Page 1

Trusted Download Program: A Year in the Trenches How Trusted Downloads Make More Money

May 8, 2008

CONFIDENTIAL


INTRODUCTION Today’s Speakers: • Colin O’Malley, VP Strategic Partnerships & Programs, TRUSTe • Aislinn Hettermann, Sr. Manager, Network Quality, Yahoo! • Alissa Cooper, Chief Computer Scientist, CDT • Irina Doliov, Sr. Product Manager, TDP, TRUSTe

CONFIDENTIAL

2


ABOUT TRUSTe Colin O’Malley

CONFIDENTIAL

3


PRIVACY AND TRUST IN A NETWORKED WORLD

BUSINESSES CONSUMERS

Need to Demonstrate Compliance with Privacy Best Practices to Gain Consumer Trust

Look to Identify Trustworthy Online Businesses

REGULATORS Want Enforcement and Compliance Assurance

4


A GAP IN CONSUMER TRUST

Consumers’ Need for Trust Rising

80% 40% Concerned About Privacy Look for PrivacyIdentity 50% of Policies / Seals Theft Shoppers Don’t Purchase Online Consumer Phishing Concern Affecting Buying

Hacking CONFIDENTIAL

Sources: Forester Research, October 2006, Pew Internet Research, May 2005, TNS/TRUSTe Survey, Spring 2007

5


History •

Independent trust authority headquartered in San Francisco – Formed in 1997 by EFF, CommerceNet, and a number of leading Internet companies - Microsoft, Intel, IBM, AOL, Excite – Washington, DC gov’t affairs office 1997

Celebrated 10 Year Anniversary

Approach – – – – –

Widely accepted privacy best practices Elevate responsible players Help consumers identify who they can trust Supplement legislation and regulation Address emerging privacy vulnerabilities and threats

2007


Trusted Download Program

CONFIDENTIAL

7


Program Objectives • • • •

Promote meaningful notice and control for consumers Establish industry-wide standards for software publishers Identify trustworthy software for distributors and advertisers Bring transparency and accountability to affiliate and distribution relationships

CONFIDENTIAL

8


Market Incentives

Advertisers and Ad Networks

Content Aggregators and Consumer Portals

Anti-Spyware Software

Incentives =$ = Install = Ratings

CONFIDENTIAL

Certified Application

9


Client Outputs •

Whitelist – Used by industry to determine where to deliver partnerships, distribution, and ad dollars

Seal – Boost conversions on your landing page

Consultative service – Detailed guidance from the leading authority on best practices

CONFIDENTIAL

10


Fighting Spyware: Enforcement and Anti-Spyware Tools

Alissa Cooper Chief Computer Scientist


Enforcement


FTC Enforcement


”I figured out a way to install a exe without "It's immoral, but the money makes it any userJeanson interaction. This is the time to make right.” James Ancheta $$$ while we can.” Sanford Wallace


State Enforcement


Department of Justice Enforcement


"It's immoral, but the money makes it right.� Jeanson James Ancheta


Technology


Anti-Spyware Coalition Work ‡ Definitions ‡ Risk

Model

‡ Best

Practices


Benefits to Software Industry ‡

‡

Sony Rootkit -- 2005 ‡

AS vendors asked how to justify decision to flag software as “potentially unwanted.”

‡

Non-ASC member referred to ASC definitions.

Litigation Against AS Vendors -- Ongoing ‡

One judge has held that offering services to screen unwanted content immunizes AS vendor from mislabeling claims.

‡

Sets precedent that AS vendors cannot be intimidated into changing their minds about what gets flagged -- which means they can continue to leverage work of ASC, TRUSTe, etc.


TDP PROGRAM REQUIREMENTS Irina Doliov


Anatomy of a “Trusted” Download • • • • •

Notice Consent Easy, Clean Uninstall Distribution and Promotion Practices Absolute No-No’s

CONFIDENTIAL

23


Notice • Primary Notice – – – – – –

Presented to the user during the installation process Unavoidable Written in plain language Explains what the user is downloading – the value proposition Links to Reference Notice(s) For advertising or tracking software • Types of ads and when displayed (pop-ups?) • If ads for adult content will be shown • Description of PII collected, uses of PII, sharing policies

• Reference Notice(s) – EULA, Privacy Policy, Terms of Use

CONFIDENTIAL

24


Consent • The language used to describe Users’ options to consent to install must be plain and direct. • EULAs and "opt-out" mechanisms are insufficient for providing notice and obtaining consent. • The option to consent should not be the default option – Should not be able to hit “enter” all the way through the install process.

• The option to decline consent to install software should be of equal prominence to the option to consent to the installation.

CONFIDENTIAL

25


Primary Notice and Consent

CONFIDENTIAL

26


Uninstall • Instructions must be easy to find and easy to understand • Methods for uninstalling must be available in places where consumers are accustomed to finding them, such as Add/Remove Programs feature in the Windows Control Panel • Uninstallation must remove all files associated with the particular application being uninstalled • Cannot be contingent on a consumer's providing Personally Identifiable Information, unless that information is required for account verification.

CONFIDENTIAL

27


Affiliate Promotion and Distribution

Less Risk

More Risk

The risk in this model depends on the level of control: Distributor initiates the download but executable controlled by the software publisher (via “stub installer”)

Distributors host the executable and serve notices

Affiliates drive traffic to a landing page where participant controls all aspects of download process

Download initiated on affiliates’ sites

Less Risk

CONFIDENTIAL

More Risk

28


Unacceptable Behaviors UInducing the user to install software onto computer or preventing efforts to block installation UTaking control of a consumer’s computer UModifying security settings UCollecting personally identifiable information (PII) through the use of keystroke logging or intentional misrepresentation UDefrauding, misleading, consumers, affiliates, merchants, advertisers, or other software publishers

CONFIDENTIAL

29


Lessons From a Year in the Trenches • •

Our lawyer is insane. Do not tangle with him. Controlling distributors takes an active effort – A contract is not enough as there are incentives ($$) for abuse but low possibility of getting caught – Requires proactive, ongoing monitoring • Are the correct (or any) disclosures being served to consumers • Are consumers being presented with opportunity to provide consent • Is the download being promoted on approved locations

– Technological control over the consent process • Referral URL’s, consent mechanism

– Solutions to verify validity of downloads • Audit download rate patterns, provide oppty for consumers to complain

CONFIDENTIAL

30


Lessons Learned (con’t) •

Clean uninstall means: – Remove/reverse ALL files, including hidden files, registry entries, cookies, settings – Where there’s a legitimate reason to leave assets behind (e.g. fraud-prevention), disclose it.

Bad behaviors include: – Fraud against consumers, affiliates, merchants, advertisers, software publishers, or any other third parties – “Cookie Stuffing”, “Affiliate Fraud”, “Shopping cart hijacking”, “forced clicks or redirects”

CONFIDENTIAL

31


The Reward for being “Trusted” •

TDP Seal at the point of download lifts conversions: – In testing, a TRUSTe seal was a “high influence” factor out of 16 factors on the test page.

TRUSTe TDP Seal resulted in a 4.5% lift in conversions over not having a TDP Seal.

CONFIDENTIAL

32


Questions? Colin O’Malley VP Strategic Partnerships & Programs

TRUSTe 415.520.3408 colin@truste.org

Aislinn Hettermann Sr. Manager, Network Quality Yahoo! 818.524.5768 butlera@yahoo-inc.com

Alissa Cooper Chief Computer Scientist CDT 202.637.9800 acooper@cdt.org Irina Doliov Sr. Product Manager, TDP TRUSTe 415.520.3438 idoliov@truste.org

For additional information about the Trusted Download Program, contact: Heather Dorso at (415) 520-3405 or hdorso@truste.org

CONFIDENTIAL

33

Trusted Download Program: A Year in the Trenches - How Trusted Downloads Make More Money  

An outline of the advantages of certifying your downloadable software.

Advertisement