Posts

ZEDO Makes Online Trust Alliance Honor Roll for 5th Consecutive Year

For the fifth year in a row, ZEDO and its subsidiary ZINC have made the Online Trust Alliance Honor Roll. The Online Trust Alliance (OTA), is an Internet Society initiative with the mission to promote best practices for online trust.  The 2017 Online Trust Audit & Honor Roll –  is the de facto standard for recognizing excellence in online consumer protection, data security and responsible privacy practices.

“Data is the ‘oil’ of the Internet economy. It is fueling innovation, growth and revenue. At the same time, if abused there is a risk of data spills, negatively impacting user expectations and ultimately the Internet at-large,” said OTA Founder and Chairman Emeritus, Craig Spiezle. “The OTA Trust Audit & Honor Roll underscores the urgency to embrace responsible security and privacy practices. Failure risks a long-term impact to the Internet.”

OTA observed the emergence of an alarming three-year trend:  sites either qualify for the Honor Roll or fail the Audit. In other words, sites increasingly either take privacy and security seriously and do well in the Audit, or lag the industry significantly in one or more critical areas.

Although ZEDO is not a consumer-facing site, we participate in the Audit to be sure we’re doing the best we can do for our customers and partners. If you read the press release notes, you will find that if ZEDO were an actual consumer-facing site, it would be among the top 50 in security and privacy protection. Ironically, the banking community scores lowest in best security practices.

 

“Despite ratcheting up the criteria needed to qualify for the 2017 Honor Roll, it was encouraging to see the highest percentage of recipients since OTA began the Trust Audit nine years ago,” said Spiezle. “While OTA congratulates all Honor Roll recipients, many others have a long way to go to ensuring and embracing acceptable security and privacy practices.”

Industry Highlights
From best to worst performing industries:

  • Consumer Services: This industry was again the best performing with 76 percent making the Honor Roll this year. This segment accounted for 26 of the top 50 consumer-facing sites (52 percent).
  • Internet Retailers: Fifty-one percent of the top 500 Internet retailers made the Honor Roll, a significant improvement over last year’s score of 44 percent. This segment accounted for 10 of the top 50 consumer-facing sites (20 percent).
  • News & Media: Forty-eight percent of news and media sites made the Honor Roll this year, the most significant improvement over the previous year across all industries. In 2016, media and news sites were the worst performing sector with only 23 percent making the Honor Roll. This segment accounted for three of the top consumer-facing 50 sites (6 percent).
  • ISPs, Carriers, Hosters & Email Providers: Forty-six percent of companies in this new 2017 category made the Honor Roll. This segment accounted for seven of the top 50 consumer-facing sites (14 percent).
  • Government: Thirty-nine percent of audited U.S. federal government sites made the Honor Roll. This was a significant decrease from 46 percent in 2016. 60 percent received failing grades
  • FDIC 100 Banks: The percent of FDIC 100 banks making the Honor Roll saw the biggest drop in 2017, going from 55 percent in 2016 to 27 percent. This sector had shown consistent, significant improvement in their Honor Roll score up to 2016 before plummeting this year predominantly due to increased breaches, low privacy scores and low levels of email authentication. 65 percent received failing grades.

“OTA’s Audit continues to drive awareness and recognition about the importance of responsible data security and ethical privacy practices,” said Internet Society Chief Internet Technology Officer, Olaf Kolkman. “The increase in sites embracing end-to-end encryption shows it is becoming the norm for site traffic.”
To qualify for Honor Roll status, a website must receive a composite score of 80 percent or better and a score of at least 60 percent in three categories: 1) domain, brand and consumer protection, 2) site security and resiliency and 3) data protection, privacy and transparency. Failing any one category automatically caused a site to fail overall. OTA expanded the 2017 methodology with additional criteria, telemetry and data fidelity addressing today’s security threat and privacy landscape. OTA analyzed websites between mid-April and the end of May 2017. It estimates that it analyzed more than 500 million email headers and approximately 100,000 web pages.

The 2017 report was funded in part by grants from Symantec and Verisign. Data providers included Agari, DigiCert, Disconnect, Distil Networks, Ensighten, High-Tech Bridge, Infoblox, Malwarebytes, Microsoft, Risk Based Security, SecurityScorecard, SiteLock, Qualys SSL Labs, Symantec, ValiMail and Verisign.

 

About OTA:

The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. Its goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users’ security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, and meaningful self-regulation and data stewardship. Its members and supporters include leaders spanning the public policy, technology, ecommerce, social networking, mobile, email and interactive marketing, financial, service provider, government agency and industry organization sectors.

The Right of a Consumer to Privacy on the iPhone

As the Apple debate continues to spark reaction, we can’t help but wonder what effect this case will have on the advertising ecosystem. If you haven’t been keeping up, the US government has ordered Apple (through court order) to create a small piece of software that will override the strong encryption of a phone used by one of the San Bernardino shooters. The phone, owned by the man’s employer, had been backed up to the cloud fairly recently, and that information had already been made available to the government. What the government wanted was simply some recent information.

Apple refused. Last Friday it filed a brief with the court challenging the order, saying that

 “This is not a case about one isolated iPhone,” writes Apple attorney Marc Zwillinger in today’s brief. “Rather, this case is about the Department of Justice and the FBI seeking through the courts a dangerous power that Congress and the American people have withheld: the ability to force companies like Apple to undermine the basic security and privacy interests of hundreds of millions of individuals around the globe.”

Read the Wired article if you are interested in more detail. For us, the major questions have to do with the global impact of this order on Apple, and the effect of “hacking” the iPhone on the already fragile mobile advertising ecosystem in which we participate.

There are many countries in the world where trust in government is not presumed. Many of those countries have hundreds of millions of people who have come on line trusting privacy; they’re not sophisticated computer users. Part of Apple’s success in some emerging markets has been its emphasis on privacy and security. Apple has declared that creating the software to help the government risks that piece of code getting out in the wild and being abused. Apple also believes that if it gives in the US government, it will have not a leg to stand on when other, less representative governments demand access to an individual’s phone.

Most important to those of us in the industry, consumers are already furious over tracking and stalking and unwelcome use of their data. This, rather than ads per se is the number one reason people install ad blockers when they install them. The industry is fighting hard to keep the trust of consumers, and to make mobile advertising acceptable.

Hearing that personal information on iPhones, even though it is encrypted, can be hacked, would entirely undermine the future of our industry. That’s why other tech companies like Google and Amazon have jumped on to support Apple and write briefs on its side in the court case. For one or two terrorists it’s a little dangerous to destroy an entire ecosystem.

 

Cookies May Be Sweet Compared to What Comes Next

As you probably already know if you’re in the industry, third-party cookies are under fire. Google has already announced that it is moving away from them to a different way of tracking users. Internally, our engineering teams are also at work. Now, two of the industry associations, the Digital Advertising Industry and the IAB are also trying to come up with new methodologies.

Browser publishers, responding to privacy advocates, started the discussion, with  browser publisher Mozilla’s announcement that it would  begin blocking third-party cookies in Firefox. The industry was disturbed, but actually Microsoft had already announced that it would ship IE10 with Do Not Track as the default. We’ve been saying for a long time that cookies were in jeopardy, but Mozilla’s move was criticized by the ad industry, which relies on them to target consumers.

“Beyond jeopardizing the amount and quality of content available to users, the plan also threatens to immediately diminish the user experience, by breaking services and tools upon which online businesses and users depend,”  was the first quote from the Digital Advertising Alliance (DAA). But after the initial ruckus, things began to calm down. After all, the world is moving to mobile anyway, and mobile browsers don’t support cookies.

The Interactive Advertising Bureau (IAB) also responded with veiled hysteria. But seeing the writing on the wall, it has started to look for new ways to track and analyze user data and to create standards allowing users to opt out of tracking. “The industry thrives on the ability to define and identify audiences and target those audiences with specific advertising,” IAB Vice President Steve Sullivan said at first. “We need to be able to do that.”

But Google and Microsoft were already working on alternatives, and Google’s was announced last week.

Privacy groups are not assuaged, however.  Privacy researcher Jonathan Mayer told the San Francisco Chronicle  that the newer tracking methods could take more control away from the user. “It’s a lot harder to find out if they’ve been tagged, to do something about it in a reliable way, and, depending on what the technique is, to counteract it in a way that doesn’t undermine functionality,” Mayer said.

Here’s what we’re worried about: If Google, Microsoft, and Mozilla are all working on some other way of tracking users, and IAB and DAA also come up with something, how will the implementation of all these different methodologies affect the ad tech industry, much less the ad industry?

Stay tuned.

ZINC Keeps Your Brand Safe on Mobile Devices

In the days since the first messages were sent out over the internet, our expertise with technology has continuously encouraged us to do things with our new capabilities that perhaps we shouldn’t. We’re moving toward a world in which everything connects, for better or for worse, even the refrigerator and the thermostat in your home. Eventually, the rising number of connections will create systemic risk, and systemic risk is something we can’t mitigate. We can only prevent it by exercising extreme care in what we do online.

For people who are concerned about security in the advertising and publishing worlds  we are at the beginning of yet another massive shift that, in the worlds of Mary Ann Davidson, Oracle CSO, will create problems similar to those every other technology innovation created before. From mainframe to client server to thin client to mobile, each wave of new technology has been open to misuse.Mobile is no exception. While we are all wrestling with how to make money with mobile, we must also keep in mind brand safety across multiple global programmatic buys, consumer privacy concerns, and proliferating transactions.

You want to get results with your ad campaigns, but you want the quality of your brand maintained.That’s why it’s important that you assure yourself that your ads are seen only on trusted sites with premium content, served by a company that understands mobile security and consumer privacy issues.

Clearly, the American public is beginning to understand the perils and risks of technology.We live in a world in which the  good guys are being out-innovated, and the attackers are winning, and the only way to ensure brand safety is with trusted partners.

At ZINC, we know who we’re dealing with all the way from the brand to the publisher. Your ads are placed on ZEDO’s premium network, and served through ZEDO’s ad server. Even though you buy programmatically, you are going to buy safe, scalable, and effective impressions.

Our high impact formats will help you achieve your brand’s results without endangering your reputation. We can scale without compromising the quality of your impressions, because of the size and quality of our premium publisher partners.

Pair premium sites with increased security and high impact formats, and you get a winning combination even on mobile devices.

 

 

 

Enhanced by Zemanta

Do Not Track Could Slow Growth for Online Publishers

Next week  the Online Trust Alliance, of which ZEDO is a member, holds a Forum  in San Jose on the future of privacy and self-regulation. We’ll be there on a panel. But our panel probably won’t be the most controversial one. Instead, the don’t-miss event will be the discussion of Do Not Track, Microsoft’s announcement that it will ship Windows 8 and IE10 with its  privacy settings defaulted to “Do Not Track.” In other words, the advertising industry wouldn’t be able to set cookies anymore. This has already happened in the EU, where stricter privacy settings make it necessary to announce on a site if it sets cookies to collect user information.

When this intention was first announced, it released a firestorm of criticism from open web advocates.  We all thought Microsoft had reversed its decision, but apparently the privacy advocates also weighed in, and now the issue has become deadlocked. It is being discussed by the World Wide Web Consortium, but that group can’t even decide what “do not track” really means. And in the interim,  the open source Apache web server project announced that it has been updated to override the defaults in IE10.

So the privacy advocates got in touch with the Federal Trade Commission and asked it to step in. That cues the advertising industry lobbyists, who have been fiercely arguing that this will upset current advances in advertising that make it possible to serve targeted ads to specific users — a practice they feel is much less interruptive, since women of a certain age will not receive “Enlarge your penis!” ads. Yes, we’re exaggerating, but not by much. Advertisers feel that users will still see online ads, but without the benefit of tracking, those ads will have less relevance. And users have quickly gotten accustomed to ads that target them, unleashing collective mirth when they are obviously mis-targeted by an advertiser they feel should know better.

And in reality, “do not track” has the potential to slow the growth of many industries that depend on online advertising.

We’re very interested in this discussion, because we’re in the ad tech business. We don’t want to be embroiled in the politics, but we do feel that targeted ads are less intrusive and less a violation of privacy than random spam, and that the bad guys will continue to violate whatever policy Microsoft sets. The direction of these rules penalizes the good guys who try to play by the rules. As one of the first ad servers, and the last remaining independent, we’ve seen how this works over the years.

If you’re either an advertiser of a publisher, you ought to be following this debate and weighing in. Next week will be interesting.

The Online Trust Forum will take place next week in San Jose, California.  Registration is still open!  As a ZEDO subscriber / partners, save 20% using the code FF20.  http://2012trustforum.eventbrite.com/?discount=FF20

Enhanced by Zemanta

ZEDO Named to Online Trust Alliance Honor Roll

Microsoft announced Thursday that the next version of its browser, IE 10, will ship with the controversial “Do Not Track” feature turned on by default, a first among major browsers, creating a potential threat to online advertising giants.That includes one of Microsoft’s chief rivals — Google.The change could also threaten the still-nascent privacy standard, and prompt an ad industry revolt against it. Do Not Track doesn’t attempt to block cookies — instead it sends a message to every website you visit saying you prefer not to be tracked.

Wired’s article really points out how much online privacy has become a concern among internet users, and also of the ethical people who serve them.So it’s with great pleasure that we announce that ZEDO today announced it has been named to the Online Trust Alliance (OTA) 2012 Online Trust Honor Roll, based on a composite trust score of security and privacy measures at hundreds of online sites.

Designed to recognize leadership, the Honor Roll distinguishes ZEDO as a “North Star” to inspire others. As part of the 2012 study, released June 6, 2012, OTA analyzed the adoption of key security and privacy initiatives, providing benchmark reporting and comparisons between key industry sectors including leading internet retailers, FDIC Top 100 Banks, and social networking sites. Of the companies evaluated by the non-profit, member-based OTA, less than 30% made the grade.

This report examined over 1200 domains and privacy policies, 3600 web pages, and over 500 million emails.

The focus of the OTA Online Trust Honor Roll is to:

1. Recognize exemplary efforts of leading companies toward data and user protection, as security & privacy efforts, and highlight them as “North Stars.” Organizations on the Honor Roll manage data via security best practices while having transparent privacy practices.

2. Demonstrate OTA’s commitment towards providing prescriptive advice, tools and resources to businesses to enhance the security and privacy of the internet.

3. Underscore the importance of focusing on security and privacy holistically, and that individual security and privacy initiatives cannot be pursued in isolation.

4. Provide benchmark scoring, using the Online Trust Index (OTI) and reported data attributes, for companies to evaluate their own sites, for businesses to use in evaluating partners, and for consumers to consider when interacting or doing business online.

Since 2010, the OTA Online Trust Honor Roll has recognized organizations that follow best practices in data security and privacy.

As one of those organizations, it is part of our mission to serve and protect both our partners and their users. If you have any questions about online privacy rules and how you can comply, please feel free to contact us and we’ll help you understand them.

OTA Honor Roll

Enhanced by Zemanta