Netscape 8's "Trust Rating" System - Screenshots
Benjamin Edelman - Spyware Research, Legislation, and Suits

Netscape's controversial new "Trust Rating" system risks giving favorable ratings to sites whose software is unpopular with users, typically showing extra ads without substantial user benefit. Even where Netscape's partners have revoked certification of certain web sites, Netscape continues to characterize those sites as trustworthy.

 

Related Projects

180solutions & Affiliate Commissions

Advertisers Using WhenU

WhenU Violates Own Privacy Policy

Documentation of Gator Advertisements and Targeting

"Spyware": Research, Testing, Legislation, Suits

Other Research by Ben Edelman

Netscape 8's Site Controls configuration screen, granting bonus features to sites with a preferred trust rating.Netscape 8 includes a new "Trust Rating" system that attempts to tell users which sites are "safe." Netscape shows an on-screen indication when it believes a site to be trustworthy. As detailed in the security settings screen shown at right, Netscape also adjusts its security settings when it recognizes a site as "safe" -- letting a site use ActveX and switch to the IE rendering engine only if Netscape considers the site "safe."

Netscape's license agreement attempts to disclaim responsibility for the accuracy of the trust ratings Netscape shows:

"5. WEBSITE ALERT FEATURE. ... You agree that Netscape has no obligation to independently verify these website lists and Netscape takes no responsibility for their accuracy. You may use the notices generated from the watch lists at your convenience and discretion. You understand and agree that these watch lists ... may not be accurate."

If Netscape's list of trustworthy sites were perfect or even largely accurate, Netscape's new rating features could be of substantial assistance to users who don't otherwise know what sites to trust. But in fact Netscape has delegated its trust to partners whose trust endorsements are dubious at best. See the following screenshots, showing a few specific examples of Netscape's system certifying and recommending sites whose advertising software is often installed without informed consent or (in many instances) any consent at all. Such software tends to be unpopular with users --- and it's certainly not software that users would ordinarily describe as "trustworthy."

A Better Internet (Direct Revenue)     
shows popup ads based on
what web sites users view

 

eZula
adds advertising hyperlinks
to web pages users request

     

Hotbar
shows toolbar ads, popups,
and auto-opening sidebar

 

Webhancer
tracks what web
sites users visit

How did Netscape get into this mess? It seems that Netscape has delegated much of its ratings process to TRUSTe. But TRUSTe issues certificates merely on the basis of sites posting a web site privacy policy and agreeing to mediate disputes in a particular way. TRUSTe lacks serious enforcement procedures, and TRUSTe stands willing to certify a web site on the basis of its web site practices, even if the site serves primarily as a conduit for software (perhaps "spyware" or "adware") with practices inconsistent with the web site's privacy policy. So TRUSTe-certified sites may not be as trustworthy as the label suggests.

See also discussion at Spyware Warrior and Sunbelt Blog.


Update (June 5): After the initial posting of this article, I remarked at the oddness of Hotbar holding a TRUSTe certificate. Looking at Hotbar's site, I saw at least three apparent violations of TRUSTe rules: Hotbar had placed a "click-to-verify" seal throughout its site (though this logo is supposed to be only on the privacy page). Hotbar had placed a TRUSTe logo on a page offering downloadable software (specifically contrary to a TRUSTe rule). Hotbar had placed a TRUSTe logo on a page with an ActiveX popup that prevented users from clicking on the TRUSTe logo (to verify its validity), again contrary to TRUSTe rules.

I reported these problems to TRUSTe (including screenshots 1, 2), and on June 3 I received confirmation that Hotbar was in violation of TRUSTe's rules. TRUSTe's web site confirms that Hotbar's TRUSTe certification has been suspended. See the first screenshot below.

Yet Netscape 8 continues to treat Hotbar as a TRUSTe-certified site. See the second screenshot below, prepared after repeatedly restarting Netscape and after waiting substantially more than the one hour Netscape claims to require to update its trust database. I made this screenshot on June 5 -- more than two full days after TRUSTe revoked Hotbar's certificate.

TRUSTe has revoked Hotbar's certification    Netscape 8 continues to present hotbar.com as a trustworthy cite, notwithstanding TRUSTe's revocation of Hotbar's certificate.

 

Last Updated: June 5, 2005 - Sign up for notification of major updates and related work.