Sunbeltblog comments
You guys weren't the only ones that spotted a problem with these guys. Ben Edelman reports on this here:
http://www.benedelman.org/news/0...s/062907-
1.html
lol, i'm a noob, i didn't read that far into the blog post and didn't see u had already posted Mr Edelman's link LOL!
Hi All:
Yes, the interchange between Alex and TRUSTe's representative on the ASC panel that Alex moderated is indeed interesting. Here's the relevant excerpt, for those not inclined to deal with RealMedia -- after announcing that Sunbelt had evidence that ComScore's app was being installed through security exploits, Alex inquired as to how TRUSTe would handle such a situation:
(rtsp://media.law.harvard.edu:554/policy_b/2007/
06/27_berk_3.rm?cloakport=8888,554&start=33:31&
end=33:50)
---------------
Eckelberry: "So what if you have an application that is installing through an exploit? Do those guys go through a probationary process, or do they just get cut off? Are they just gone?"
O'Malley: "If they're installing through an exploit, that's covered in what's described in what we describe as our prohibited activities. That's not an activity that is acceptable by any level of notice, and so they're terminated immediately."
Eckelberry: "Good. OK."
---------------
That seems clear enough -- immediate termination -- and it was exactly what we in the anti-spyware community wanted to hear from TRUSTe.
Unfortunately, TRUSTe failed to deliver on that promise. Far from terminating ComScore, they've essentially decided to continue working with ComScore, provided ComScore spends a token amount of time in the "naughty corner." I'm sure ComScore is already reassuring potential investors and partners that the 3 month suspension is but a minor bump in the road and that the practical consequences for ComScore's relationship with TRUSTe -- which is the big draw for ComScore -- are minimal.
Who loses as a result? Consumers and web surfers ultimately, as ComScore will be allowed to continue plying its trade of surreptitious, underhanded installs of its RelevantKnowledge software to support some very aggressive and intrusive data collection on unsuspecting users' machines, all with PR cover from TRUSTe.
And let's not kid ourselves: the exploit installs that we reported to TRUSTe are all of piece with ComScore's software practices over the past several years -- this is hardly some new and surprising corner case involving a lone rogue affiliate that the company couldn't have know about. Any anti-malware researcher who's been around for a few years will be quite familiar with ComScore's installation practices.
At the end of the day, though, this case reflects very poorly on TRUSTe. The case was significant in that it was the first big public test of how well TRUSTe would perform when called to defend the standards that allegedly undergird the Trusted Download program. When push came to shove, though, TRUSTe demonstrated itself to be lacking the backbone to deliver on its word.
I'm sure the lesson won't be lost on other adware vendors. And it's just another illustration of why we at Sunbelt place no value whatsoever in TRUSTe's whitelisting and certifications when responding to complaints from adware vendors who want to get removed from CounterSpy's database.
Eric L. Howes
Sunbelt Software
...I am totally going to blog the ass off this.
Cloudeight Internet posted an article on TRUSTe 3 years ago in 2004...which pointed the finger at TRUSTe. Apparently it took Sunbelt three years to catch up.
http://thundercloud.net/infoave/...truste-
rant.htm
Free free to read our article dated September 4, 2004. TRUSTe didn't just start this monkey-business, you know. They've been putting profit above integrity for a long, long time.
TC
Apparently it took Sunbelt three years to catch up.
Yikes, that's a really harsh and unnecessary accusation.
TC, first, this about the Trusted Download Program, not the general privacy seal (which is what you wrote about).
We wrote about the Trusted Download program back in 2005:
http://sunbeltblog.blogspot.com/
...rtifcation.html
And here:
http://sunbeltblog.blogspot.com/...-on-
truste.html
And in other places (just search the blog for the term TrustE).
And remember that this blog only got started in February 2005.
Alex Eckelberry
Little late to the party here, but I had a similar conversation with Colin at the public workshop last month, regarding some behavior we'd observed from WeatherBug. He expressed interest in investigating the situation at the time, and I sent a follow-up email to him offering more information. I haven't heard boo from him since; I wonder if this is related, because they don't seem too worried about investigating my case either.
Commenting by HaloScan
