Trusted Download Program: A Year in the Trenches How Trusted Downloads Make More Money
May 8, 2008
CONFIDENTIAL
INTRODUCTION Today’s Speakers: • Colin O’Malley, VP Strategic Partnerships & Programs, TRUSTe • Aislinn Hettermann, Sr. Manager, Network Quality, Yahoo! • Alissa Cooper, Chief Computer Scientist, CDT • Irina Doliov, Sr. Product Manager, TDP, TRUSTe
CONFIDENTIAL
2
ABOUT TRUSTe Colin O’Malley
CONFIDENTIAL
3
PRIVACY AND TRUST IN A NETWORKED WORLD
BUSINESSES CONSUMERS
Need to Demonstrate Compliance with Privacy Best Practices to Gain Consumer Trust
Look to Identify Trustworthy Online Businesses
REGULATORS Want Enforcement and Compliance Assurance
4
A GAP IN CONSUMER TRUST
Consumers’ Need for Trust Rising
80% 40% Concerned About Privacy Look for PrivacyIdentity 50% of Policies / Seals Theft Shoppers Don’t Purchase Online Consumer Phishing Concern Affecting Buying
Hacking CONFIDENTIAL
Sources: Forester Research, October 2006, Pew Internet Research, May 2005, TNS/TRUSTe Survey, Spring 2007
5
History •
Independent trust authority headquartered in San Francisco – Formed in 1997 by EFF, CommerceNet, and a number of leading Internet companies - Microsoft, Intel, IBM, AOL, Excite – Washington, DC gov’t affairs office 1997
•
Celebrated 10 Year Anniversary
•
Approach – – – – –
Widely accepted privacy best practices Elevate responsible players Help consumers identify who they can trust Supplement legislation and regulation Address emerging privacy vulnerabilities and threats
2007
Trusted Download Program
CONFIDENTIAL
7
Program Objectives • • • •
Promote meaningful notice and control for consumers Establish industry-wide standards for software publishers Identify trustworthy software for distributors and advertisers Bring transparency and accountability to affiliate and distribution relationships
CONFIDENTIAL
8
Market Incentives
Advertisers and Ad Networks
Content Aggregators and Consumer Portals
Anti-Spyware Software
Incentives =$ = Install = Ratings
CONFIDENTIAL
Certified Application
9
Client Outputs •
Whitelist – Used by industry to determine where to deliver partnerships, distribution, and ad dollars
•
Seal – Boost conversions on your landing page
•
Consultative service – Detailed guidance from the leading authority on best practices
CONFIDENTIAL
10
Fighting Spyware: Enforcement and Anti-Spyware Tools
Alissa Cooper Chief Computer Scientist
Enforcement
FTC Enforcement
”I figured out a way to install a exe without "It's immoral, but the money makes it any userJeanson interaction. This is the time to make right.” James Ancheta $$$ while we can.” Sanford Wallace
State Enforcement
Department of Justice Enforcement
"It's immoral, but the money makes it right.� Jeanson James Ancheta
Technology
Anti-Spyware Coalition Work Definitions Risk
Model
Best
Practices
Benefits to Software Industry
Sony Rootkit -- 2005
AS vendors asked how to justify decision to flag software as “potentially unwanted.”
Non-ASC member referred to ASC definitions.
Litigation Against AS Vendors -- Ongoing
One judge has held that offering services to screen unwanted content immunizes AS vendor from mislabeling claims.
Sets precedent that AS vendors cannot be intimidated into changing their minds about what gets flagged -- which means they can continue to leverage work of ASC, TRUSTe, etc.
TDP PROGRAM REQUIREMENTS Irina Doliov
Anatomy of a “Trusted” Download • • • • •
Notice Consent Easy, Clean Uninstall Distribution and Promotion Practices Absolute No-No’s
CONFIDENTIAL
23
Notice • Primary Notice – – – – – –
Presented to the user during the installation process Unavoidable Written in plain language Explains what the user is downloading – the value proposition Links to Reference Notice(s) For advertising or tracking software • Types of ads and when displayed (pop-ups?) • If ads for adult content will be shown • Description of PII collected, uses of PII, sharing policies
• Reference Notice(s) – EULA, Privacy Policy, Terms of Use
CONFIDENTIAL
24
Consent • The language used to describe Users’ options to consent to install must be plain and direct. • EULAs and "opt-out" mechanisms are insufficient for providing notice and obtaining consent. • The option to consent should not be the default option – Should not be able to hit “enter” all the way through the install process.
• The option to decline consent to install software should be of equal prominence to the option to consent to the installation.
CONFIDENTIAL
25
Primary Notice and Consent
CONFIDENTIAL
26
Uninstall • Instructions must be easy to find and easy to understand • Methods for uninstalling must be available in places where consumers are accustomed to finding them, such as Add/Remove Programs feature in the Windows Control Panel • Uninstallation must remove all files associated with the particular application being uninstalled • Cannot be contingent on a consumer's providing Personally Identifiable Information, unless that information is required for account verification.
CONFIDENTIAL
27
Affiliate Promotion and Distribution
Less Risk
More Risk
The risk in this model depends on the level of control: Distributor initiates the download but executable controlled by the software publisher (via “stub installer”)
Distributors host the executable and serve notices
Affiliates drive traffic to a landing page where participant controls all aspects of download process
Download initiated on affiliates’ sites
Less Risk
CONFIDENTIAL
More Risk
28
Unacceptable Behaviors UInducing the user to install software onto computer or preventing efforts to block installation UTaking control of a consumer’s computer UModifying security settings UCollecting personally identifiable information (PII) through the use of keystroke logging or intentional misrepresentation UDefrauding, misleading, consumers, affiliates, merchants, advertisers, or other software publishers
CONFIDENTIAL
29
Lessons From a Year in the Trenches • •
Our lawyer is insane. Do not tangle with him. Controlling distributors takes an active effort – A contract is not enough as there are incentives ($$) for abuse but low possibility of getting caught – Requires proactive, ongoing monitoring • Are the correct (or any) disclosures being served to consumers • Are consumers being presented with opportunity to provide consent • Is the download being promoted on approved locations
– Technological control over the consent process • Referral URL’s, consent mechanism
– Solutions to verify validity of downloads • Audit download rate patterns, provide oppty for consumers to complain
CONFIDENTIAL
30
Lessons Learned (con’t) •
Clean uninstall means: – Remove/reverse ALL files, including hidden files, registry entries, cookies, settings – Where there’s a legitimate reason to leave assets behind (e.g. fraud-prevention), disclose it.
•
Bad behaviors include: – Fraud against consumers, affiliates, merchants, advertisers, software publishers, or any other third parties – “Cookie Stuffing”, “Affiliate Fraud”, “Shopping cart hijacking”, “forced clicks or redirects”
CONFIDENTIAL
31
The Reward for being “Trusted” •
TDP Seal at the point of download lifts conversions: – In testing, a TRUSTe seal was a “high influence” factor out of 16 factors on the test page.
•
TRUSTe TDP Seal resulted in a 4.5% lift in conversions over not having a TDP Seal.
CONFIDENTIAL
32
Questions? Colin O’Malley VP Strategic Partnerships & Programs
TRUSTe 415.520.3408 colin@truste.org
Aislinn Hettermann Sr. Manager, Network Quality Yahoo! 818.524.5768 butlera@yahoo-inc.com
Alissa Cooper Chief Computer Scientist CDT 202.637.9800 acooper@cdt.org Irina Doliov Sr. Product Manager, TDP TRUSTe 415.520.3438 idoliov@truste.org
For additional information about the Trusted Download Program, contact: Heather Dorso at (415) 520-3405 or hdorso@truste.org
CONFIDENTIAL
33