Ben Edelman vs. TRUSTe: Can't We All Just Get Along?

UPDATE: Spyware researcher Ben Edelman contends many TRUSTe-certified sites can't be trusted, but there's more to the story.

Security and privacy issues can induce rage in the average Web user at privacy infringers, spammers and spyware purveyors. What’s more surprising, perhaps, is the vitriol that can arise within the small online security community itself. The latest insider spat erupted following the release of an academic paper using data from McAfee’s Web site security-rating application SiteAdvisor to determine TRUSTe certification is less than legit.

In his paper published last Monday, author and spyware researcher Ben Edelman purported out of a sampling of over 500,000 top sites, 5.4 percent of TRUSTe-certified sites are actually untrustworthy, compared with 2.5 percent of all sites in the test group. “So,” he writes, “TRUSTe-certified sites are more than twice as likely to be untrustworthy.”

Edelman singles out sites he believes should not have been awarded the TRUSTe privacy seal, some of which still remain approved, including Direct Revenue, eZula, Hotbar, Maxmoolah.com and Webhancer. He also criticizes the ability of Better Business Bureau seal programs and major search engines to shield users from potential dangers of visiting or interacting with certain sites.

In the paper’s aftermath, TRUSTe has been Edelman’s main target as well as the focus of online chatter surrounding his conclusions. TRUSTe privacy-related certification programs don’t necessarily cover practices that result from downloading applications provided by a company, even if that company’s site has been labeled with a privacy seal. The [TRUSTe] seal doesn’t OK all activities on those sites,” affirmed TRUSTe Marketing Director Carolyn Hodge.

Edelman contends most users expect a privacy certification process to consider spyware or e-mail abuse. Thus, he concluded, by separating privacy policy adherence from other nefarious activities, “I don’t think [TRUSTe] passes the smell taste with most users.”

Edelman is on the technical advisory board for McAfee’s SiteAdvisor application, a relationship some argue doesn’t pass the smell test either, since he uses data collected by the software to scrutinize TRUSTe.

SiteAdvisor uses Web bots to download executable files in order to assess potential damage of visiting or providing information to particular Web sites. The free software checks for automatic software downloads, excessive e-mails, outbound links to dangerous sites and security breaches, and attributes a green, yellow or red browser icon to sites when users click to them.

Ari Schwartz, deputy director of the Center for Democracy and Technology (CDT), argued SiteAdvisor and TRUSTe aren’t necessarily comparable because their methodologies are different. “TRUSTe works directly with the company and SiteAdvisor critiques the company from the outside,” he said. Schwartz has reservations about the validity of TRUSTe’s programs, but believes the organization has improved since earlier days. He added, “There’s a lot more work involved for TRUSTe, [and]… TRUSTe does bring an added sense to the table of improving the practices of the companies they work with.” CDT has been on two TRUSTe advisory boards.

Alan Chapell, president of privacy consulting outfit Chappell and Associates, has used the SiteAdvisor tool, but opined, “A research tool it is not.” He argued TRUSTe’s certification methodology is valuable because “to my knowledge, every time TRUSTe puts out a program, they put out standards that are publicly vetted.” Chapell’s firm has done consulting work for the privacy watchdog.

Shane Keats, Market Strategist for McAfee, would not comment specifically about Edelman’s report; however, he told ClickZ News, “Web security is a big problem and benefits from lots of approaches.”

TRUSTe’s most recent approach is a certification program for consumer downloadable software applications. In development for about a year, the Trusted Download program is intended to separate harmful spyware from adware and other applications.

Though Hodge admitted, “We do have gaps in the identification and testing of software,” she lamented, “What’s most disappointing about the report is that Ben conveniently is not mentioning the Trusted Download program.” Indeed, Edelman confirmed he actually advised TRUSTe on keeping untrustworthy sites and programs out of the Trusted Download Program. The program, which is set to launch soon, will provide a public whitelist of certified applications for consumers once it is active.

According to Hodge, the organization halted acceptance of applications from companies offering downloadable software last year. In addition, she noted any software firms providing adware or trackware must be certified by The Trusted Download Program before they’re made eligible for TRUSTe’s other certification programs.

Edelman implied in his paper that TRUSTe is in the certification business for ulterior motives, namely money. In a discussion with ClickZ News Edelman declared, “The core problem is [TRUSTe] only makes money if they issue certifications.”

The organization sets privacy seal certification payments according to a sliding scale based on company revenues. Annual charges run from a minimum of $649 for the seal plus $250 for each additional URL for companies with revenues below $1 million. Firms earning revenues of $2 billion or more pay a maximum annual fee of $12,999 for a seal plus $3,250 for each added URL.

Hodge protested, “Profits are not part of the conversation here [at TRUSTe].” On the flipside, she and others wonder whether Edelman has a bias or stands to gain from touting SiteAdvisor over TRUSTe.

The question remains, will squabbles among industry insiders affect the relevance of TRUSTe certification? It could have an impact on the more clued-in consumer, concluded CDT’s Schwartz, adding, “It depends on who the consumer is.”

Subscribe to get your daily business insights

Whitepapers

US Mobile Streaming Behavior

Whitepaper | Mobile US Mobile Streaming Behavior

5y

US Mobile Streaming Behavior

Streaming has become a staple of US media-viewing habits. Streaming video, however, still comes with a variety of pesky frustrations that viewers are ...

View resource
Winning the Data Game: Digital Analytics Tactics for Media Groups

Whitepaper | Analyzing Customer Data Winning the Data Game: Digital Analytics Tactics for Media Groups

5y

Winning the Data Game: Digital Analytics Tactics f...

Data is the lifeblood of so many companies today. You need more of it, all of which at higher quality, and all the meanwhile being compliant with data...

View resource
Learning to win the talent war: how digital marketing can develop its people

Whitepaper | Digital Marketing Learning to win the talent war: how digital marketing can develop its people

2y

Learning to win the talent war: how digital market...

This report documents the findings of a Fireside chat held by ClickZ in the first quarter of 2022. It provides expert insight on how companies can ret...

View resource
Engagement To Empowerment - Winning in Today's Experience Economy

Report | Digital Transformation Engagement To Empowerment - Winning in Today's Experience Economy

4w

Engagement To Empowerment - Winning in Today's Exp...

Customers decide fast, influenced by only 2.5 touchpoints – globally! Make sure your brand shines in those critical moments. Read More...

View resource