Non User review: Siteadvisor

I just read this from Chris Pirillo, heavily recommending Siteadvisor.com.

Non-User Review; www.siteadvisor.com

A non-user review is not about using the thing but about the thing itself.

What is Siteadvisor?

In essence Siteadvisor is an addition to your web browser that puts either a green, a yellow or a red icon besides sites as they appear in search engine results (or grey if it knows nothing). It looks a bit like this in google:




The icons can then be used to link to more information about the site, either as an instant popup or by visiting the Siteadvisor website.



It works in Google and Yahoo searches and probably others as well.

What's the idea?

The idea is that Siteadvisor will make your use of the Internet much safer and hassle free because you get warned of sites that pose a perceived risk before you click on that site's link.

After quite a few goes, it does show potential and the actual "interface" to the Siteadvisor database is simple and good.


How does it do it?

The people who make it have spidered and analysed large chunks of the web (1 million plus sites so far). They also claim that they have "evaluated websites covering 90% of the world's web traffic" and "downloaded and tested more than 100,000 pieces of software" as well as other measures. These are all big claims and lead to some criticisms (below).

So they have a pretty huge database of sites, and the perceived threats associated with those sites. When you do a search, the results list is augmented by the relevant icons for each website in the list.

It's a great idea.

Does it work?

I'm not convinced it is offering any significant level of security right now...... Its all about the data. Read on...


Drawbacks

Don't get me wrong, I think the system is great and shows some huge, netuse changing, potential. But there are drawbacks, there always are. Time will tell whether these drawbacks prevent the ultimate success of the system.

Drawback 1: Low web area of coverage.

They have 90% of the most common websites and that's great. But they have only a TINY fraction of the total number of websites that actually exists. There are many billions of websites (5, the last time I looked) and they have just 1 million of them. Assuming they want to gain a more significant area of coverage then they will need an exponential increase in their "web cartography".


Drawback 2 : Inherently low data freshness.

Data freshness is a measure of how up to date an entry in a database is. In the case of search engines, if you change a detail on your website it won't be reflected in Google et al until the engines have reanalysed your site. The longer the period between actual change and the database reflection of that change, the less fresh the data.

Siteadvisor has a necessarily low data freshness because:

Not only does it need to analyse websites, it needs to analyse many additional things: software and hashes and web scripts and test email adresses and so on. And what's more, every time it wants to make a site's data fresh, it has to do this all over again.. and that's a huge task.

It takes the might of Google's advanced distributed computing power to make it function reasonably, and Google doesn't have to download and analyse all the extra bits.



Drawback 3: The flacidness of its protection?


There are some big bad threats out there on the wild web internet. Actually, there probably aren't really that many big bad threats out there. But let's assume that there are. It's more exciting that way.

For these big bad threats we use virus checkers and anti-spyware and adware removers. That's what we do. At least that's what anyone who is worried enough to install Siteaider will do. So that takes care of the bad stuff. I'm guessing a virus company is going to be updating its virus database way quicker than Siteadvisor is going to updating its web database.

What exactly is left for Siteadvisor to warn me about? It seems phishing and fraud and identity theft is what they have left to warn me about. But all of these threats are threats overcome not by comparing checksums but by not being stupid. If you really do think your long lost uncle Borris wants your paypal details so he can pay for some "lovely vases, very pricey" then I am not sure you should be online.

I don't really worry about the websites I visit, I don't think. If I were to download pirate software I would be worried, so worried I would make absolutely sure I had my virus checker up to date.




Drawback 4 : The Problem Of Faith

One might argue that, if Siteadvisor took off in a big way, it would instil a misplaced faith in its results that would be more dangerous than the lack of the system. People will be much more susceptible to phishing and other "confidence tricks" if they are told by Siteadvisor that the site is good to go.

It would be easy to do as well. You set up a safe website a month and tell Siteadvisor about it: it then gets the green flag. Subsequently you turn it into a website of the utmost evil trickery to scam anyone who visits it (Rrrrrarrrrr). On the same day as switching sites you spam the 40 million mail addresses you bought on Ebay, even though they didn't take papal. In this scenario, the greater the success and ubiquity of Siteadvisor usage the greater the risk to the individual web user.

The more you think about it the correlation between success and risk becomes apparent and serious.

Drawback Conclusions

I think Siteadvisor has a number of issues that may hamper its success, perhaps critically. The first three drawbacks I list can be largely solved by technology, but I can't see a solution to the 4th Drawback, the Problem of Faith.

Even assuming all 4 drawbacks are not solved, the central question is, will people be safer if they use this system? Actually I think that the majority will be. I think that there will be cases where people are less secure (whatever that really means) if they use the system, but they will be rare.


The Business Model

The business model used is the now fairly standard "normal for nothing, premium for a premium" affair. I have totally no issue with that, but I am curious to see what the premium features would be.

Maybe they will sell us the ability to view when the domain expires, or who owns it or the support email etc. Maybe it will be linked in with geographical or web traffic data.

Whatever there premium features are, Siteadvisor will need to cut the right line between:

1. Making it worthwhile for enough people to upgrade.
2. Not allowing the premium version to be so far superior to the free version that it devalues it completely.

They are going to need money because this is really going to cost. They need an exponential upscaling of their system's processing, bandwidth and storage to tech it through the first three drawbacks I list.


The Conclusion


Even given my criticisms (and I am sure there are others) what Siteadvisor is trying to do is great.

This is not a system that can survive in a backwater or with a low userbase. It needs people and it needs lots of computing power at a high cost.

It's never going to be infallible. At the start I imagine it will be pretty fallible. But as use and progress increase, if it can afford to pay for the increasing technology, it could become so useful as to be essentially a part of the web.