09-27-2006, 11:05 AM
Quote:Ben Edelman, a researcher working on his Ph.D. in economics at Harvard, has posted a study showing that sites certified through Truste are twice as likely as similar, but uncertified sites to deliver spyware, adware and spam.
Edelman compared nearly 1,000 Truste-certified sites to more than 500,000 sites as reported by a major ISP. Using MacAfee's automated SiteAdvisor tool which visits site automatically, downloads software and subscribes using single-use email accounts, Edelman found (.pdf) that 5.4% of Trust-E sites were untrustworthy, while only 2.5% of the baseline sites were.
Edelman attributes these results to Truste's reliance on customer complaints, its willingness to allow companies to violate their policies and then fix them later, its reluctance to strip certification and its economic incentive to keep sites as customers.
In comparison, Edelman found that sites in the Better Business Bureau OnLine¿s Privacy Seal Program have substantially higher trustworthiness than the base level sites, which he attributes to the program's stringent requirements...
full article : http://blog.wired.com/27BStroke6/index.b...id=1563286
Quote:When a stranger promises "you can trust me," most people know to be extra vigilant. What conclusion should users draw when a web site touts a seal proclaiming its trustworthiness? Some sites that are widely regarded as extremely trustworthy present such seals. But those same seals feature prominently on sites that seek to scam users -- whether through spyware infections, spam, or other unsavory practices.
It's no great surprise that bad actors seek to free-ride on sites users rightly trust. Suppose users have seen a seal on dozens of sites that turn out to be legitimate. Dubious sites can present that same seal to encourage more users to buy, register, or download.
But certification issuers don't have to let this happen. They could develop and enforce tough rules, so that every site showing a seal is a site users aren't likely to regret visiting. Unfortunately, certification don't always live up to this ideal. Writing tough rules isn't easy, and enforcing them is even harder. Hard-hitting rules are particularly unlikely when certification authorities get paid for each certification they issue -- but get nothing for rejecting an applicant. ..
the full research study: http://www.benedelman.org/news/092506-1.html