Rating a consumer product, which means testing public properties, is going to be a lot cheaper than auditing a big company's privacy policies, which requires vouching for a negative. Arguably with the Respect Network, some of the users could pool their funds to pay for such audits, which replicates CR's use of reader funds, but I'm not sure the math works out.
Brian
On Fri, 10 Oct 2014, M a r y H o d d e r wrote:
I think this is what Consumer Reports does for everything else we do besides privacy and data policies.
And the reason they have integrity when they rate a refrigerator is because they don't take any corporate money.
They aren't perfect.. but this is the model to achieve trust. Otherwise yelp and epinions and zagats and CNET would be it.
But they aren't.. because they are flawed and subject to market pressures. But in the end, everyone should have a range
of choices and then their ratings will come from that source.
I also think this is something Customer Commons could do..
On Oct 10, 2014, at 1:59 PM, Brian Behlendorf wrote:
On Fri, 10 Oct 2014, Johannes Ernst wrote:
I only meant to say that many people -- myself included -- would trust a statement by the EFF about some organization's (particularly government's) security and/or privacy practices, while this would not be true about many other org's that typically audit. I would say that there are very few organizations who would have similar credibility on this.
Wouldn't that credibility be challenged by the audit-ee paying the audit-or for the audit? Audit-or always loves to champion their independence and honesty, and yet someone on audit-or's staff is responsible for getting the audit business the following year.
But to Doc's question - isn't this arguably what the Respect Network will do? Establish a fierce data management policy, contractually enforced, and get paid to audit - and cancel membership in the network, no refund, if the audit fails?
Brian
Archive powered by MHonArc 2.6.19.