Can you trust that Web site?

The other day I heard a radio commercial claim that more than half of all health-related Web sites are fronts for law firms trolling for potential malpractice-suit clients. I immediately doubted the ad's claim. First, it didn't cite a source for the high percentage of illegitimate health sites it stated. Second, it was an ad itself (for a law firm trolling for potential malpractice-suit clients, of all things). And third, it glossed over the actual name of the firm, but repeated its toll-free number over and over.

Still, the ad got me thinking about all the bogus Web sites out there, and how people can protect themselves in the absence of any third-party monitoring of Web information. There are some controls in place for making safe Web purchases, principal among them are Secure Sockets Layer (SSL) certificates, which are designed to ensure the security of Web servers. When you visit an SSL server, it places a small lock icon in the bottom-right corner of the browser window, and the URL in the address bar begins with "https:". Even these can be spoofed, however, so they shouldn't be your only consideration when deciding whether to trust a site with your credit card numbers.

Ultimately, when it comes to verifying any site's trustworthiness, you're on your own. Here are some tips and resources to help you decide for yourself which sites you can believe.

Start with the URL
Before you follow a link returned by a search engine or posted on some other site, mouse over it and look at the status bar at the bottom of the browser window for hints about the site. If you don't see this information, click View > Status Bar in either IE or Firefox.

The text between the double slashes and the first single slash is the server ID. If it's an ISP's name, such as "aol" or "geocities," the site is a personal page. (The server ID will usually be followed by a tilde or other character, and then a user name.) This doesn't mean the page is untrustworthy, just that the person or organization hasn't purchased their own domain name.

Check the server ID in your browser's status bar for an indication of the type of page prior to opening it.

Unfortunately, you can't tell much from the domain extension, or top-level domain. The popular .com and .net extensions are used by commercial and non-commercial entities, as are .org--which was intended solely for nonprofits--and the various country codes, such as .ca for Canada and .de for Germany. The first three are unsponsored, as are the newer domains .biz, .info, and .name. There are also several sponsored TLDs, which are "controlled" by a third party. These include .aero, .asia, .coop, .mobi, .museum, .pro, and .travel. Of these only .mobi has gained traction among Web developers eager to attract mobile-phone users.

Once you're on the site, look for an About or Biography page, which should give you a clear indication of the site's purpose and intended audience, as well as the qualifications of its authors. Also check for a Contact page that includes a physical address and/or toll-free telephone number. Keep in mind that these site elements are also easy to spoof. Two other early indications of a site's validity are the presence of a date on the page, and the inclusion of links to information relevant to the subject at hand, and not simply some Ajax widget that displays headlines from some other site automatically, or (more likely) a list of unrelated text ads.

Check the site's links
It's not uncommon for sites to fill their pages with links to other popular sites in hopes of raising their profile among search-engine spiders. To view a list of sites that link to the site in question, type link: followed by its URL in Google's search box, and press Enter. You can also enter the URL at Alexa.com, if it's one of the top 100,000 sites on the Web, to get a snapshot of its traffic, as well as what sites link to it.

View a snapshot of a Web site's traffic, and a list of sites linking to it, at Alexa.com.

Look for the site in a Web directory
There are some credible third-party Web directories that help you find topic-specific sites you can trust. The Librarian's Index is a bit dated, and it doesn't include some of my favorite technology resources, but it covers a range of topics almost as broad as the Web itself. A consortium of college and university librarians led by the University of California at Riverside created Infomine for their students and staff, but it lists many reliable Web sources in non-scholarly areas as well. One of the best consumer-focused Web directories is at About.com.

The ring-of-truth test
Even information on sites with reputations for reliability can be suspect, as shown by recent revelations about bogus postings on Wikipedia. The more important the information, the more sources you should use to corroborate it.

Along with a clear and consistent statement of purpose, a site should be grounded in the real world, with a physical address, a URL that matches its name, and references for its authors. It should also be easy to use, clearly laid out, and bereft of typos and broken links. And that old maxim is as valid on the Web as anywhere else: If it seems too good to be true, it probably is.

Friday: convert any Office file to PDF for free.

[seo2seo]

Alexa merely shows the top sites used by Alexa users - it is no more an indication of quality than the lies on fraud sites.

Please don't undermine your good advice with total rubbish!

[doreilly]

I refer to Alexa here only as a resource for finding out about a Web site you're unfamiliar with, not as a source for accurate information about a site's overall traffic. Specifically, I mention that the site will help you find out what sites link to the site you're asking about. It's one of many tools available for learning something about a Web site.

Dennis

[umbrae]

Isn't Alexa.com the people that install that spyware toolbar? Why would they be mentioned in an article about "trustworthiness". That puts a big question mark over the advise presented here since you direct people to an untrustworthy vendor.

SSL certificates can be bought by untrustworthy people too. A "real" SSL cert only means you might be able to get some information to sue a vendor (and encrypt the information you send them). It does not in anyway ensure trustworthiness.

Want protection? Disable cookies and javascript and only open it to sites you trust. Only do business with sites you trust. If it is on a small website you found on Google, then it is probably just a reseller. Looking for a new site? Google it for consumer comments.

[doreilly]

I don't use the Alexa toolbar, though I acknowledge that it has been labeled spyware by some security programs. The service aggregates a sampling of Web traffic, and therefore provides an indication of a site's popularity. In that context it can help you determine--along with many other sources and techniques--whether a site you're not familiar with is trustworthy.

I agree with the advice you provide on SSL certificates, and on disabling javascript on sites you don't trust. I also appreciate the advice on searching for consumer comments, though I don't trust all the consumer-opinion sites, either.

Thanks again for the good information.

Dennis

[pemerick]

Dr. Web Anti-virus link checker is a great Firefox extension to use if you are ever unsure of the safety of a link. It scans the link and lets you know whats on the "other side" of it.

[wayneb2]

Thanks for the information. Our online project management solution (http://www.jointcontact.com) has been recently added to the Seattle Startup Index, which makes use of Alexa rankings.

[Diverdeb]

I am using a browser add-on called Web of Trust (www.mywot.com) which addresses this dilemma in a new fashion.

WOT is an online community for reputation rating that allows users to share their knowledge of sites with others. The ratings are based on standards of trustworthiness, vendor reliability, privacy and child safety.

A tiny traffic light style icon appears next to the site after you search on Google, Yahoo!, Wikipedia, etc, so it alerts you about that site. What I like about it is that it's people-driven, so I benefit from other people's experience and knowledge--plus I can add my two cents in there too!