Today, TRUSTe announced a new program to certify software.  It’s focused primarily on adware.

Here’s the idea:

It’s a whitelist of programs that have passed certification.  These programs can then access ostensibly broader networks of distribution because they have passed the certification.

This well-intentioned move does have some meat to it. You can see the influence of the Center for Democracy and Technology (CDT) on the documents.  These are not “light” requirements.  The requirements are actually fairly stringent and from that standpoint, I’m impressed.

From the TRUSTe site:

To be placed on the whitelist, adware and trackware must prominently disclose the types of advertising that will be displayed, personal information that will be tracked, and user settings that may be altered, and must obtain user opt-in consent for the download. An easy uninstall with clear instructions must be provided, and advertisements must be labeled with the name of the adware program. Program participants must maintain separate advertising inventory for users of certified applications. To move legacy users to certified advertising inventory, they must obtain new opt-in consent.

Executive summary here.  Full requirements document here. (These are Word docs that I can only presume are safe.  I really wish they would have used PDF!)

So what’s the problem? I’m concerned that Truste is, in effect, legitimizing adware and that’s a bigger issue.

The larger, “mainstream” adware companies such as Claria and WhenU (assuming they get certified) will now have the ability to greatly increase their distribution network, under the cloak of “certification”.

Now, this is not a certification that’s outward facing — it’s a whitelist used by web sites owners to determine if the app is “acceptable” to put on their site.  

Hmmm…ok.  Let’s keep in mind that it’s still adware that will spawn ads in the user’s face.

It’s redolent of the CAN SPAM Act of 2003. It turns out that CAN SPAM really did mean that — you could spam.  CAN SPAM effectively created a safe-harbor for companies, when in fact, the question should be asked: Why are we getting the spam in the first place? 

Who needs adware in the first place?  What is the real quid-pro-quo that the user is getting?

Installing a program like Weatherbug, which displays advertisements inside its application (and is itself something that has real use), is a far cry from an application that spawns pop-ups while the user is surfing.  Or provides “targeted” search results.  No matter how much disclosure you layer on top of it, the user should be getting a fair exchange and there’s a lot of soft factors — will users really understand that search results, for example, might be sponsored and not actual organic results? 

Note I’m not an anti-advertising zealot.  But should we be even going down the slippery slope of effectively condoning adware as a concept?

Your thoughts are welcome.

Alex Eckelberry