Trusted Download Program:
A Year in the Trenches
How Trusted Downloads Make More Money



               May 8, 2008




C...
INTRODUCTION

Today’s Speakers:
• Colin O’Malley, VP Strategic Partnerships & Programs, TRUSTe
• Aislinn Hettermann, Sr. M...
ABOUT TRUSTe
Colin O’Malley



CONFIDENTIAL     3
PRIVACY AND TRUST IN A NETWORKED WORLD




                                                                       BUSINESS...
A GAP IN CONSUMER TRUST
                                                                              Consumers’
         ...
History

•   Independent trust authority headquartered in San Francisco
     – Formed in 1997 by EFF, CommerceNet, and a n...
Trusted Download Program




CONFIDENTIAL               7
Program Objectives


•    Promote meaningful notice and control for consumers
•    Establish industry-wide standards for s...
Market Incentives


                                  Content
                 Advertisers
                               ...
Client Outputs

•   Whitelist
     – Used by industry to determine where to deliver
       partnerships, distribution, and...
Fighting Spyware:
Enforcement and Anti-Spyware Tools




Alissa Cooper
Chief Computer Scientist
Enforcement
FTC Enforcement
”I figured out a way theinstall a exe without
   "It's immoral, but to money makes it
any userJeanson James is the time to...
State Enforcement
Department of Justice Enforcement
"It's immoral, but the money makes it
right.” Jeanson James Ancheta
Technology
Anti-Spyware Coalition Work
 Definitions
 Risk Model
 Best Practices
Benefits to Software Industry
 Sony Rootkit -- 2005
   AS vendors asked how to justify decision to flag software as
   “po...
TDP PROGRAM REQUIREMENTS
Irina Doliov
Anatomy of a “Trusted” Download

•   Notice
•   Consent
•   Easy, Clean Uninstall
•   Distribution and Promotion Practices...
Notice
• Primary Notice
   –   Presented to the user during the installation process
   –   Unavoidable
   –   Written in ...
Consent
 • The language used to describe Users’ options
   to consent to install must be plain and direct.
 • EULAs and "o...
Primary Notice and Consent




CONFIDENTIAL                 26
Uninstall
• Instructions must be easy to find and easy to
  understand
• Methods for uninstalling must be available in pla...
Affiliate Promotion and Distribution
       The risk in this model depends on the level of control:

              Distrib...
Unacceptable Behaviors
Inducing the user to install software onto computer or preventing
efforts to block installation
Tak...
Lessons From a Year in the Trenches

•   Our lawyer is insane. Do not tangle with him.
•   Controlling distributors takes ...
Lessons Learned (con’t)

•   Clean uninstall means:
    – Remove/reverse ALL files, including hidden files, registry
     ...
The Reward for being “Trusted”

•   TDP Seal at the point of download lifts conversions:
     – In testing, a TRUSTe seal ...
Questions?

Colin O’Malley                                  Alissa Cooper
VP Strategic Partnerships & Programs            ...
Trusted Download Program: A Year in the Trenches - How Trusted Downloads Make More Money
Upcoming SlideShare
Loading in …5
×

Trusted Download Program: A Year in the Trenches - How Trusted Downloads Make More Money

1,313 views

Published on

An outline of the advantages of certifying your downloadable software.

Published in: Technology, News & Politics
  • This will be very useful for my website... sometimes untrusted downloads make alot of money too ;) Thanks for this slide. Download Programs :P

    http://www.download-program.info
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Trusted Download Program: A Year in the Trenches - How Trusted Downloads Make More Money

  1. 1. Trusted Download Program: A Year in the Trenches How Trusted Downloads Make More Money May 8, 2008 CONFIDENTIAL
  2. 2. INTRODUCTION Today’s Speakers: • Colin O’Malley, VP Strategic Partnerships & Programs, TRUSTe • Aislinn Hettermann, Sr. Manager, Network Quality, Yahoo! • Alissa Cooper, Chief Computer Scientist, CDT • Irina Doliov, Sr. Product Manager, TDP, TRUSTe CONFIDENTIAL 2
  3. 3. ABOUT TRUSTe Colin O’Malley CONFIDENTIAL 3
  4. 4. PRIVACY AND TRUST IN A NETWORKED WORLD BUSINESSES CONSUMERS Need to Demonstrate Compliance with Look to Identify Trustworthy Online Privacy Best Practices to Gain Businesses Consumer Trust REGULATORS Want Enforcement and Compliance Assurance 4
  5. 5. A GAP IN CONSUMER TRUST Consumers’ Need for Trust Rising 80% Concerned 40% About Privacy Look for Privacy 50% of Policies / SealsIdentity Theft Shoppers Don’t Purchase Online Consumer Phishing Concern Affecting Buying Sources: Forester Research, October 2006, Pew Internet Research, May 2005, TNS/TRUSTe Survey, Spring 2007 Hacking CONFIDENTIAL 5
  6. 6. History • Independent trust authority headquartered in San Francisco – Formed in 1997 by EFF, CommerceNet, and a number of leading Internet companies - Microsoft, Intel, IBM, AOL, Excite – Washington, DC gov’t affairs office 1997 2007 • Celebrated 10 Year Anniversary • Approach – Widely accepted privacy best practices – Elevate responsible players – Help consumers identify who they can trust – Supplement legislation and regulation – Address emerging privacy vulnerabilities and threats
  7. 7. Trusted Download Program CONFIDENTIAL 7
  8. 8. Program Objectives • Promote meaningful notice and control for consumers • Establish industry-wide standards for software publishers • Identify trustworthy software for distributors and advertisers • Bring transparency and accountability to affiliate and distribution relationships CONFIDENTIAL 8
  9. 9. Market Incentives Content Advertisers Aggregators and Anti-Spyware and Consumer Software Ad Networks Portals Incentives =$ = Install Certified = Ratings Application CONFIDENTIAL 9
  10. 10. Client Outputs • Whitelist – Used by industry to determine where to deliver partnerships, distribution, and ad dollars • Seal – Boost conversions on your landing page • Consultative service – Detailed guidance from the leading authority on best practices CONFIDENTIAL 10
  11. 11. Fighting Spyware: Enforcement and Anti-Spyware Tools Alissa Cooper Chief Computer Scientist
  12. 12. Enforcement
  13. 13. FTC Enforcement
  14. 14. ”I figured out a way theinstall a exe without "It's immoral, but to money makes it any userJeanson James is the time to make right.” interaction. This Ancheta $$$ while we can.” Sanford Wallace
  15. 15. State Enforcement
  16. 16. Department of Justice Enforcement
  17. 17. "It's immoral, but the money makes it right.” Jeanson James Ancheta
  18. 18. Technology
  19. 19. Anti-Spyware Coalition Work Definitions Risk Model Best Practices
  20. 20. Benefits to Software Industry Sony Rootkit -- 2005 AS vendors asked how to justify decision to flag software as “potentially unwanted.” Non-ASC member referred to ASC definitions. Litigation Against AS Vendors -- Ongoing One judge has held that offering services to screen unwanted content immunizes AS vendor from mislabeling claims. Sets precedent that AS vendors cannot be intimidated into changing their minds about what gets flagged -- which means they can continue to leverage work of ASC, TRUSTe, etc.
  21. 21. TDP PROGRAM REQUIREMENTS Irina Doliov
  22. 22. Anatomy of a “Trusted” Download • Notice • Consent • Easy, Clean Uninstall • Distribution and Promotion Practices • Absolute No-No’s CONFIDENTIAL 23
  23. 23. Notice • Primary Notice – Presented to the user during the installation process – Unavoidable – Written in plain language – Explains what the user is downloading – the value proposition – Links to Reference Notice(s) – For advertising or tracking software • Types of ads and when displayed (pop-ups?) • If ads for adult content will be shown • Description of PII collected, uses of PII, sharing policies • Reference Notice(s) – EULA, Privacy Policy, Terms of Use CONFIDENTIAL 24
  24. 24. Consent • The language used to describe Users’ options to consent to install must be plain and direct. • EULAs and "opt-out" mechanisms are insufficient for providing notice and obtaining consent. • The option to consent should not be the default option – Should not be able to hit “enter” all the way through the install process. • The option to decline consent to install software should be of equal prominence to the option to consent to the installation. CONFIDENTIAL 25
  25. 25. Primary Notice and Consent CONFIDENTIAL 26
  26. 26. Uninstall • Instructions must be easy to find and easy to understand • Methods for uninstalling must be available in places where consumers are accustomed to finding them, such as Add/Remove Programs feature in the Windows Control Panel • Uninstallation must remove all files associated with the particular application being uninstalled • Cannot be contingent on a consumer's providing Personally Identifiable Information, unless that information is required for account verification. CONFIDENTIAL 27
  27. 27. Affiliate Promotion and Distribution The risk in this model depends on the level of control: Distributor initiates the download but Distributors host the More Risk executable controlled by the executable and serve software publisher (via “stub notices installer”) Affiliates drive traffic to a landing Download initiated on page where participant controls all affiliates’ sites Less Risk aspects of download process Less Risk More Risk CONFIDENTIAL 28
  28. 28. Unacceptable Behaviors Inducing the user to install software onto computer or preventing efforts to block installation Taking control of a consumer’s computer Modifying security settings Collecting personally identifiable information (PII) through the use of keystroke logging or intentional misrepresentation Defrauding, misleading, consumers, affiliates, merchants, advertisers, or other software publishers CONFIDENTIAL 29
  29. 29. Lessons From a Year in the Trenches • Our lawyer is insane. Do not tangle with him. • Controlling distributors takes an active effort – A contract is not enough as there are incentives ($$) for abuse but low possibility of getting caught – Requires proactive, ongoing monitoring • Are the correct (or any) disclosures being served to consumers • Are consumers being presented with opportunity to provide consent • Is the download being promoted on approved locations – Technological control over the consent process • Referral URL’s, consent mechanism – Solutions to verify validity of downloads • Audit download rate patterns, provide oppty for consumers to complain CONFIDENTIAL 30
  30. 30. Lessons Learned (con’t) • Clean uninstall means: – Remove/reverse ALL files, including hidden files, registry entries, cookies, settings – Where there’s a legitimate reason to leave assets behind (e.g. fraud-prevention), disclose it. • Bad behaviors include: – Fraud against consumers, affiliates, merchants, advertisers, software publishers, or any other third parties – “Cookie Stuffing”, “Affiliate Fraud”, “Shopping cart hijacking”, “forced clicks or redirects” CONFIDENTIAL 31
  31. 31. The Reward for being “Trusted” • TDP Seal at the point of download lifts conversions: – In testing, a TRUSTe seal was a “high influence” factor out of 16 factors on the test page. • TRUSTe TDP Seal resulted in a 4.5% lift in conversions over not having a TDP Seal. CONFIDENTIAL 32
  32. 32. Questions? Colin O’Malley Alissa Cooper VP Strategic Partnerships & Programs Chief Computer Scientist TRUSTe CDT 415.520.3408 202.637.9800 colin@truste.org acooper@cdt.org Aislinn Hettermann Irina Doliov Sr. Manager, Network Quality Sr. Product Manager, TDP Yahoo! TRUSTe 818.524.5768 415.520.3438 butlera@yahoo-inc.com idoliov@truste.org For additional information about the Trusted Download Program, contact: Heather Dorso at (415) 520-3405 or hdorso@truste.org CONFIDENTIAL 33

×