TRUSTe Learns a Privacy Lesson the Hard Way

The TRUSTe "trustmark" logo visible on a Web site tells surfers that their personal information is safe because the site follows TRUSTe's code of privacy conduct. While TRUSTe's logo at the top of its own Web page is always in plain view, tracking software discovered by a security expert on TRUSTe's site was invisible to visitors. Use of the tracking software violated TRUSTe's own privacy policy and the policies it certifies 1000 other Web sites to follow.

"I appreciate the irony," said Dave Steer, a TRUSTe spokesman, calling the incident an example of the complexity of high-tech privacy issues. "As ironic as this is for us, it happens to other sites. Most privacy incidents are accidents and aren't willfully intended. As soon as we found out about it, it was off of our site in a half an hour."

TRUSTe site administrators had wanted to know which pages received the most visitors, according to Steer. "We're a nonprofit [organisation], and we didn't have the resources to engineer a solution in-house," he said.'s software gives Web masters a weekly tally of the number of hits a page gets, along with the type of browsers used and the percentage of which are Java-enabled. "We had actually considered using other services and didn't like them," Steer said. "From what we understood, the only thing that was being sent was personally unidentifiable IP [Internet Protocol] addresses."

In order to get that information, a GIF (graphics interchange format) file appears on the page which must be downloaded from's servers. When a visitor's browser requests the image, it also sends the server the desired information, along with the IP address of the computer requested. Counter images routinely appear at the bottom of pages -- little boxes, sometimes with the current hit count on them.

However, in TRUSTe's case, the organisation chose to use a GIF file as small as possible, one pixel by one pixel, said Chief Technology Officer Mark Burnes. In effect, TRUSTe chose to install a "Web bug" version on its Web page -- an invisible image used to track site hits that also holds a malevolent potential for tracking and profiling Web surfers without their permission, without their knowledge and without using a cookie.

Steer denied that GIF file was intentionally made invisible.

A Web bug, or any image uploaded from a server other than the one producing a site's Web page, opens the door for a tracking trick called the "Meantime exploit," said Matt Curtin, president of security group Interhack. A Meantime tracker notes the exact time a Web bug is downloaded, effectively tagging the page it's on. When a visitor returns to a site and refreshes the page, the tracker learns the last time the Web bug was refreshed and thus, the last time that particular browser had been there, according to Curtin.

When combined with cookies, knowledge of IP addresses or personal information gathered elsewhere, Web bugs can secretly track users all over the Internet, and can even be planted in bulk e-mail to let spammers learn who reads their messages. Web bugs can defeat users who simply turn off cookies on their browsers. officials said repeatedly that they don't track surfers. "We don't have a database with clients' data. We don't charge anyone to use the counter. We don't have any business selling data here," said Alan Meckler, chairman and chief executive officer of Data collected by is held just long enough to compile the tracking report, then sent by e-mail to the participating site, he added.

That's not the issue for Interhack's Curtin, who said after talking to officials that he believes no tracking took place, despite finding that software code could potentially use time-date tracking. "I have no reason not to believe them," he said.

But could track surfers if it wanted, Curtin added, and that's his problem with TRUSTe's security. There's no way TRUSTe could know isn't tracking surfers short of dissecting's servers. is capable of compiling a profile of a user by comparing Web bugs potentially placed on any of the 900,000 Web sites operated by the tracking company's clients, Curtin added.

According to item 12 of the terms and conditions for using software, both and the counter-equipped site own the data collected regarding visitors to Web sites. "You can use the data we provide for any legal purposes," a statement issued by said. "We will use the data in compliance with our privacy policy."

TRUSTe has not certified's privacy policy, nor's. No one from TRUSTe had contacted prior to the issue emerging in press reports, Burnes at said.

TRUSTe's privacy policy states that users would be notified if any of their personal information was to be used. Knowing if one's browser is Java-enabled may not seem like personal information, but it went beyond the reporting and tracking needs of TRUSTe, Curtin said.

Security professionals make evaluations based on capabilities and potential, not intent, Curtin explained. "For Web designers, if an application does what it's supposed to do, great, and if it does more, then it's an added victory," he said. "For security guys, if it does no more than what it's supposed to do, that's a victory, and anything more it can do is a loss."

Conceding the possibility that the tracking service "may be engaging in other techniques to track Web site visitors and that the possibility exists that may be gathering Web site visitors' personally identifiable information," TRUSTe removed the tracking software from its site, TRUSTe said in a statement posted on its site. TRUSTe chose the service "solely on the belief that was not collecting any personally identifiable information on visitors to the TRUSTe Web site," the statement said.

"I want to emphasise that, at this point, there is no verifiable evidence that any personally identifiable information was gathered by But, as we advise other Web sites, the best practice in a case like this is to immediately eliminate the possibility that any information is being improperly transferred," said Bob Lewin, CEO and executive director of TRUSTe, in the statement.

"I wouldn't be surprised if they just installed the software and weren't planning any dastardly activities and didn't know the implications of running this software," said Internet privacy advocate Ray Everett-Church. "I would much rather believe that it was just a dumb mistake," he added.

"What this points out, what this highlights is just how complicated the privacy issue is for even very savvy, well-intentioned organisations." Everett-Church said. "You can have the best privacy policy on Earth and still be subject to the problems of technology."

Pulling the software immediately, and informing visitors of the potential breach are the first two steps a Web site operator should perform if a problem is discovered, said TRUSTe's Steer. Evaluating the privacy problem and determining the next course of action as TRUSTe is doing is the last step, he added.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?