Netscape's controversial new "Trust Rating" system risks giving favorable ratings to sites whose software is unpopular with users, typically showing extra ads without substantial user benefit. Even where Netscape's partners have revoked certification of certain web sites, Netscape continues to characterize those sites as trustworthy.
Netscape 8 includes a new "Trust Rating" system that attempts to tell users which sites are "safe." Netscape shows an on-screen indication when it believes a site to be trustworthy. As detailed in the security settings screen shown at right, Netscape also adjusts its security settings when it recognizes a site as "safe" -- letting a site use ActveX and switch to the IE rendering engine only if Netscape considers the site "safe."
Netscape's license agreement attempts to disclaim responsibility for the accuracy of the trust ratings Netscape shows:
"5. WEBSITE ALERT FEATURE. ... You agree that Netscape has no obligation to independently verify these website lists and Netscape takes no responsibility for their accuracy. You may use the notices generated from the watch lists at your convenience and discretion. You understand and agree that these watch lists ... may not be accurate."
If Netscape's list of trustworthy sites were perfect or even largely accurate, Netscape's new rating features could be of substantial assistance to users who don't otherwise know what sites to trust. But in fact Netscape has delegated its trust to partners whose trust endorsements are dubious at best. See the following screenshots, showing a few specific examples of Netscape's system certifying and recommending sites whose advertising software is often installed without informed consent or (in many instances) any consent at all. Such software tends to be unpopular with users --- and it's certainly not software that users would ordinarily describe as "trustworthy."
A Better Internet (Direct Revenue)
See also discussion at Spyware Warrior and Sunbelt Blog.
Update (June 5): After the initial posting of this article, I remarked at the oddness of Hotbar holding a TRUSTe certificate. Looking at Hotbar's site, I saw at least three apparent violations of TRUSTe rules: Hotbar had placed a "click-to-verify" seal throughout its site (though this logo is supposed to be only on the privacy page). Hotbar had placed a TRUSTe logo on a page offering downloadable software (specifically contrary to a TRUSTe rule). Hotbar had placed a TRUSTe logo on a page with an ActiveX popup that prevented users from clicking on the TRUSTe logo (to verify its validity), again contrary to TRUSTe rules.
I reported these problems to TRUSTe (including screenshots 1, 2), and on June 3 I received confirmation that Hotbar was in violation of TRUSTe's rules. TRUSTe's web site confirms that Hotbar's TRUSTe certification has been suspended. See the first screenshot below.
Yet Netscape 8 continues to treat Hotbar as a TRUSTe-certified site. See the second screenshot below, prepared after repeatedly restarting Netscape and after waiting substantially more than the one hour Netscape claims to require to update its trust database. I made this screenshot on June 5 -- more than two full days after TRUSTe revoked Hotbar's certificate.
Last Updated: June 5, 2005 - Sign up for notification of major updates and related work.