Is There a Need for Trust Seals?

Some independent group and company are awarding trust seals to websites: A Privacy and Security trust seals. This does not mean that you need to trust anything that has their seals because one of the security and privacy rule of thumb is to Trust No One until you're done with your research and investigation. Like firewall and anti-malware software that monitors application and network activity, we should not quickly trust anything until we’re done with some kind of privacy and security checklist.

Note that most of these trust seals is easy to get especially if you will pay the required fee and the trust seal providers have their own guidelines or policy before you can get a Trust seal.

TRUSTe is offering several types of privacy seal: Web Privacy Seal, E-mail Privacy Seal, EU Safe Harbor Seal, Japan Privacy Seal and Children’s Privacy Seal.

It’s nice to see them provide a page that has online and complete listing of company or website that carries some or any of TRUSTe seals and they encourage you to report to their WatchDog, if you find anyone using the TRUSTe seal but they are not listed as TRUSTe members. Example, I noticed today that KCSoftwares.com is displaying the TRUSTe logo even though they are not listed as TRUSTe member. A logo is different from a seal. KCSoftwares.com seems describing only that the known spyware on their software, Relevant Knowledge is a TRUSTe Certified Tracking Software. Still I don’t see a reason for KCSoftwares.com to display the logo in lower area of the page because it can mislead end-users (they might think that KCSoftwares.com is a TRUSTe member and not all end-users are aware on what type of logo or seal is allowed to be use by any website).

TRUSTe also provide WatchDog Advisories to alert you on any website that is under investigation or any information that might help you to decide before trusting a site.

Other services by TRUSTe are: Trusted Download Programs that received their certification and TRUSTe Site Reputation Services.

Trust Guard’s seal is not only about privacy seal but also security and business seals:

• Security Seals: Daily or Quarterly Payment Card Industry (PCI) Scanned Seals that will scan the IP address or website of an entity to ensure that it’s not vulnerable and are malware free. They also offer Security Verified Seal which is not scanned but verification only that the company’s information is correct and valid
• Privacy Seal: Ensuring that the site is up to Trust Guard's privacy standards and leading privacy organizations
• Business Seal: Trust Guard Business Verified Seal will check if the applicant can be contacted fast by their customer and the business information has been verified by Trust Guard.

Yes, there is a need for trust seal because it helps build confidence but the trust seal providers should continue to improve their service by:

• Suspending at once any of their trust seal carrier or holder while investigating a positive report
• Educating the business or trust seal holders is good but trust seal providers or issuers should not certify or trust the obvious offenders e.g. the offender have signed the agreement and yet, it has bad practices
• The downloads from trusted vendors should not receive any positive malware detection by trusted malware scanners
• Continue to monitor the usage of trust seal by members
• Review their trust and certification policies all the time and revise when needed

Trust can be achieved from your customers (whether you have a trust seal or not!) but if you prefer to add a trust seal that is free of charge, below are few of the providers that provide free Trust Seal:

• Trusted-site.org – There are 5 Trust level to gain but it depends on provided documents that you would like them to verify.
• Family Online Safety Institute – this is offering Internet Content Rating Association (ICRA) label for webmasters.

Trust seals should not be the only basis by end-users before you will trust a business or website because there are reports that trust seals can be spoofed and misused. Another reason to not to base your decision on trust seals is some malware scanner will report spyware or malware on programs offered by websites that is carrying such Trust seals.

Also, the Trust seal’s policy on who to be certified and trust is maybe different from yours and your company’s policy so it’s best to do your own research or read any feedback by others because there are people in the privacy and security community sharing their experience and analysis on particular website, company or application. Example of community that will help you decide before trusting a website or entity is Web of Trust. You don’t have to pay to be trusted!