TRUSTe - What were you thinking?

Posted At : March 21, 2008 11:47 AM | Posted By : John Stottlemire
Related Categories: Coupons, Inc

A history

For the past several months I have been downloading and installing the coupon printer software offered by Coupons, Inc. in an attempt to determine exactly what information Coupons, Inc. collects about me and how that information is used.

February 15, 2007 TRUSTe certified Coupons, Inc.'s Coupon Printer software version 3.3.0.2 and placed Coupons, Inc.'s software on its Trusted Download Whitelist and claimed "The companies whose applications have passed the challenging certification process for the Trusted Download whitelist are all demonstrating a commitment to protecting consumer privacy...[b]y completely informing users about the particulars of the downloads they offer up front, the participating companies are increasing transparency and giving control to users." (See TRUSTe Publishes Initial Trusted Download Beta Program Whitelist)

May 15, 2007 the first version of Coupons, Inc.'s coupon printer software I tested was version 3.3.0.2. After making the results of that test public, I found myself served with a cause of action for violations of the Digital Millennium Copyright Act and other state law claims. The lawsuit filed against me by Coupons, Inc. prompted national media attention and resulted in independent testing of the coupon printer software by Professor Benjamin Edelman, Harvard Business School.

August 28, 2007 Professor Edelman confirmed my results and filed a Watchdog Complaint with TRUSTe, "an independent, nonprofit organization dedicated to enabling individuals and organizations to establish trusting relationships based on respect for personal identity and information in the evolving networked world." Professor Edelman's motivation for filing the Watchdog Complaint was simple, Coupons, Inc. was in violation of several sections of the TRUSTe Trusted Download Agreement.

September 20, 2007, after reviewing Professor Edelman's Watchdog Complaint, TRUSTe issued mandates to Coupons, Inc., published the mandates on September 20, 2007, and gave Coupons, Inc. 90 days to comply with the mandates. These mandates included a modification to Coupons, Inc.'s End User License Agreement, renaming deceptively named, hidden files and registry keys to comply with the requirements of TRUSTe's Trusted Download Program and removal of the deceptively named, hidden files and registry keys from consumer's computers.

November 16, 2007, during this 90 day period, Coupons, Inc. released several different versions of its coupon printer software and changed the version number to 4.0.0.2. Release of version 4.0.0.2 prompted me to file an independent Watchdog Complaint on or about November 16, 2007 and asked the question "During this 90 day period is Coupons, Inc. allowed to continue business as usual?" as version number 4.0.0.2 introduced new deceptively named registry keys into the mix. As a result of my inquiry, TRUSTe maintains an open Watchdog Complaint initiated by me against Coupons, Inc. and promised "We will include your observations as part of our on-going monitoring and work with Coupons.com to bring their application into compliance with our Trusted Download program requirements."

February 22, 2008 I received an email from TRUSTe which states "[Coupons, Inc. has] completed changes to their software recently and we believe this resolves the issue (blog.truste.org has a blog entry update)." And asked me to respond by March 7, 2008 if I believed otherwise. Because of litigation with Coupons, Inc. and personal reasons, I requested TRUSTe extend my deadline of March 7, 2008 which they did on February 28, 2008. The February 28, 2008 email states, in part, "Thank you for notifying us that you need more time to evaluate the latest release by Coupons.com. We are extending the time available on this Watchdog complaint until March 28, 2008, and will plan to close this Watchdog complaint if we have not heard from you by then."

March 15, 2008 I reviewed the blog entry posted by TRUSTe and immediately began testing Coupons, Inc.'s software to determine the validity of TRUSTe's comments. Surprised at my findings, I published them and alerted TRUSTe.

March 18, 2008 Professor Edelman published findings similar to those I published confirming Coupons, Inc.'s continued non-compliance with TRUSTe's Trusted Download requirements.

March 19, 2008 TRUSTe, as a result of my blog entry, published a self-congratulatory statement and claims, "An old version of the software was accidentally put into production on [Coupons, Inc.'s] servers during a data center migration on the weekend of March 15th." TRUSTe further claims the issue has been resolved and once again, Coupons, Inc. is in compliance with TRUSTe's Trusted Download requirements. (I have proof that this "mistake" happened before March 1, 2008 however, TRUSTe has decided Coupons, Inc. is trustworthy enough to believe their explanation of events.).

March 20, 2008 Professor Edelman published findings which contradict TRUSTe's March 19, 2008 statement and claims "TRUSTe staff issued a biolerplate endorsement -- failing to identify shortcomings that would have been apparent in any careful analysis"

What were you thinking?

May 24, 2005 Coupons, Inc. files complaint in the Northern District of California in an attempt to chill information published in an online forum at Deal-A-GoGo. The information Coupons, Inc. attempted to chill included deceptively named registry keys and files located on a consumer's computer who use Coupons, Inc.'s coupon printer software. Jeffrey Weitzman who at the time was Coupons, Inc.'s President and Chief Operating Officer stated "These references -- now part of the public record -- pose serious risks to the anti-copying features of [Coupons, Inc.'s] technology...If viewed by consumers or [Coupons, Inc.'s] competitors, these references could irreparably harm the viability of [Coupons, Inc.'s] technology as well as [Coupons, Inc.'s] competitive position." (See Declaration of Jeffrey Weitzman.) These statements, along with Coupons, Inc.'s actions provide proof of Coupons, Inc.'s deceptive and hidden naming practices long before certification was given by TRUSTe in February 2007.

In May 2007 (three months after Coupons, Inc. received TRUSTe certification), I tested Coupons, Inc.'s software and concluded Coupons, Inc was in violation of TRUSTe trusted download requirements. TRUSTe agreed in September 2007. The software I tested was identical to software tested by TRUSTe prior to TRUSTe certification. TRUSTe claims part of the certification process includes "test[ing] the operation and behavior of the software with testing partner AppLabs Technologies." However, TRUSTe and TRUSTe's testing partner obviously did not test the software as diligently as they should have, or simply turned a blind eye toward Coupons, Inc.'s coupon printer software. I'm unsure which of these statements are true, however recent events makes me believe that TRUSTe does not currently have the resources in place to fully test software which it places on its "Whitelist"

In February 2008 TRUSTe again proclaims Coupons, Inc. is in compliance of the requirements of the TRUSTe Trusted Download program and again TRUSTe falls short of fully testing Coupons, Inc.'s software. Coupons, Inc.'s current software, which TRUSTe claims is compliant still uses a deceptively named random registry key hidden in the windows registry in a place it obviously does not belong and further hides a deceptively named file which collects pseudonymous data about a consumer's computer in the windows or windows system32 directory, again a random decision. This activity, I documented on February 18, 2008 as a response to third party inquiries and not as a part of a TRUSTe Watchdog Complaint. (See No matter what I do, coupons.com always recognizes me as a returning user.)

Has TRUSTe ever fully tested software distributed by Coupons, Inc.? Coupons, Inc. has practiced the act of deception since at least May 24, 2005 however TRUSTe's own testing did not uncover this blatant fact. Three months after TRUSTe certified Coupons, Inc. as one of the first eight "downloadable applications that have been certified for the Trusted Download whitelist" the software TRUSTe certified was found to be in violation of SEVERAL requirements of the Trusted Download Program. And again, one short month after TRUSTe claims Coupons, Inc. is in full compliance of the TRUSTe Trusted Download Program, third parties uncover further deception along with Coupons, Inc.'s collection of pseudonymous data in violation of the TRUSTe Trusted Download Program.

I leave you with the following questions that hopefully will be answered by TRUSTe:

  1. Why did TRUSTe certify Coupons, Inc. for the Trusted Download Whitelist on February 15, 2007?
  2. Did TRUSTe fully test Coupons, Inc.'s software PRIOR to adding it to the Trusted Download Whitelist on February 15, 2007?
  3. IF TRUSTe fully tested Coupons, Inc.'s software PRIOR to adding it to the Trusted Download Whitelist, why did TRUSTe miss the blatant shortcomings documented by myself and Professor Edelman?
  4. Why did TRUSTe claim Coupons, Inc. met mandates TRUSTe issued on September 20, 2007 as a result of Professor Edelman's Watchdog Complaint?
  5. Did TRUSTe fully test Coupons, Inc.'s software PRIOR to claiming Coupons, Inc. had met the mandates issued on September 20, 2007?
  6. IF TRUSTe fully tested Coupons, Inc.'s software PRIOR to claiming Coupons, Inc. had met the mandates issued on September 20, 2007, why did TRUSTe miss the remaining random registry key?
  7. IF TRUSTe fully tested Coupons, Inc.'s software PRIOR to claiming Coupons, Inc. had met the mandates issued on September 20, 2007, why did TRUSTe miss the newly introduced file which is deceptively named, deceptively hidden, not removed upon uninstall and the file's true function.

My Opinion

Through this entire process, I now conclude TRUSTe does not maintain the resources required to fully test and certify third party applications as "TRUSTED" or TRUSTe has no desire to fully test third party applications to ensure they are in compliance of the standards they have set to achieve Trusted Download Whitelist status, and even worse TRUSTe has not issued a statement concerning these shortfalls.

Quite frankly, TRUSTe CANNOT BE TRUSTED.

Comments (0) | Send | del.icio.us | Digg It! | Linking Blogs | 294 Views
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)

There are no comments for this entry.

[Add Comment]
reserve-cystic