Trusted Download Program: A Year in the Trenches - How Trusted Downloads Make More Money
1 like685 views
The document summarizes a presentation about TRUSTe's Trusted Download Program. The program aims to promote transparency and accountability for software downloads. It establishes industry standards for notice, consent, uninstall procedures, and bans unacceptable behaviors like fraud. Participants receive TRUSTe's seal, which studies show increases conversion rates. The program involves proactive monitoring of distributors to ensure compliance as financial incentives exist for abuse. It also helps address privacy and security concerns that reduce consumer trust online.
Trusted Download Program: A Year in the Trenches - How Trusted Downloads Make More Money
- 1. Trusted Download Program: A Year in the Trenches How Trusted Downloads Make More Money May 8, 2008 CONFIDENTIAL
- 2. INTRODUCTION Today’s Speakers: • Colin O’Malley, VP Strategic Partnerships & Programs, TRUSTe • Aislinn Hettermann, Sr. Manager, Network Quality, Yahoo! • Alissa Cooper, Chief Computer Scientist, CDT • Irina Doliov, Sr. Product Manager, TDP, TRUSTe CONFIDENTIAL 2
- 4. PRIVACY AND TRUST IN A NETWORKED WORLD BUSINESSES CONSUMERS Need to Demonstrate Compliance with Look to Identify Trustworthy Online Privacy Best Practices to Gain Businesses Consumer Trust REGULATORS Want Enforcement and Compliance Assurance 4
- 5. A GAP IN CONSUMER TRUST Consumers’ Need for Trust Rising 80% Concerned 40% About Privacy Look for Privacy 50% of Policies / SealsIdentity Theft Shoppers Don’t Purchase Online Consumer Phishing Concern Affecting Buying Sources: Forester Research, October 2006, Pew Internet Research, May 2005, TNS/TRUSTe Survey, Spring 2007 Hacking CONFIDENTIAL 5
- 6. History • Independent trust authority headquartered in San Francisco – Formed in 1997 by EFF, CommerceNet, and a number of leading Internet companies - Microsoft, Intel, IBM, AOL, Excite – Washington, DC gov’t affairs office 1997 2007 • Celebrated 10 Year Anniversary • Approach – Widely accepted privacy best practices – Elevate responsible players – Help consumers identify who they can trust – Supplement legislation and regulation – Address emerging privacy vulnerabilities and threats
- 8. Program Objectives • Promote meaningful notice and control for consumers • Establish industry-wide standards for software publishers • Identify trustworthy software for distributors and advertisers • Bring transparency and accountability to affiliate and distribution relationships CONFIDENTIAL 8
- 9. Market Incentives Content Advertisers Aggregators and Anti-Spyware and Consumer Software Ad Networks Portals Incentives =$ = Install Certified = Ratings Application CONFIDENTIAL 9
- 10. Client Outputs • Whitelist – Used by industry to determine where to deliver partnerships, distribution, and ad dollars • Seal – Boost conversions on your landing page • Consultative service – Detailed guidance from the leading authority on best practices CONFIDENTIAL 10
- 11. Fighting Spyware: Enforcement and Anti-Spyware Tools Alissa Cooper Chief Computer Scientist
- 12. Enforcement
- 13. FTC Enforcement
- 14. ”I figured out a way theinstall a exe without "It's immoral, but to money makes it any userJeanson James is the time to make right.” interaction. This Ancheta $$$ while we can.” Sanford Wallace
- 17. Department of Justice Enforcement
- 18. "It's immoral, but the money makes it right.” Jeanson James Ancheta
- 19. Technology
- 20. Anti-Spyware Coalition Work Definitions Risk Model Best Practices
- 21. Benefits to Software Industry Sony Rootkit -- 2005 AS vendors asked how to justify decision to flag software as “potentially unwanted.” Non-ASC member referred to ASC definitions. Litigation Against AS Vendors -- Ongoing One judge has held that offering services to screen unwanted content immunizes AS vendor from mislabeling claims. Sets precedent that AS vendors cannot be intimidated into changing their minds about what gets flagged -- which means they can continue to leverage work of ASC, TRUSTe, etc.
- 22. TDP PROGRAM REQUIREMENTS Irina Doliov
- 23. Anatomy of a “Trusted” Download • Notice • Consent • Easy, Clean Uninstall • Distribution and Promotion Practices • Absolute No-No’s CONFIDENTIAL 23
- 24. Notice • Primary Notice – Presented to the user during the installation process – Unavoidable – Written in plain language – Explains what the user is downloading – the value proposition – Links to Reference Notice(s) – For advertising or tracking software • Types of ads and when displayed (pop-ups?) • If ads for adult content will be shown • Description of PII collected, uses of PII, sharing policies • Reference Notice(s) – EULA, Privacy Policy, Terms of Use CONFIDENTIAL 24
- 25. Consent • The language used to describe Users’ options to consent to install must be plain and direct. • EULAs and "opt-out" mechanisms are insufficient for providing notice and obtaining consent. • The option to consent should not be the default option – Should not be able to hit “enter” all the way through the install process. • The option to decline consent to install software should be of equal prominence to the option to consent to the installation. CONFIDENTIAL 25
- 26. Primary Notice and Consent CONFIDENTIAL 26
- 27. Uninstall • Instructions must be easy to find and easy to understand • Methods for uninstalling must be available in places where consumers are accustomed to finding them, such as Add/Remove Programs feature in the Windows Control Panel • Uninstallation must remove all files associated with the particular application being uninstalled • Cannot be contingent on a consumer's providing Personally Identifiable Information, unless that information is required for account verification. CONFIDENTIAL 27
- 28. Affiliate Promotion and Distribution The risk in this model depends on the level of control: Distributor initiates the download but Distributors host the More Risk executable controlled by the executable and serve software publisher (via “stub notices installer”) Affiliates drive traffic to a landing Download initiated on page where participant controls all affiliates’ sites Less Risk aspects of download process Less Risk More Risk CONFIDENTIAL 28
- 29. Unacceptable Behaviors Inducing the user to install software onto computer or preventing efforts to block installation Taking control of a consumer’s computer Modifying security settings Collecting personally identifiable information (PII) through the use of keystroke logging or intentional misrepresentation Defrauding, misleading, consumers, affiliates, merchants, advertisers, or other software publishers CONFIDENTIAL 29
- 30. Lessons From a Year in the Trenches • Our lawyer is insane. Do not tangle with him. • Controlling distributors takes an active effort – A contract is not enough as there are incentives ($$) for abuse but low possibility of getting caught – Requires proactive, ongoing monitoring • Are the correct (or any) disclosures being served to consumers • Are consumers being presented with opportunity to provide consent • Is the download being promoted on approved locations – Technological control over the consent process • Referral URL’s, consent mechanism – Solutions to verify validity of downloads • Audit download rate patterns, provide oppty for consumers to complain CONFIDENTIAL 30
- 31. Lessons Learned (con’t) • Clean uninstall means: – Remove/reverse ALL files, including hidden files, registry entries, cookies, settings – Where there’s a legitimate reason to leave assets behind (e.g. fraud-prevention), disclose it. • Bad behaviors include: – Fraud against consumers, affiliates, merchants, advertisers, software publishers, or any other third parties – “Cookie Stuffing”, “Affiliate Fraud”, “Shopping cart hijacking”, “forced clicks or redirects” CONFIDENTIAL 31
- 32. The Reward for being “Trusted” • TDP Seal at the point of download lifts conversions: – In testing, a TRUSTe seal was a “high influence” factor out of 16 factors on the test page. • TRUSTe TDP Seal resulted in a 4.5% lift in conversions over not having a TDP Seal. CONFIDENTIAL 32
- 33. Questions? Colin O’Malley Alissa Cooper VP Strategic Partnerships & Programs Chief Computer Scientist TRUSTe CDT 415.520.3408 202.637.9800 colin@truste.org acooper@cdt.org Aislinn Hettermann Irina Doliov Sr. Manager, Network Quality Sr. Product Manager, TDP Yahoo! TRUSTe 818.524.5768 415.520.3438 butlera@yahoo-inc.com idoliov@truste.org For additional information about the Trusted Download Program, contact: Heather Dorso at (415) 520-3405 or hdorso@truste.org CONFIDENTIAL 33