the visitors by means of certainty in the quality of service that is produced by the website. It also brings value to the testimony-givers due to the back links
and higher search engine ranking and traffic which their website receives.
|
|
In brief, the testimonial-giver digitally signs their testimonial, and supplies both the testimonial
and its signature to the endorsee. The latter publishes them both on their website, together with a link to the testimonial-giver's website on which their public key must be
published and available for reference. A visitor can then easily authenticate a testimonial using its signature and the public key of the testimonial-giver using
http://www.AuthenticateTestimonial.com or Act On File.
The testimonial giver can use Act On File to generate their public-private key pair and digitally sign any number of documents and files.
|
| How to Make Your Website Trusted with Testimonials Protocol |
Suppose that a person (individual or organization) A (attested) has a website offering products and services.
Suppose that another person (individual or organization) T (testifying) has used the products/services of
A and wishes to leave a positive testimony for them.
Typically T will give A the text of the testimonial and A will simply post it on their website. The visitors to
the website of A may see the testimonial; however it will usually be ignored, since there is no reason to believe that it is genuine.
Suppose that T has a website and a public-private key pair generated with Act On File or or
similarly capable software. T has published their public keys on their website, and keeps their private keys secret. They may have done that to
maintain safe and secure communication with their partners as explained in the protocol for the Exact Steps to Exchange Emails Safely.
T decides to write a testimonial for the services/product which they have received from A.
|
| T (testifying) person actions: |
- T writes the testimonial as a file directly embeddable in a webpage, such as an image, text, html, pdf etc file.
- T uses their own (private) Signature Key to sign the testimonial file using Act On File.
- T supplies the testimonial file and its signature to A.
|
|
A receives the testimonial and its signature and publishes them on their website as follows:
|
| A (attested) person actions: |
- A embeds the testimonial file in their website - it must be readable, and downloadable by the visitors "AS IS".
- A suitably places a download link of the signature of the testimonial.
- A suitably places a link to the T website, where T has published its public authentication key.
- A suitably places an Automatic Authentication link to assist the visitors to authenticate the testimonial if they wish to.
|
|
A visitor comes on the A website, reads the testimonial written by T and wants to confirm that it is genuine:
|
| Visitor actions: |
- For automatic authentication
- Visitor clicks on the Automatic Authentication link.
- When transferred to http://www.AuthenticateTestimonial.com the visitor verifies that the supplied URLs are as expected.
- Visitor clicks the "Authenticate Testimonial" button to authenticate the testimonial.
- For manual authentication
- Visitor downloads the embedded testimonial file and its signature from the A website.
- Visitor follows the link to the T website and downloads their public authentication key.
- Visitor uses the Verify Signatures functionality of Act On File to authenticate the testimonial using the downloaded files.
|
This simple protocol allows the visitors of the A website to verify that the posted testimonials are genuine. T does not necessarily need to have a website. It is sufficient for them to
have authentic online presence where they can post their Public Authentication (and Encryption) keys, for example: a blog, a Twitter or any other social media account where they could make
their Public Authentication (and Encryption) keys available for downloading.
If T does have a website, then each testimonial they give will result in a back link to them. Thus there is an incentive to give the testimonial. The more prominent the
website that publishes the T testimonial is, the higher PR link back they get. Thus this is a win-win situation in which everyone receives what they wish, at no cost at
all, except following the few simple rules outlined by the protocol.
The protocol is at least partially proofed from misuse as one one could judge for the trustworthiness of the testimonial by the trustworthiness of its issuer. Moreover, when the use of
the protocol is widely spread, one would be able to see trust profiles of websites in the form of relationship trees, graphs and weights, based on "who testifies for who" using
http://www.AuthenticateTestimonial.com and other specialized online services. This would allow disqualification of
testimonials given by websites whose business is to make money by giving false testimonials.
Note: To sign files one uses the
Sign Files functionality of the
Authenticator module of
Act On File or similarly capable software. The
Sign Files functionality is also used to generate Public-Private key pairs for authentication. The
Verify Signatures functionality from the
Authenticator module is used to verify digital signatures, as well as the free
http://www.AuthenticateTestimonial.com online service.
|
|
Continue with an Example of Implementation.
|
