Relying on Partners
Part of the problem with the rating system is its reliance on the work of partner organizations such as TRUSTe, whose assessments of trustworthiness are flawed, Edelman and others argue. "If Netscapes list of trustworthy sites were perfect or even largely accurate, Netscapes new rating features could be of substantial assistance to users who dont otherwise know what sites to trust. But in fact Netscape has delegated its trust to partners whose trust endorsements are dubious at best," Edelman wrote in an article posted on his Web site. For one thing, TRUSTes list of trustworthy Web sites, which are allowed to display the TRUSTe seal, is a list of sites that adhere to that organizations strict information privacy practices. But the seal doesnt address the issue of software downloads, according to Fran Maier, executive director at TRUSTe.Aluria Software has taken heat over an adware deal. Click here to read more. TRUSTe is aware of the concern about unauthorized downloads and spyware, Maier said, adding that there need to be clear industry standards about issues such as disclosure prior to installation and practices for installation and removal. The organization is considering whether to develop a separate program to set guidelines about what constitutes "spyware-free" Web sites, but it hasnt yet committed to such a program. "Its an obvious area of consumer concern," Maier said. TRUSTe also forbids sites to display the organizations seal on pages that download the software, though that policy appears to have been broken, at least by HotBar.com, which clearly displays the TRUSTe logo on the installation page. AOL is reviewing a list of spyware sites that are on TRUSTes list of certified Web sites, Weinstein said. TRUSTe is also open to feedback from Internet users and will pull certification for sites that violate its policies, Maier said. Laws about what is and isnt acceptable practice for placing software on someone elses computer are murky at both the state and federal levels. A federal anti-spyware law is making its way through Congress. Spyware-specific laws aside, however, Edelman said many of the practices used by spyware vendors probably violate established trespass and contract law and are clearly unethical. "Spyware companies are putting software on your computer to make money and without getting your consent. Its not about what the law requires; you can just look at it and feel like this isnt right," he said. ´ Editors Note: This story was updated to clarify statements made by AOL spokesman Andrew Weinstein. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
"There are a lot of sites that download software. We cant say whether theyre all spyware. Its just not clear to us," Maier said.