Blog

2022: Pivot to Software Product Safety  

Written by Lisa LeVasseur

December 23, 2022

Yet another busy year is winding down and I’d like to share some highlights from Internet Safety Labs.

This year, we’ve started changing the discussion from privacy and cybersecurity to Product Safety, which is what people want, deserve, and frankly, expect. People don’t want all these do-it-yourself “keep yourself safe online” projects — imagine if we had to do that for our cars or other products we use daily. Due to robust physical product safety measures, we have a reasonable expectation for product safety in the United States and in many other parts of the world. Meanwhile, consumer software has been around for 40 years, yet it lacks the same level of product safety we see for physical products. We are long overdue for having adequate product safety on software and software-driven technologies.  

Our transformation this year from the Me2B Alliance (a Standards Developing Organization) to Internet Safety Labs (a Product Safety organization) has proven itself invaluable in planting the seed for our Campaign for Software Product Safety, which will continue to take root in 2023. We haven’t abandoned our core Me2B ethos, and our safety standards rely heavily on the context of the Me2B relationship and the nature of Me2B commitments. We’ll always be championing Me-s in the Me2B relationship.   

How did we keep people safer in 2022?

As always, our primary metric for success is the number of people who are safer as a result of our work.   

  • Our greatest undertaking this year was our first ever industry benchmark, which was for K12 educational technologies recommended or required for use in schools across the US. Highlights of the benchmark are: 
  • Over 117,000 data points on 663 schools and 1722 apps. 
  • Network traffic collected for 1,587 apps. 
  • ISL Safety Score for 1,357 apps. 

Bottom line: the results were worse than we expected, which journalists noted in publications including Marketwatch and Education Week. As we continue to publish more findings – including the ISL safety scores—we expect an even greater impact toward safer edtech software in 2023.   

  • All year long we’ve been monitoring dangling/soon-to-be-dropping domains, which we first wrote about earlier this year. We constantly monitor dropping domains and proactively purchase ones that are most capable of harm, should they fall into the wrong hands. To date, we’ve purchased 17 domains, keeping thousands of people safer.  
  • Last year, during the development of our ISL SDK Risk Dictionary, one SDK in particular (Pushwoosh) flagged our interest for two reasons: (1) it was included in US Army training apps, and (2) it appeared to be owned by a dubious Russian company. Our advisor, Zach Edwards, continued efforts to expose the situation, culminating in a powerful story late this year. When the story broke, we sprang to action, publishing a list of all the apps that include the Pushwoosh SDK. There’s no doubt that these combined actions helped keep millions of people safer. 
  • We’ve also made tremendous progress with software safety specifications. In 2022 we published two versions of our Software Safety Standard for Websites and Mobile Apps, as well as our updated Principles for Safe Software. These specs are publicly available.  Even just following the principles can go a long way toward making software safer. (A reminder that participation in our Software Safety Standards panel is open to all.)   

There’s so much more that happens behind-the-scenes due to the dedication and efforts of our small but mighty team—too much to list here. We’re profoundly grateful for our ISL family of employees and supporters, and we’re excited to scale up our efforts in our campaign for software product safety to keep even more people safe in 2023.

From our ISL family to yours, wishing you all a lovely holiday and a safe and happy new year!

Lisa LeVasseur