No company has been certified so far in the Trusted Download Program without making changes to their software, particularly in the areas of notice and control.
WhenU Case Study on Primary Notice
WhenU’s primary notice prior to certification was already above the then industry standards, especially in how it described key software functionality, and provided prominent notice of the types of advertising that would be displayed. WhenU used direct and clear terminology, such as: “ads slide or pop up in front or behind the browser…”
Affirmative Consent
The Trusted Download Program does not allow pre-selected option consent for advertising or tracking software. The intent is to ensure that users do not end up with advertising or tracking software on their computer as a result of moving through consent screens by hitting enter repeatedly, without taking the affirmative action of selecting a button to download when presented with material information.
WhenU Primary Notice Before 
TRUSTe reviewed all instances of WhenU Primary Notices. A number of associated Primary Notices were either opt-out or the consent option (“Next” or “I Accept”) was highlighted by default.
TRUSTe guidance during the certification process required WhenU to provide an affirmative consent for Save/SaveNow, and for the acceptance and decline options to be featured with equal promininence universally throughout the WhenU distribution network. WhenU understood and agreed with our requirements, and acted quickly to make the required changes.
TRUSTe’s subsequent review of Save/SaveNow Primary Consent screens were verified to offer the required consent mechanism.
Timing of Ads
TRUSTe Guidance during the certification process also advised that advertising software is required to give a level of specificity on when the advertising will be displayed. For example, will ads appear when the user is browsing the internet or at any time? In this case WhenU added the disclosure that advertising would be served “While you are browsing online, our software will show you pop-up advertisements…related to Web-browsing activity.” This provides sufficient specificity to set user expectations and equips the user to make an informed decision about the value exchange they are agreeing to.
WhenU Primary Notice After
Posted by: Colin O’Malley, Director of Product Development
February 15th, 2007
About ten years ago a bunch of folks from internet startups, and the EFF, and others, were cooking up the concept of a self-regulatory framework for internet privacy. After lots of starts and stops, and one grueling labor, the first standards for internet privacy statements and a list of TRUSTe Web Privacy Seal certified websites were birthed in 1997.
Today, we unveiled the first eight software applications certified to the Trusted Download standards. Ten years later Trusted Download has been a labour of love similar to our webseal. In some ways TRUSTe has taken learning from its previous programs to give TDP a running start, and in other areas the program is breaking new ground. The Anti-spyware Coalition provided the foundation for TDP, by hammering out definitions for spyware and nusiance programs in 2005 - these formed the prohibited behaviors in our certification agreements.
It has taken years for TRUSTe to build its privacy program requirements from mere disclosure, “say what you do,” into an aspirational set of standards that now include a prohibition on sharing of information without consent. For TDP we wanted to launch a program that began with the highest standards, instead of working up to them. We convened the internet‘s most influential companies - Yahoo, AOL, Microsoft, CA, CNET to ensure that no one entity or viewpoint influenced the standards too greatly. Although they aren’t program sponsors, the program requirements include provisions that Google and others contributed to the process. And we included important players such as the Center for Democracy and Technology from the beginning and in the ongoing advisory committee to the program.
If the launch of the web seal program and its subsequent development is any indicator, we are in for serious growing pains. We’re anticipating a learning process. Self-regulation is an ecosystem, and an essential part of the range of solutions that help make the internet a more trusted place. We welcome constructive feedback on the program, with the understanding that this is just the beginnng of changing the market.
Fran Maier, Executive Director
February 15th, 2007
The New York Attorney General announced that three of the largest online advertisers Priceline, Cingular and Travelocity, had agreed to pay $100,000 to end a probe into advertising through deceptively installed programs by Direct Revenue, Inc. This develoment follows on Federal Trade Commission settlements with major adware publisher Zango, and Center for Democracy and Technology — ‘Follow the Money’ reports detailing the adware economic model.
“Advertisers will now be held responsible when their ads end up on consumers’ computers without full notice and consent,” said New York Attorney General Andrew Cuomo. The agreements require each advertiser to deliver ads only through advertising sotware with informed consent to download and control over the software and uninstall. Priceline, has a posted adware policy here, stating their corporate policy against advertising through adware.
Enter, the Trusted Download whitelist.
TRUSTe will announce the initial round of certified Trusted Download software applications in two weeks. Limited to software applications which provide notice, consent and control, the Whitelist is designed to be a tool for advertisers and thier agents to select partners with safe, nuisance-free software.
February 1st, 2007
In a New Year’s resolution speech to the Association of National Advertisers, FTC Chairman, Deborah Platt Majoras offered advice and warned advertisers about complicity with intrusive adware, encouraging the exercise of self-regulation.
“The message for you is that advertisers need to be vigilant to ensure that their advertising dollars do not fund – either deliberately or inadvertently – illegal activity. You need to understand just how your Internet advertising reaches consumers. If you choose to advertise via adware, it is important that you select adware providers who ensure that consumers receive adequate notice of and knowingly consent to the installation of the adware, have a meaningful way of monitoring their distribution channels, allow consumers to uninstall their adware easily, and otherwise respect consumers’ rights. This is an area where policing by the advertising industry is critical to creating a culture of security and respect for consumer privacy. If you do not do so, you risk undermining consumer confidence in the Internet as a vehicle for commercial information and transactions.”
TRUSTe is leading the internet industry with the Trusted Download program, to give control to users of downloadable software of all types including, yes, adware. More information on Trusted Download which provides clear standards, certifies safe software behavior and monitors distribution networks; can be found here: www.trusteddownload.org
January 22nd, 2007
Ellen Nakashima gives a great minute-by-minute account of one woman’s digital trail in the Washington Post today. Follows the many data points collected everyday by surveillance equipment, convenience technologies such as FastTrak, and everyday online activities.
January 17th, 2007
TRUSTe just completed a survey of consumers on security breach notice and we’ll soon be releasing some data on how residents of states with breach notice requirements fared versus residents of states without breach notice requirements. Lucky for California’s stats we conducted the survey prior to the UCLA data breach. I received my first breach notice yesterday, not from my bank or credit card company, I had applied to a UCLA program in 1997.
I’ve been reading through Kim Cameron’s whitepapers on digital identity, namely the 7 Laws of Identity which I think sums up nicely what was broken at UCLA, “We should build systems that employ identifying information on the basis that a breach is always possible. Such a breach represents a risk. To mitigate risk, it is best to acquire information only on a “need to know” basis, and to retain it only on a “need to retain” basis. By following these practices, we can ensure the least possible damage in the event of a breach.”
December 15th, 2006
Today’s AP story, Privacy Options limited for Net services, highlights TRUSTe as an advocate for consumer choice, and mentions one exemplary sealholder, E-LOAN as offering exceptional choice when it comes to personal privacy. TRUSTe has reviewed tens of thousands of privacy policies, and E-LOAN’s is simply one of the best. One reason why they won our award for being a Most Trusted Company for Privacy this year.
Transparency, ensures that consumers are informed of the bargain. Accurate disclosure of practices also empowers consumers to encourage service providers to change thier practices. Facebook, another TRUSTe sealholder, is an excellent example of the importance of good disclosure and responsiveness to privacy issues. They handled customer concerns quickly and responsively - that’s also building trust.
- Posted by Carolyn Hodge
October 13th, 2006
As a result of investigating the HP Board pretexting scandal, CNET reporter/blogger David Berlind suggests to powers that be, that CNET/ZDNet should disclose outbound clear .gif tracking in thier email newsletters. And guess what, they agreed!
“So, sometime this week, once we’ve had a chance to adjust our newsletter templates, you will begin to see a text disclosure (probably at the bottom) that mentions the usage of trackable elements in the HTML versions of the daily and weekly editions of Tech Update.”
Bravo! We’ll be interested to see if subscribers, notice or comment on the disclosure.
October 2nd, 2006
If there was any confusion about what TRUSTe meant when we said we look at different things than SiteAdvisor, things got a tad clearer today when they announced they “don’t do phishing.”
This is only significant because in the previous post on this blog TRUSTe defends itself in a side-by-side comparison with SiteAdvisor, conducted by Ben Edelman, an expert reviewer and advisory board member to Site Advisor.
To repeat our previous posting, “TRUSTe views Site Advisor as a potentially useful monitoring tool, but not an accreditation program or an authority on privacy. Both approaches have strengths and shortcomings.”
Apples to oranges comparisons only become problematic when you come out on the losing end.
September 28th, 2006
In a recent study, the efficacy of our program and our standards has been called into question. TRUSTe disagrees with the study and its conclusion that TRUSTe certified websites are less trustworthy than non-certified web sites. TRUSTe requires its sealholders to adhere to a strict set of standards for consumer privacy based on informed choice for the use of personal information. Our processes are rigorous – on average 12% of applicants do not earn certification, and 100% of certified websites need to make changes to their policies, practices or websites prior to receiving certification. Notable companies with TRUSTe certification include Apple, Avis, Disney, eLOAN, Nationwide, NFL, and Pfizer. Consumers can be confident that TRUSTe certified sites comply with the disclosed privacy policy and offers them informed notice and choice.
The study does not present a full or accurate review of TRUSTe’s program requirements, monitoring processes and enforcement tools. The TRUSTe Web Seal Program Requirements represent a leading edge of privacy practices requiring disclosure of the uses of personal data, informed choice (as well as specifics for third-party sharing), and commitment to the Watchdog Dispute Resolution program. TRUSTe uses a number of tools, from user complaints to email seeding, to ensure continued compliance with our standards for informed notice and choice. Consumer generated Watchdog complaints have resulted in severe sanctions against licensees, including TRUSTe’s public termination of Gratis Internet - a company that the New York Attorney General has sued subsequent to TRUSTe’s actions.
In addition to several inaccuracies and misstatements, the study’s conclusions are based on an underlying set of assumptions, without exposition the methodology, definitions, and approach giving rise to such assumptions. TRUSTe views Site Advisor as a potentially useful monitoring tool, but not an accreditation program or an authority on privacy. Both approaches have strengths and shortcomings. As an accreditation program TRUSTe will err on the side of rating companies as trustworthy, conversely SiteAdvisor has been shown in some cases to err on the side of untrustworthy.
As for the four sites called out on Mr. Edelman’s blog, Direct-Revenue and MaxMoolah (and all WinHundred related companies) are no longer in the TRUSTe program. FunWebProducts, was, by an error in our database listed on our customer list, but it has never been certified, and has never displayed any seals or reference to TRUSTe to consumers. The fourth, Webhancer is certified by TRUSTe and will be required to submit its software for certification to Trusted Download program which is launching imminently. The Trusted Download program was designed specifically to address notice and choice and control issues with software that go beyond our website requirements. Like the Website Privacy Seal program, it will offer companies incentives to provide notice and choice while prohibiting intrusive behaviors.
We welcome this opportunity for regulators and others to closely review certification programs and for consumers to pay closer attention to seal and ratings programs and their requirements. We invite the public to closely look at the rigorous requirements of the TRUSTe web seal program, email privacy seal program, as well as our recently announced Trusted Download Program.
September 25th, 2006
Previous Posts
