As part of a small project I'm working on, I need to have at least a rough description of how a given number of decibans translates into a subjective level of confidence, described in a way that can be understood by people who've never come across the idea before.

Some previous discussion has involved the practical maximum number of decibans, that imaginary and complex decibans aren't relevant here, a quick reference table, and another reference table.

Here's my first attempt an an approach: list some of the more memorable numbers of decibans, and give a rough description of that confidence level (being applied to identity verification, where possible). I'm open to any alternate approaches, and/or ways to improve this one.

 

While people tend to be very bad at assigning accurate confidence levels (eg, when people claim to be 90% sure of something, they're often wrong 50% of the time), their initial estimates of their confidence levels can be used as the inputs for more sophisticated Bayesian algorithms. Until such time as more accurate estimates are available, here are some possible sample confidence levels:

0 decibans: 50%: You're not sure whether the last digit of the phone number is a 3 or a 5.

1 decibans: 55% Just slightly more likely than not; a business card handed to you by a stranger.

Up to 10 decibans: to 90%: Someone you've chatted to for an evening.

Up to 20 decibans: to 99%: A distant acquaintance, who you talk to once a year.

Up to 30 decibans: to 99.9%: A co-worker who might have been re-organized into a new email since you last heard from them.

Up to 40 decibans: to 99.99%: A family member, who you might accidentally have mis-spelled the email address of.

Around 100 decibans: Your own personal information, closely checked. (There's still a theoretical chance that you're wrong, just as there's a theoretical chance that you're the star of something like the Truman Show.)

127 decibans: Data which relies on yourself alone, thoroughly re-checked and confirmed by others.</p>

New Comment
9 comments, sorted by Click to highlight new comments since:
[-]RowanE120

The idea of being 99% confident of the correct phone number for a distant acquaintance, without actually checking on Facebook or something to confirm, boggles my mind.

Perhaps our social networks differ; perhaps I have a good memory for phone numbers. :)

Do you have an alternative for the 99% confidence level?

[-]gjm50

You think that if a stranger hands you their business card it's only 55% likely that they're who they say they are? And that if you've chatted to someone for an evening there's only a 90% probability that they're who they say they are?

Maybe I'm too trusting or something, but those figures look way too pessimistic to me.

those figures look way too pessimistic to me

That's entirely possible. This whole project is in the context of using public-key infrastructure so that one authority can verify another's identity, who can identify another. Put another way, to offer a replacement for PGP's current web-of-trust model, where you either 'trust' an authority or you don't, with a quantitative, Bayesian system. Given all that, I seem to have a tendency not to trust any authority without a cryptographic signature authenticating it.

I'm also trying to fit the trust-levels so that there is a reasonable series of progressions. If you've got a set of descriptions you think would fit better, I'd love to read them.

[-]gjm30

In that context, pessimism may be more reasonable.

That is: If for whatever reason you are engaged in activities that really require anything like PGP's web of trust, then that probably means that you're in more danger than the rest of us of being the subject of deliberate somewhat-credible deception about people's identities. So maybe of the people who give you business cards only 55% really are who they say they are. That's still a long way from my experience :-).

[EDITED to add ...] Oh, and more to the point, if you're building software that tries to make this kind of decision and it's based on probabilities appropriate for "ordinary" situations, it will probably go badly wrong in situations of deliberate attack. So it may be necessary to adopt more pessimistic numbers.

I don't think I understand at all what these descriptions of confidence levels are supposed to mean. Do they refer to your confidence in specific pieces of information about the people in the descriptions? Information you heard from those people? What scenario does the business about email addresses envision?

EDIT: Apologies, I now see the parenthetical "(being applied to identity verification, where possible)," which I managed to completely overlook on a first reading. Please ignore the above criticism, but you still might want to make the deciban descriptions more explicit.

you still might want to make the deciban descriptions more explicit.

A good point, which I'll add to the to-do list.

I suggest you make it urgent. I, too, found it difficult to envision clearly what I was supposed to be uncertain about, except in the first case - which is not doing you any favours, really, by being both extremely clear and seemingly different from all the others.

This doesn't apply to the particular case you're considering of identity confirmation, but for getting people to grok really how unlikely 'technically possible' events are, I once kind of jokingly proposed sports analogies for extremely improbable events.

The basic level is 'the next major league American football game you watch ends with a score of 2-0.' (The very uncommon 'safety' score of tackling someone in their own end zone produces 2 points under most circumstances) This would be quite difficult to achieve, requiring a very defense-favoring game.

The next level is the same, but a score of 4-2. Both sides need to be awesome at defense.

The next level is 100-4. The same side needs to be brilliant and terrible at offense, and the other brilliant and terrible at defense.

And of course you can multiply it by requiring that multiple of these occur in sequence.

The problem is, this is way too hard to quantify. You'd obviously be pulling it out of nowhere, which would hurt rather than help.