Our digital world suffers from so-called trust that isn't: Either you trust you believe in a service or you don't. Often you don't even know you do, since someone else made that decision for you.

It is not trust if you know it.

When you think you know what someone else will do, it's called confidence. But confidence is a brittle thing, as everyone who has ever been betrayed can attest to. Adding more verification doesn't make it better, it usually makes it worse, since the person verified feels less and less trusted.

Trust is the high performance middle-ground between verification and ignorance. Verification is the reason that we have hundreds of passwords for all kinds of things and why companies operate huge Certificate Authorities while at the same time assigning the same password to every single device in their infrastructure.

Performing a task should generally be reserved for someone authorized to do so. But how do we know? We do what the person in a police uniform at the crossroads indicates, as long as we can go our way soon enough. Nothing prevents us from pulling over and requesting ID from the supposed-to-be police officer. But there is no point in doing so, as the delay is less or equal to that caused by a traffic light doing the same thing. However, a short fat hacker doing the same dance at the same spot is probably just ran over, since a black hoody is not the authorization drivers care about.

Trusting the uniform was better than doing what the hacker indicated, and it was orders of magnitude less effort, hence faster, than verification.

Trust nobody and you have to do everything yourself. With computers, that's a lot of work. If you accept help, you extend some specific trust towards others to do it in your name. In today's world, we mostly delegate to software and services. They represent us via email, in chats, messaging, for business and banking transactions, even to our governments. If a person you delegated something to has misused that trust, you probably retract said trust to prevent further betrayal. But what about software? How does one even know which ones were involved? And who is liable?

Well, you are.

You are forced to either accept an End User License Agreement or some Terms of Service, or you are excluded from using the software or service presenting it to you. Even if you are aware of a trust relationship between you and another party, you can only say YES or NO. Nowhere does it allow you to say for what or how far you trust some company or government agency. So-called Privacy Settings supposedly allow you to lock out your friends and family, but the Web site's Privacy Policy, which you agreed to just by looking at it, tells you that it sells you. Forever.

Your phone connects to the corporate VPN and opens WiFi access at the same time, all while you are asleep in a hotel room. Who is responsible for the million dollar damage caused by the criminals that broke into the corporate network via your phone?

Your social media accounts post pictures of you acting out your “other side” together with various people who don't even belong to your extended family. How to convince the divorce judge that it wasn't you, and that it would be safe to see your kids once a month?

Your corporate issued tablet channels Gigabytes of confidential data to another country every time you turn it on. But the two-factor authentication says it clearly was you who logged on. How do you argue that you don't even like rice?