fhwang.net

Running your own auction

When I decided to auction the Unauthorized iPod U2 vs. Negativland Special Edition on my own web site, one of my concerns was how I was going to take bids from strangers and ensure that those strangers wouldn’t back out if they won. After all, you don’t want to muddy up your 15 minutes of fame just ‘cause some high school kid feels like playing around. On the other hand, you also don’t want a system that’s so cumbersome that potential bidders give up out of exasperation. So here, for posterity’s sake, are my thoughts about running an auction on your own website.

Largely, this is a problem of fixing the identities of people you’ve never met and only know through an email address. If you knew who your bidder was, you’d be able to take their bid with some confidence, particularly since you could publically give them negative feedback if things didn’t work out. eBay and other similar sites have their own reputation metrics to help both sellers and bidders, but obviously this only works for closed systems. Outside of those closed systems, you could solve this if you had a working form of what’s called “federated identity”, but that’s a genuinely difficult problem that hasn’t been solved yet. There are corporate solutions, but most of them seem to rely on a single server (or set of servers) that would hold the emails and passwords of every single person on the web, which isn’t that reassuring given the blemished track record of such databases so far.

Of course, there are intriguing proposals that are less centralized and less driven by corporate needs. (Many of them are discussed on the excellent Decentralization list.) To this amateur, LidMesh seems like a solid idea, and there’s always the web of trust.

But those systems don’t have wide adoption today, and blue-sky thinking wasn’t useful to me: I had an auction to run, and didn’t want to limit my pool of bidders to security buffs. So I opted for a sytem that was less automated but more lenient. Bidders submitted bids to me through regular, unsigned email. The first time they submitted a bid, I required them to reply to a message of mine to ensure that there was no email spoofing going on. First time bidders were also required to submit one or more URIs that represented an already existing online identity. Most bidders satisfied this requirement with blogs or home pages, but I also accepted company and academic sites. I would have also accepted profile pages on Slashdot or Friendster, though I probably would’ve required those bidders to include an arbitrary word in their profile to verify that the profile belonged to them.

With a system like this, bidders were effectively offering their online identities as collateral. Since I could theoretically punish a spurious bid by publically saying “Never trust the John Doe who blogs at http://johndoe.somebloghost.com/”, I had some assurance that bids were serious. As a nice side effect, my bidders all got some traffic since I posted the submitted URIs on the bid history page. (And I should state for the record that I have no reason to believe that any of the bidders were acting in bad faith. In fact, this whole post is probably just evidence of some sort of nascent paranoia, but when you work with the internet that’s sort of an occupational hazard.)

This system has one big flaw, though: You shut out people who don’t have visible, stable forms of online identity. Maybe that sounds unlikely today, but I had an extensive conversation with one highly tech-savvy person who wanted to bid, but didn’t have a homepage or online presence of any kind. He never did give me anything solid enough for me to accept his bid. He told me to Google him, but, as I’ve written before, I’m only one of two Francis Hwangs who are artists living in Brooklyn, so I’m pretty wary of name collisions.

It’s worth noting that I wasn’t interested in a legal or financial identity as much as an extant online personality. Even having somebody’s Social Security Number and home address wouldn’t have been useful to me, because it’s not like I was going to pursue legal remedy over a bad bid. On the other hand, I did accept bids from people who only gave me their first names or their online handles, as long as they had an online identity that was at stake.

Another problem with running your own auction is that you’re both the seller and the auctioneer, and that’s a clear conflict of interest. Given the amount of publicity on the auction, I wanted to keep the process as transparent as possible, but I opted for a little secrecy in keeping the highest bid concealed, showing only the amount required to beat the next-highest bid. For example, if John bids $100, and then Jane bids $200, I’d only show that Jane was the highest bidder with $101 at stake so far. This is how eBay does it, and it seems sensible to me, since it prevents the other bidders from knocking out your high bid by just one dollar. But such a system arguably adds opportunities for cheating. One bidder, whose bids kept on getting beat by earlier, higher bids, emailed me wondering out loud if I was colluding out loud with someone else, since to him it looked as if his bids kept being beat right away by just one dollar. I’m not even certain how I would cheat such a system without running the risk of the whole thing collapsing at the end. But you’d rather not give your bidders the chance to worry in the first place.

I’m not certain what the best solution would be to that problem. eBay gets around it because it’s got a reputation that’s been established over millions of transactions. I suppose it would’ve been better if I could’ve had somebody else handle my auction for me, so I could step back and simply be the seller. But given the controversial nature of the sale, I probably would’ve had a hard time finding somebody else to carry it. And even if I did find an auctioneer, that might not solve anything, because unless the auctioneer has a well-established reputation, you could suspect that I’m in cahoots with the auctioneer, or that we’re in fact the same person.

Of course, all this security thinking has to be balanced by a bit of pragmatism, and even humility. Sometimes there’s a fine line between being prudent and just taking yourself way too seriously. Given what’s at stake, how much effort is a person going to go to cheat, either as a bidder or a seller? While my jerry-rigged auction system might not have held up if I were auctioning a Picasso, it seemed to work just fine for my iPod, which finally sold for $667. I don’t think any of the aforementioned issues affected the final price.

I’m not certain if an auction like this points the way to some Xanadu of decentralized, eBay-free auctions. People sometimes complain about eBay’s monopoly, but they’re rarely motivated enough to try to build their own alternative from the ground up. After all, eBay accepts the vast majority of auctions submitted by sellers, and it remains a convenient way to buy and sell an astonishingly wide range of crap.

On the other hand, there will always be other items that are too controversial to stay on eBay and controversial enough to get free publicity from the blogospher. So this auction might serve as a useful example for those cases. If you’re auctioning off something eBay doesn’t want to touch, and it isn’t worth much more than $667, the odds that you can do it on your own website are pretty high. I guess that’s something I didn’t know a few months ago.

blog comments powered by Disqus
Tagged: social_software, web

« Previous post

Next post »