Most web surfers want to feel re-assured that they aren’t visiting unsafe websites. Unfortunately (without good security software) there’s often no way to be sure until it’s too late. But that doesn’t stop people from trying. In the last 5-10 years, websites have experimented with “security seals” (like TrustE) which claim to “certify” a website as being 100% safe. The idea is that people who see these seals on websites they visit can trust they aren’t being exposed to security risks.
However, as you’ll see below, these seals do not always prove that a website is safe:
For one thing, consumers must realize that trust seals are not awarded by the government or some impartial third-party. Companies like TrustE are for-profit corporations that charge money for the seals they hand out. In other words, they have a direct financial incentive to award as many certifications as possible (so as to earn more money.) Sometimes, this isn’t a problem. Many websites on the Internet genuinely do qualify as being totally safe and deserve the trust seal. However, Harvard researcher Ben Edelman points out that plenty of undeserving sites get these seals as well.
The result of his 2006 study?
“What do I find? In short, nothing good. I examine a sampling of 500,000+ top web sites, as reported by a major ISP. Of the sites certified by TRUSTe, 5.4% are untrustworthy according to SiteAdvisor’s data, compared with just 2.5% untrustworthy sites in the rest of the ISP’s list. So TRUSTe-certified sites are more than twice as likely to be untrustworthy.”
The whole point of a trust seal is making consumers feel safe on the websites carrying them. However, that’s not something that can be decided once and for all. The Internet is constantly changing, and a website that’s safe today might change ownership and become a spyware portal tomorrow.
Trust seal companies try to combat this problem by doing annual compliance checks. Unfortunately, security threats move too quickly to be caught by a few inspections a year. While these checks certainly do weed out a few bad apples, plenty of dangerous websites go right on bearing the trust seal and persuading unsophisticated people to do business there.
There is also the simple problem that many web users do not even see the privacy seals, much less know why they were issued or what they mean. Does the seal mean a website is spyware-free? That your personal data isn’t being sold to spammers? That there have been no complaints about the site recently? Realistically speaking, most of us neither know nor care to find out.
In most cases, it’s better to use proactive anti-virus software that simply tells you when you are on a dangerous website – and blocks it from doing any harm.
Easy To Clone
Another serious flaw in trust seals (like those from the Better Business Bureau) is that dishonest websites can simply steal them. Often times, these seals are nothing more than images that can be copied and pasted at will, whether a site truly earned it or not. Certainly, this is not the fault of TrustE or the Better Business Bureau or any other seal company. In fact, many of them actively try to discourage this from happening.
But the fact remains that it is comically easy to do and happens all the time. Most people are not going to painstakingly click on a seal and verify whether it’s legitimate. Clearly, this undermines the value of trust seals as a signal of who you can really trust.
It should also be pointed out that trust seals put the burden of staying safe squarely on consumers. You, the web surfer, are asked to treat every website as guilty until proven innocent by an easily cloned (and often wrongly granted) seal. But in reality, isn’t this the opposite of what most people want? After all, the problem isn’t the good websites who deserve trust seals – it’s the bad ones that don’t.
This is perhaps the biggest flaw with relying solely on trust seals to stay safe. A seal is constantly in “catch-up” mode, only able to punish violators after weeks or months of abuse and never out in front of new threats.
Not All Good Sites Have Seals
Additionally, there are plenty of legitimate, honest websites that, for one reason or another, don’t have trust seals. Maybe they couldn’t afford one. Maybe the website owner doesn’t even know they exist. Either way, the fact is that only a relatively small number of websites use trust seals. Are web surfers supposed to assume that any site without one is untrustworthy? If so, most of the Internet is immediately off-limits.
Obviously, this is not an effective or efficient way to stay safe online. Although a trust seal can provide extra peace of mind, it cannot and is not intended to serve as a crucial first line of defense against spyware, viruses or phishing attacks.