Friday, September 29, 2006

The ineffectiveness of TRUSTe

The TRUSTe program is supposed to certify that a website has a reasonable privacy policy. But Ben Edelman has cross-referenced TRUSTe certifications with SiteAdvisor ratings, and found that sites with TRUSTe certifications are twice as likely as those without to be listed as "untrustworthy" in SiteAdvisor's database--meaning that they send out spam, distribute spyware, etc.

Edelman calls out four particularly notorious sites that have or have had TRUSTe certification: Direct-Revenue.com, Funwebproducts.com, Maxmoolah.com, and Webhancer.com. All four are heavily involved with spyware. Direct Revenue and Maxmoolah have had their TRUSTe certifications revoked, but should never have been certified in the first place if TRUSTe was doing the validation they should have been doing.

TRUSTe has long been criticized by anti-spammers for giving certifications to organizations that don't deserve them.

Ryan Singel has raised similar questions about TRUSTe's reliability.

4 comments:

John A. Smith said...

This is why it shouldn't be left for a single entity to decide what can be trusted. Incidentally, I was browsing MozillaZine forums today, when I came across this new extension for my Firefox browser. As far as I can tell, it collects votes from users on how much a website can be trusted and shows them on the browser. Looks pretty new still, but I like the idea. Definitely better than issuing certificates for money.

Nice blog btw. I just found it via Technorati.

Jim Lippard said...

John, thanks for the comment. The Firefox extension you referenced looks interesting--my only worry about collecting votes from users is that my standards aren't the same as everybody else's. If the concept were expanded to let me rate how good I think other users' ratings are (and weight them correspondingly), then that could work really well. Otherwise, it's going to be a lowest common denominator ranking (especially in the "safe destination for children" category). The advantage of a single group doing the ratings is that they can publish a defined standard and follow it--and SiteAdvisor has constructed their ratings in a pretty objectively measurable manner (e.g., site generates more than N emails per week; joining site causes emails to be sent from other sites).

Kevin Lewis said...

TRUSTe disagrees with this paper. A full response can be found at blog.truste.org.

Jim Lippard said...

Thanks for the pointer, Kevin. The specific blog entry in question is here, which is worth reading along with the comments.