For Businesses For Consumers TRUSTe Blog About TRUSTe   
 
TRUSTe - Make Privacy Your Choice
About Trusted Download  ::   How to Get Certified  ::   Certification Agreement  ::   Press  ::   Advisory Committee  ::   Whitelist
What is a Trusted Download?

The Program outlines certain requirements for all software and specifies additional requirements for advertising and tracking software. This approach ensures that the Program addresses practices that historically have created consumer confusion and anxiety. However, all software will need to meet specific program requirements and will be tested for monitoring, relays, and behaviors that are considered potentially deceptive.

Read a Summary of Key Requirements

Read a Summary of Prohibited Activities

Read Detailed Program Requirements and Legal Obligations (.pdf)

Return to the Trusted Download Whitelist

A. Summary of Key Requirements

Notice
The Program imposes a layered approach, via a primary notice and reference notices such as the End User License Agreement, EULA, and the privacy statement. The primary notice must explain functionalities that impact the consumer experience and must be unavoidable, to ensure that users understand what they are downloading. EULAs and "opt-out" mechanisms are insufficient for providing such notice or obtaining consent. For example, unavoidable notice of any material changes to certain specified consumer settings is required for all software. Further, all ads delivered in certified advertising software must be labeled, and unavoidable notice of certain ad features must be provided.

Consent to Download is Required
Consumers must be offered notice and an opportunity to consent that is described in plain language and is as prominently displayed as the option to not download. Consent to download may not be obtained with a pre-selected option. EULAs and "opt-out" mechanisms are insufficient for providing notice and obtaining consent.

Easy Uninstall
Instructions for uninstallation must be easy to find and easy to understand, and methods for uninstalling must be available in places where consumers are accustomed to finding them, such as the Add/Remove Programs feature in the Windows Control Panel. Uninstallation must remove all software associated with the particular application being uninstalled, and cannot be contingent on a consumer's providing Personally Identifiable Information, unless that information is required for account verification.

Special Protections for Children
Companies in the Program must prevent the distribution of their advertising or tracking software on children's websites - including by prohibiting their distribution partners and affiliates from such distribution.

Affiliate Controls
Since many advertising and tracking applications are distributed through second and third-party affiliates and/or bundled with other programs, relationships must be disclosed in attestations. Certified software is subject to random testing on instances found wherever an individual might encounter them.

Prior Behavior
The Program includes provisional certification for companies that have previously engaged prohibited activities. In order to be certified, these companies will be subject to additional oversight including enhanced monitoring and a requirement to go back to all users who downloaded an uncertified version of the software application and obtain their opt-in consent.

Segregated Ad Inventory
Companies in the Program must maintain segregated ad inventory in certified versus uncertified applications. The application provider must be able to serve ads to users from whom consent was obtained versus users from whom consent has not been acceptably obtained.

Monitoring
Certified applications are monitored by TRUSTe for ongoing compliance with the Program's strict standards. A company risks termination from the program if any one of its certified applications violates the standards.

Enforcement
If monitoring uncovers suspected non-compliance, an application, or in some cases all of a company's applications, will be subjected to enforcement procedures by TRUSTe. Depending on severity and the results of a TRUSTe investigation, an application may be suspended or removed from the program whitelist. In certain cases, a company or application may be terminated from the Program and the fact of its termination made public.

B. Summary of Prohibited Activities

Trusted Download Participants are prohibited from doing any of the following, and must stake steps to ensure that their Distribution Partners or Affiliates do not do any of the following:

  1. Take control of a User's computer deceptively.
  2. Modify security or other settings of the computer that protect information about the User for the purposes of causing damage or harm to the computer or the User.
  3. Collect PII through the use of a keystroke logging function without authority of the owner of the computer.
  4. Induce the User to provide information about them to another person by intentionally misrepresenting the identity of the person seeking the information. This includes inducing the disclosure of information by means of a web page or Software Unit that is substantially similar to a web page or Software Unit established or provided by another person; and misleads the User that such web page or Software Unit is provided by such other person.
  5. Induce the User to install the Software onto the computer, prevent reasonable efforts to block the installation or execution of, or to disable the Software.
  6. Falsely state that installing software or providing log-in and password information is necessary for security or privacy reasons unrelated to the software itself, or that installing software is necessary to open, view or play a particular type of content online or offline (e.g., can not falsely state software is necessary for accessing web site).
  7. Induce the User to install, download or execute software by misrepresenting the identity or authority of the person or entity providing the software to the User. This includes, but is not limited to use of domains with misspelling of frequently visited web sites (i.e. 404 squatting).
  8. Remove, disable, or render inoperative by deceptive means a security, anti-spyware or anti-virus technology installed on the computer without obtaining prior consent from the User.
  9. Install or execute the Software on the computer with the intent of causing a person to use the software in a way that violates any other provision of this section.
  10. Allow any of their Certified Software to be bundled with the Software unit currently engaging in any of the Prohibited Activities listed in this section.

For complete, detailed prohibited activities please see the Program Requirements in the certification agreement.

Return to the Trusted Download Whitelist
 

Want to know more about the program?

Click here to receive periodic updates and further information on the Trusted Download Program.

Sponsor: CNET
For Business | For Consumers | About TRUSTe | Careers | Site Map | Privacy Statement - UPDATED | TRUSTe Homepage | Terms & Conditions
© 1997 - 2008 TRUSTe. All Rights Reserved.