Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Researcher takes TRUSTe to task
Published: 2006-09-26

A controversial survey of more than a half million Web sites released on Monday found that sites are twice as likely to be rated as bad actors if they have been certified by the TRUSTe non-profit industry group.

The research--conducted by Benjamin Edelman, an economics graduate student at Harvard University and spyware expert--used McAfee's SiteAdvisor Internet rating service to grade the top 515,309 Web sites. The researcher found that while 13,148 of those Web sites, or 2.5 percent, were deemed untrustworthy, the proportion of untrustworthy sites doubled to 5.4 percent, if only the 874 TRUSTe-certified sites were considered.

"It's no great surprise that bad actors seek to free-ride on sites users rightly trust," Edelman said in a statement on his Web site. "But certification issuers don't have to let this happen. They could develop and enforce tough rules, so that every site showing a seal is a site users aren't likely to regret visiting. Unfortunately, certification don't always live up to this ideal."

TRUSTe is a nonprofit group funded by its corporate members that certifies and monitors a Web site's privacy and email policies, though it does not hold members to specific privacy standards. The group's certification is less a measure of a Web site's commitment to a particular privacy policy and more a measure of the site's commitment to spelling out its policy in its legal statements. The group took exception to Edelman's findings, saying that SiteAdvisor is not foolproof either.

"As an accreditation program TRUSTe will err on the side of rating companies as trustworthy, conversely SiteAdvisor has been shown in some cases to err on the side of untrustworthy," the group said in a response on its blog.

The group certified the recent changes to AT&T's privacy policies, which many critics attacked as undermining consumer privacy by asserting the company's ownership of its business records. While AT&T has become the focus of a great deal of criticism over its role in aiding the surveillance activities of the National Security Agency, the changes may have helped bolster consumer privacy in the latest row over Hewlett-Packard's overreaching investigation of its board and nine journalists.

Edelman's research did not find that all certifications have problems. The Better Business Bureau's BBBOnline certification program actually resulted in a reduction in the number of untrustworthy Web sites, he found. Web sites with the certification were ranked untrustworthy by SiteAdvisor only 1 percent of the time, compared with 3 percent for uncertified sites.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:
Researcher takes TRUSTe to task 2006-09-26
Carolyn Hodge, TRUSTe (1 replies)
Re: Researcher takes TRUSTe to task 2006-09-27
Anonymous (1 replies)
Researcher takes TRUSTe to task 2006-09-28


Privacy Statement
Copyright 2009, SecurityFocus