Trusted Download Program: A Year in the Trenches How Trusted Downloads Make More Money
May 8, 2008
INTRODUCTION Today’s Speakers: • Colin O’Malley, VP Strategic Partnerships & Programs, TRUSTe • Aislinn Hettermann, Sr. Manager, Network Quality, Yahoo! • Alissa Cooper, Chief Computer Scientist, CDT • Irina Doliov, Sr. Product Manager, TDP, TRUSTe
ABOUT TRUSTe Colin O’Malley
PRIVACY AND TRUST IN A NETWORKED WORLD
Need to Demonstrate Compliance with Privacy Best Practices to Gain Consumer Trust
Look to Identify Trustworthy Online Businesses
REGULATORS Want Enforcement and Compliance Assurance
A GAP IN CONSUMER TRUST
Consumers’ Need for Trust Rising
80% 40% Concerned About Privacy Look for PrivacyIdentity 50% of Policies / Seals Theft Shoppers Don’t Purchase Online Consumer Phishing Concern Affecting Buying
Sources: Forester Research, October 2006, Pew Internet Research, May 2005, TNS/TRUSTe Survey, Spring 2007
Independent trust authority headquartered in San Francisco – Formed in 1997 by EFF, CommerceNet, and a number of leading Internet companies - Microsoft, Intel, IBM, AOL, Excite – Washington, DC gov’t affairs office 1997
Celebrated 10 Year Anniversary
Approach – – – – –
Widely accepted privacy best practices Elevate responsible players Help consumers identify who they can trust Supplement legislation and regulation Address emerging privacy vulnerabilities and threats
Trusted Download Program
Program Objectives • • • •
Promote meaningful notice and control for consumers Establish industry-wide standards for software publishers Identify trustworthy software for distributors and advertisers Bring transparency and accountability to affiliate and distribution relationships
Advertisers and Ad Networks
Content Aggregators and Consumer Portals
Incentives =$ = Install = Ratings
Client Outputs •
Whitelist – Used by industry to determine where to deliver partnerships, distribution, and ad dollars
Seal – Boost conversions on your landing page
Consultative service – Detailed guidance from the leading authority on best practices
Fighting Spyware: Enforcement and Anti-Spyware Tools
Alissa Cooper Chief Computer Scientist
”I figured out a way to install a exe without "It's immoral, but the money makes it any userJeanson interaction. This is the time to make right.” James Ancheta $$$ while we can.” Sanford Wallace
Department of Justice Enforcement
"It's immoral, but the money makes it right.â€? Jeanson James Ancheta
Anti-Spyware Coalition Work Definitions Risk
Benefits to Software Industry
Sony Rootkit -- 2005
AS vendors asked how to justify decision to flag software as “potentially unwanted.”
Non-ASC member referred to ASC definitions.
Litigation Against AS Vendors -- Ongoing
One judge has held that offering services to screen unwanted content immunizes AS vendor from mislabeling claims.
Sets precedent that AS vendors cannot be intimidated into changing their minds about what gets flagged -- which means they can continue to leverage work of ASC, TRUSTe, etc.
TDP PROGRAM REQUIREMENTS Irina Doliov
Anatomy of a “Trusted” Download • • • • •
Notice Consent Easy, Clean Uninstall Distribution and Promotion Practices Absolute No-No’s
Notice • Primary Notice – – – – – –
Presented to the user during the installation process Unavoidable Written in plain language Explains what the user is downloading – the value proposition Links to Reference Notice(s) For advertising or tracking software • Types of ads and when displayed (pop-ups?) • If ads for adult content will be shown • Description of PII collected, uses of PII, sharing policies
Consent • The language used to describe Users’ options to consent to install must be plain and direct. • EULAs and "opt-out" mechanisms are insufficient for providing notice and obtaining consent. • The option to consent should not be the default option – Should not be able to hit “enter” all the way through the install process.
• The option to decline consent to install software should be of equal prominence to the option to consent to the installation.
Primary Notice and Consent
Uninstall • Instructions must be easy to find and easy to understand • Methods for uninstalling must be available in places where consumers are accustomed to finding them, such as Add/Remove Programs feature in the Windows Control Panel • Uninstallation must remove all files associated with the particular application being uninstalled • Cannot be contingent on a consumer's providing Personally Identifiable Information, unless that information is required for account verification.
Affiliate Promotion and Distribution
The risk in this model depends on the level of control: Distributor initiates the download but executable controlled by the software publisher (via “stub installer”)
Distributors host the executable and serve notices
Affiliates drive traffic to a landing page where participant controls all aspects of download process
Download initiated on affiliates’ sites
Unacceptable Behaviors UInducing the user to install software onto computer or preventing efforts to block installation UTaking control of a consumerâ€™s computer UModifying security settings UCollecting personally identifiable information (PII) through the use of keystroke logging or intentional misrepresentation UDefrauding, misleading, consumers, affiliates, merchants, advertisers, or other software publishers
Lessons From a Year in the Trenches • •
Our lawyer is insane. Do not tangle with him. Controlling distributors takes an active effort – A contract is not enough as there are incentives ($$) for abuse but low possibility of getting caught – Requires proactive, ongoing monitoring • Are the correct (or any) disclosures being served to consumers • Are consumers being presented with opportunity to provide consent • Is the download being promoted on approved locations
– Technological control over the consent process • Referral URL’s, consent mechanism
– Solutions to verify validity of downloads • Audit download rate patterns, provide oppty for consumers to complain
Lessons Learned (con’t) •
Clean uninstall means: – Remove/reverse ALL files, including hidden files, registry entries, cookies, settings – Where there’s a legitimate reason to leave assets behind (e.g. fraud-prevention), disclose it.
Bad behaviors include: – Fraud against consumers, affiliates, merchants, advertisers, software publishers, or any other third parties – “Cookie Stuffing”, “Affiliate Fraud”, “Shopping cart hijacking”, “forced clicks or redirects”
The Reward for being “Trusted” •
TDP Seal at the point of download lifts conversions: – In testing, a TRUSTe seal was a “high influence” factor out of 16 factors on the test page.
TRUSTe TDP Seal resulted in a 4.5% lift in conversions over not having a TDP Seal.
Questions? Colin Oâ€™Malley VP Strategic Partnerships & Programs
TRUSTe 415.520.3408 firstname.lastname@example.org
Aislinn Hettermann Sr. Manager, Network Quality Yahoo! 818.524.5768 email@example.com
Alissa Cooper Chief Computer Scientist CDT 202.637.9800 firstname.lastname@example.org Irina Doliov Sr. Product Manager, TDP TRUSTe 415.520.3438 email@example.com
For additional information about the Trusted Download Program, contact: Heather Dorso at (415) 520-3405 or firstname.lastname@example.org
Published on Oct 23, 2009
An outline of the advantages of certifying your downloadable software.