Joho the Blog
An Entry from the Archives

When I was first introduced to Chris Dixon, a founder of SiteAdvisor.com, a few months ago, I was highly skeptical about his project. SiteAdvisor was going to tell people whether Web sites were safe. It struck me as over-ambitious, over-simplified and ripe for corruption. But after looking into it, I was impressed enough to join the board of advisors.

The SiteAdvisors.com site is still in stealth mode, but Ben Edelman — a security expert, Berkman fellow, and also on the board of advisors — has posted a long and thorough explanation of what SA is up to. So, the company is apparently no longer in full stealth mode.

Read Ben's excellent post for the full story. Here's my version:

SA has set up a slew of machines that crawl the Web, download whatever software they can find, and sign up for every email offer. They then run the downloaded software on virtual machines and note exactly what gets installed and how the registry is altered. They make up a unique email address for each site and note how many messages they get as a result. They also analyze the links to see if sites are part of nasty affiliate networks.

They then make all that information public via a Creative Commons license. You can go to the SA site and see exactly what will happen if you download software from an unknown Web site.

SA also sums up the results of this testing in a red, yellow, and green system of alerts. You can get a plug-in that will put those alerts next to every result on a Google results page. Hovering over the alert gives a summary. Clicking on it takes you to the full explanation. You can dive pretty deep into their analyses if you want. It evens build a mock inbox that shows you the subject lines of the spams you would have received had you signed up at a site.

So, I became a believer. First, I've spent a little time at the SA office and have gotten to know Chris fairly well, and I trust the SA team. Second, they answered all of my "Yeah, but" questions well: The data will be available through CC, there will be an API, there is room for users to comment on each site, the basic version will be provided for free and will be generously provisioned, their privacy policy looks good, they will accept zero advertising or other forms of vendor compensation. (Their business model includes offering a premium version at some point.)

I've been playing with the private beta, and I find it helpful and good-natured. And its database of empirical data, open via Creative Commons and an API, can become a very useful Web resource.

The site should be open for beta-business early next year...