Trusted Download Program:
A Year in the Trenches
How Trusted Downloads Make More Money
May 8, 2008
CONFIDENTIAL

INTRODUCTION
Today’s Speakers:
• Colin O’Malley, VP Strategic Partnerships & Programs, TRUSTe
• Aislinn Hettermann, Sr. Manager, Network Quality, Yahoo!
• Alissa Cooper, Chief Computer Scientist, CDT
• Irina Doliov, Sr. Product Manager, TDP, TRUSTe
CONFIDENTIAL 2

ABOUT TRUSTe
Colin O’Malley
CONFIDENTIAL 3

PRIVACY AND TRUST IN A NETWORKED WORLD
BUSINESSES
CONSUMERS Need to Demonstrate Compliance with
Look to Identify Trustworthy Online Privacy Best Practices to Gain
Businesses Consumer Trust
REGULATORS
Want Enforcement and
Compliance Assurance
4

A GAP IN CONSUMER TRUST
Consumers’
Need for Trust
Rising
80%
Concerned 40%
About Privacy Look for Privacy 50% of
Policies / SealsIdentity
Theft Shoppers Don’t
Purchase Online
Consumer
Phishing Concern Affecting
Buying
Sources: Forester Research, October 2006, Pew Internet Research, May 2005,
TNS/TRUSTe Survey, Spring 2007
Hacking
CONFIDENTIAL 5

History
• Independent trust authority headquartered in San Francisco
– Formed in 1997 by EFF, CommerceNet, and a number of leading Internet
companies - Microsoft, Intel, IBM, AOL, Excite
– Washington, DC gov’t affairs office
1997 2007
• Celebrated 10 Year Anniversary
• Approach
– Widely accepted privacy best practices
– Elevate responsible players
– Help consumers identify who they can trust
– Supplement legislation and regulation
– Address emerging privacy vulnerabilities and threats

Trusted Download Program
CONFIDENTIAL 7

Program Objectives
• Promote meaningful notice and control for consumers
• Establish industry-wide standards for software publishers
• Identify trustworthy software for distributors and advertisers
• Bring transparency and accountability to affiliate and distribution
relationships
CONFIDENTIAL 8

Market Incentives
Content
Advertisers
Aggregators and Anti-Spyware
and
Consumer Software
Ad Networks
Portals
Incentives
=$
= Install
Certified
= Ratings Application
CONFIDENTIAL 9

Client Outputs
• Whitelist
– Used by industry to determine where to deliver
partnerships, distribution, and ad dollars
• Seal
– Boost conversions on your landing page
• Consultative service
– Detailed guidance from the leading authority on best
practices
CONFIDENTIAL 10

Fighting Spyware:
Enforcement and Anti-Spyware Tools
Alissa Cooper
Chief Computer Scientist

Enforcement

FTC Enforcement

”I figured out a way theinstall a exe without
"It's immoral, but to money makes it
any userJeanson James is the time to make
right.” interaction. This Ancheta
$$$ while we can.” Sanford Wallace

State Enforcement

Department of Justice Enforcement

"It's immoral, but the money makes it
right.” Jeanson James Ancheta

Technology

Anti-Spyware Coalition Work
Definitions
Risk Model
Best Practices

Benefits to Software Industry
Sony Rootkit -- 2005
AS vendors asked how to justify decision to flag software as
“potentially unwanted.”
Non-ASC member referred to ASC definitions.
Litigation Against AS Vendors -- Ongoing
One judge has held that offering services to screen unwanted content
immunizes AS vendor from mislabeling claims.
Sets precedent that AS vendors cannot be intimidated into changing
their minds about what gets flagged -- which means they can
continue to leverage work of ASC, TRUSTe, etc.

TDP PROGRAM REQUIREMENTS
Irina Doliov

Anatomy of a “Trusted” Download
• Notice
• Consent
• Easy, Clean Uninstall
• Distribution and Promotion Practices
• Absolute No-No’s
CONFIDENTIAL 23

Notice
• Primary Notice
– Presented to the user during the installation process
– Unavoidable
– Written in plain language
– Explains what the user is downloading – the value proposition
– Links to Reference Notice(s)
– For advertising or tracking software
• Types of ads and when displayed (pop-ups?)
• If ads for adult content will be shown
• Description of PII collected, uses of PII, sharing policies
• Reference Notice(s)
– EULA, Privacy Policy, Terms of Use
CONFIDENTIAL 24

Consent
• The language used to describe Users’ options
to consent to install must be plain and direct.
• EULAs and "opt-out" mechanisms are
insufficient for providing notice and obtaining
consent.
• The option to consent should not be the
default option
– Should not be able to hit “enter” all the way through
the install process.
• The option to decline consent to install
software should be of equal prominence to
the option to consent to the installation.
CONFIDENTIAL 25

Primary Notice and Consent
CONFIDENTIAL 26

Uninstall
• Instructions must be easy to find and easy to
understand
• Methods for uninstalling must be available in places
where consumers are accustomed to finding them, such
as Add/Remove Programs feature in the Windows
Control Panel
• Uninstallation must remove all files associated with the
particular application being uninstalled
• Cannot be contingent on a consumer's providing
Personally Identifiable Information, unless that
information is required for account verification.
CONFIDENTIAL 27

Affiliate Promotion and Distribution
The risk in this model depends on the level of control:
Distributor initiates the download but Distributors host the
More Risk
executable controlled by the executable and serve
software publisher (via “stub notices
installer”)
Affiliates drive traffic to a landing Download initiated on
page where participant controls all affiliates’ sites
Less Risk
aspects of download process
Less Risk More Risk
CONFIDENTIAL 28

Unacceptable Behaviors
Inducing the user to install software onto computer or preventing
efforts to block installation
Taking control of a consumer’s computer
Modifying security settings
Collecting personally identifiable information (PII) through the
use of keystroke logging or intentional misrepresentation
Defrauding, misleading, consumers, affiliates, merchants,
advertisers, or other software publishers
CONFIDENTIAL 29

Lessons From a Year in the Trenches
• Our lawyer is insane. Do not tangle with him.
• Controlling distributors takes an active effort
– A contract is not enough as there are incentives ($$) for abuse but low
possibility of getting caught
– Requires proactive, ongoing monitoring
• Are the correct (or any) disclosures being served to consumers
• Are consumers being presented with opportunity to provide consent
• Is the download being promoted on approved locations
– Technological control over the consent process
• Referral URL’s, consent mechanism
– Solutions to verify validity of downloads
• Audit download rate patterns, provide oppty for consumers to complain
CONFIDENTIAL 30

Lessons Learned (con’t)
• Clean uninstall means:
– Remove/reverse ALL files, including hidden files, registry
entries, cookies, settings
– Where there’s a legitimate reason to leave assets behind (e.g.
fraud-prevention), disclose it.
• Bad behaviors include:
– Fraud against consumers, affiliates, merchants, advertisers,
software publishers, or any other third parties
– “Cookie Stuffing”, “Affiliate Fraud”, “Shopping cart hijacking”,
“forced clicks or redirects”
CONFIDENTIAL 31

The Reward for being “Trusted”
• TDP Seal at the point of download lifts conversions:
– In testing, a TRUSTe seal was a “high influence” factor out of 16
factors on the test page.
• TRUSTe TDP Seal resulted in a 4.5% lift in conversions over not
having a TDP Seal.
CONFIDENTIAL 32

Questions?
Colin O’Malley Alissa Cooper
VP Strategic Partnerships & Programs Chief Computer Scientist
TRUSTe
CDT
415.520.3408
202.637.9800
colin@truste.org
acooper@cdt.org
Aislinn Hettermann Irina Doliov
Sr. Manager, Network Quality Sr. Product Manager, TDP
Yahoo! TRUSTe
818.524.5768 415.520.3438
butlera@yahoo-inc.com idoliov@truste.org
For additional information about the Trusted Download Program, contact:
Heather Dorso at (415) 520-3405 or hdorso@truste.org
CONFIDENTIAL 33