Friday, September 29, 2006

The ineffectiveness of TRUSTe

The TRUSTe program is supposed to certify that a website has a reasonable privacy policy. But Ben Edelman has cross-referenced TRUSTe certifications with SiteAdvisor ratings, and found that sites with TRUSTe certifications are twice as likely as those without to be listed as "untrustworthy" in SiteAdvisor's database--meaning that they send out spam, distribute spyware, etc.

Edelman calls out four particularly notorious sites that have or have had TRUSTe certification: Direct-Revenue.com, Funwebproducts.com, Maxmoolah.com, and Webhancer.com. All four are heavily involved with spyware. Direct Revenue and Maxmoolah have had their TRUSTe certifications revoked, but should never have been certified in the first place if TRUSTe was doing the validation they should have been doing.

TRUSTe has long been criticized by anti-spammers for giving certifications to organizations that don't deserve them.

Ryan Singel has raised similar questions about TRUSTe's reliability.

2 comments:

Lippard said...

John, thanks for the comment. The Firefox extension you referenced looks interesting--my only worry about collecting votes from users is that my standards aren't the same as everybody else's. If the concept were expanded to let me rate how good I think other users' ratings are (and weight them correspondingly), then that could work really well. Otherwise, it's going to be a lowest common denominator ranking (especially in the "safe destination for children" category). The advantage of a single group doing the ratings is that they can publish a defined standard and follow it--and SiteAdvisor has constructed their ratings in a pretty objectively measurable manner (e.g., site generates more than N emails per week; joining site causes emails to be sent from other sites).

Lippard said...

Thanks for the pointer, Kevin. The specific blog entry in question is here, which is worth reading along with the comments.