Your thoughts on privacy certification?
July 6, 2009 7:50 PM   Subscribe

Are you specifically targeting highly technical slightly paranoid privacy crusaders? Because if you aren't, I'm not sure it really matters.

I almost never consider a site's privacy certification, and if I almost never, I assume that means that way more than 99% of your users will never ever consider it.
posted by willnot at 8:13 PM on July 6, 2009

seriously, the idea that your information is somehow less safe online than in the real world is idiotic to say the least. very few people are concerned about this sort of thing anymore. maybe it's stupid not to worry, but hey, you can't live your life in fear. i do not recognize the names eTrust or TRUSTe but would probably not give either a second thought if i thought the site i was on in the first place seemed legitimate.
posted by cvilleluke at 8:36 PM on July 6, 2009

I look for the "https", the URL to be sure I'm not being phished, and the lock in the corner so I know all the content is encrypted. After that, it's doesn't matter.

I'm not a security professional, but I know a lot more than a layman and I'm generally regarded as a bit paranoid. TRUSTe and eTrust are vaguely familiar name brands, but honestly I don't know what they are or care without doing some research. Which is automatically enough to make me think they exploit people into overpaying for a meaningless badge of trust. Which I have no proof of, just a feeling based on my experiences with web security.

Whenever I see a "This site certified 18 minutes ago by SecureSite" badge I figure it's either a fake or someone is paying way too much money for a false sense of security. There is no image you can put on a web site that will make me go "Oh, in that case I trust you," because I know how the technology works.
posted by Ookseer at 8:59 PM on July 6, 2009

TRUSTe has a wiki page (and has some connection to EFF), eTrust has none and a flimsy webpage. If I were comparing the two it's pretty obvious. I suspect both are basically selling gif's though.
posted by gensubuser at 9:15 PM on July 6, 2009

To be honest, any sort of "privacy seal" screams bush league to me.

This line, from the WP entry on TRUSTe — which seems like the more reputable organization (not that it's saying much) — really clinches it: "A survey conducted by Benjamin Edelman in January 2006 found that sites with TRUSTe certification were 50% more likely to violate privacy policies than uncertified sites."

I don't find that surprising in the least.

What I'd rather see is a prominently-placed privacy policy, written by you in plain but clear English, outlining exactly what data you collect, how you store and protect it, and what you will or won't do with it.

For an example of a fairly complex TOS that still manages to be readable, I like WordPress's. Avoid writing everything in the third person or with passive voice; it's really off-putting. If you have a privacy policy or TOS that sounds like it was written by a battalion of lawyers, I'm probably going to assume you're up to no good just on principle.
posted by Kadin2048 at 10:31 PM on July 6, 2009 [1 favorite]

I've done studies on this. Nobody cares. Save your money.
posted by rokusan at 11:14 PM on July 6, 2009

Nthing that no one could possibly care less. The "certification" is unenforceable and just something thrown on as an afterthought to attempt to lend credibility for typically shady or close-to-shady practices. And legitimate sites that get swindled into caring.
posted by disillusioned at 11:55 PM on July 6, 2009

When I see seals of certification as being "trusted", they're usually next to the "24 hour support" offered by questionable overseas merchants. As mentioned before, Https protocol, a clearly defined TOS, and a strong reputation for trustworthiness matter the most.

I use Firefox's WOT extension. If your site is anything but green, I'm going to assume you're a fly-by-night operation. If it is green, I'm still going to do a cursory check if I haven't heard of you.

Certification doesn't matter, performance does. Anybody who knows better will say the same, anybody who doesn't know better likely won't care either way.
posted by Saydur at 5:05 AM on July 7, 2009 [1 favorite]

Really, I don't care. I've probably had more personal data sold by TRUSTe certified retailers and other organizations than not - But it's just another logo. It probably sits, unclicked, next to the Verisign logo and other pieces of "look, we spent money on a gif!" flair.

So, if the choice boils down to which logo means more to me, there's no preference. But I also would never notice the absence of such a logo. And these days, I don't even bother reading privacy policies. I assume that whatever data I enter is going to be sold, and don't enter anything I don't want others to see.
posted by Rendus at 8:29 AM on July 7, 2009

This thread is closed to new comments.