Here are some answers to questions you may have. If there are more questions you still have, please be in touch.
Photo by CoWomen on Unsplash
For website publishers:
Why should we participate?
If you are doing good work, and you want your work to be noticed, you need to make it easy for the search engines, social networks and advertisers to understand who you are. They make decisions with data. If you are a member of an organization, that’s data. If you have social channels you control, that’s data. But right now that data is pretty much invisible. Trust.txt will make data — that helps you — visible.
How do we actually make this text file?
I know you are not a developer, but really this is as simple as code gets. Follow the examples provided to you. If you have a web person, ask them to post this (it should take less than five minutes) If you are your own web person, just put the txt file at your root directory, the same place your robots.txt and ads.txt file are now.
What if I don’t belong to any associations?
If you think about it, you may belong to one and not even think of it like a regular association. It could be a non-profit that gave you some funding, along with some others. Any group at all will work. If that organization hasn’t heard about JournalList and the trust.txt framework yet, send them to this site to see if this is a good idea for them.
What if I put up a trust.txt file, but my associations do not?
There’s no question that the network effects are stronger if you join along with your association. But just joining on your own is a positive first step, and will at a minimum make sure that your social channels are properly linked to you.
Do I need to join JournalList as a member for this to work?
No, but there are a couple of good reasons to join:
- You will be listed on the trust.txt file maintained by JournalList, which will give the platforms a good signal about your legitimacy.
- You will be doing a small part to establish that journalists should decide who is and is not a journalist.
- You will be helping to ensure that the trust.txt framework remains independent and not controlled by any one company.
Photo by nate on Unsplash
For Associations:
How often would the list need to be updated and who is monitoring the list for changes?
This is totally up to you. In general, you want the file to be current at all times, as crawlers may look at the trust.txt file at any time. You will especially want to update the list if you have a member who exhibits what you think to be unethical or otherwise problematic behavior, including ending a relationship with your association.
How important is it that our members post a trust.txt file?
It’s important, but not required. We understand that the relationship between members and an association can be delicate. We do not want you to do anything to jeopardize that. Our basic advice is that you let all members know that this new file will give an important new signal of trust. And just like with a robots.txt file, there’s really no reason not to do it. It won’t take long; it won’t hurt and it may help a lot.
Is this something that we can just do for our members so we don’t have to create another task for them?
You can help them along the way. (And JournalList will help you to help them with whatever supporting materials you may need.) But they will need to post the file themselves. Part of what builds up the network of trust is proving that a participant indeed controls a domain.
Related to that, can we just pay the dues for our members to join JournalList?
Part of the reason that we encourage publishers to join JournalList is that membership itself is a signal of trustworthiness. A part of that is that each publisher has to enter a credit card number and join this membership organization. If we allowed one entity to pay for a bunch of other entities, malicious actors could use that as a technique to prop up websites built with an intent to deceive. The very act of using a credit card that is tied to an organization is a small but significant signal of authenticity.
Is there a business opportunity somewhere in this for us?
Probably nothing new. That said, this is positive for you and for your members for a couple of reasons:
- Together you will be taking the existing value of membership in your organization and make that visible to the platforms and others.
- Your members over time should find that quality traffic from the platforms increases.
- If your members sell advertising on their sites, they should be able to get better CPMs and be able to participate in higher quality ad networks.
Photo by Kyle Wagner on Unsplash
For News Consumers:
I’m a consumer of news online, how does this affect me?
The short answer is that it doesn’t.
Think of it like the sticker on the back of your inkjet printer, the one with a bunch of tiny logos. If you ever looked at that and wondered what it was, you may have figured out that the logos are of standards groups—industry associations that come together to make it so that any wifi will work withe printer, and that standard sizes of paper will work, etc.
Here, the logos represent not technical standards groups but associations of publishers. The trust.txt file then is an online version of that sticker with all the logos. It’s not the standards, it’s just the sticker that shows what standards have been met.
So just as with that sticker on your printer, you can dig into it and figure out what it all means, or you can just interact with your printer (and your news) the way you always have.
Technical FAQ:
I am not a technical expert, what do I do?
You can always reach out to JournaList and we can assist you.
What is a trust.txt file and what goes into it?
Your trust.txt file is a simple machine or human readable text file (not a Word document or HTML page) that contains a list of relationships, social media sites, and contact information (one entry per line) for your organization. JournalList will generate an initial trust.txt file for its members and assist them with any issues they may encounter. For reference, here is the JournalList trust.txt file
Here are the trust.txt entries that are currently specified. Make sure that you don’t confuse these entries (e.g., “member=” for “belongto=”) and use the appropriate entries for your organization (whether you are an Association, a Publisher, or a Vendor):
- Comments can be inserted by beginning a line with the “#” character.
- “
member=”- Used by an Association to identify their members, each entry identifies a unique member with a “member=<member_website>” entry. This membership relationship is validated when the trust.txt file of the referenced member has a corresponding “belongto=” entry with the Association’s website. The credibility of the relationship is questionable when the relationship cannot be validated. - “
belongto=”- Used by a Publisher, Association, or Vendor to identify the associations to which they belong. Each entry identifies a unique association with a “belongto=<association_website>” entry. This membership relationship is validated when the trust.txt file of the referenced Association has a corresponding “member=” entry with the organization’s website. The credibility of the relationship is questionable when the relationship cannot be validated. - “
control=” – Used by organizations that have multiple websites with different domains to identify those websites that they control. Each entry identifies a unique website that the organization controls with a “control=<controlled_website>” entry. This controlling relationship is validated when the trust.txt file of the referenced website has a corresponding “controlledby=” entry with the organization’s website. There must be only one controlling relationship for each controlled website. The credibility of the relationship is questionable when the relationship cannot be validated. Note: having a “ß” entry that references the website on which thetrust.txtfile is published is unnecessary. - “
controlledby=” – Used by organizations that have multiple websites with different domains to identify those websites that are controlled. One entry identifies the website of the controlling organization with a “controlledby=<controlling_website>”. This controlling relationship is validated when the trust.txt file of the referenced website has a corresponding “control=” entry with the organization’s website. There must be only one controlling relationship for each controlled website. The credibility of the relationship is questionable when the relationship cannot be validated. - “
social=” – Used by organizations to identify their social media sites, e.g., “www.facebook.com/<organization>” or “twitter.com/<organization>”. Each entry identifies one of the organization’s social media sites. - “
vendor=” – Used by organizations to identify their suppliers or vendors, each entry identifies a unique supplier with a “vendor=<vendor_website>” entry. This customer/supplier relationship is validated when the trust.txt file of the referenced vendor has a corresponding “customer=” entry with the organization’s website. The credibility of the relationship is questionable when the relationship cannot be validated. - “
customer=”- Used by suppliers or vendors to identify their customers, each entry identifies a unique customer with a “customer=<customer_website>” entry. This customer/supplier relationship is validated when the trust.txt file of the referenced customer has a corresponding “vendor=” entry with the supplier’s website. The credibility of the relationship is questionable when the relationship cannot be validated. - “
disclosure=” – Used by organizations to identify any disclosures, editorial practices, privacy policy, etc. For example, if a Publisher has completed the questionnaire for the Journalism Trust Initiative, it can publish the weblink for that disclosure. - “
contact=” – Used by organizations to identify contact information that Publishers or Associations may want to associate contact data so that people who are part of Data Consumer organizations can make contact with questions.
How/where do I install my trust.txt file?
There is only one trust.txt file for each website that an organization controls. For organizations that have multiple websites with different domains, there is one trust.txt file for each website. Here are the instructions for how to install a trust.txt file on a website.
For Publishers and Suppliers:
- Check that all of the “
belongto=“, “social=“, “contact=“, “vendor=”, and “controlledby=” (if any) entries are correct (there should be no “member=” entries). For example, if the if your organization belongs to additional press associations besides JournalList, you should add the URLs for these organizations to the trust.txt file with additional “belongto=” entries. - Then rename the file to “
trust.txt” and place it on your website (e.g., “www.<your_domain>.com”) as “www.<your_domain>.com/.well known/trust.txt“. (If you have a CMS vendor, you may need to ask your vendor to do this on your behalf.) - Finally, create a redirect from “
www.<your_domain>.com/trust.txt” to “www.<your_domain>.com/.well-known/trust.txt“. This maintains backward compatibility from before trust.txt was registered with IANA as a Well Known URI. (Again, if you have a CMS vendor, you may need to ask your vendor to do this on their behalf.)
For Associations:
- Check that all of the “
belongto=“, “social=“, “contact=“, “vendor=”, “member=”, and “controlledby=” (if any) entries are correct. For example, if the if your organization has to additional members, you should add the URLs for these organizations to the trust.txt file with additional “member=” entries. Likewise, if the if your organization belongs to additional press associations besides JournalList, you should add the URLs for these organizations to thetrust.txtfile with additional “belongto=” entries. - Then rename the file to “
trust.txt” and place it on your website (e.g., “www.<your_domain>.com”) as “www.<your_domain>.com/.well known/trust.txt“. (If you have a CMS vendor, you may need to ask your vendor to do this on your behalf.) - Finally, create a redirect from “
www.<your_domain>.com/trust.txt” to “www.<your_domain>.com/.well-known/trust.txt“. This maintains backward compatibility from before trust.txt was registered with IANA as a Well Known URI. (Again, if you have a CMS vendor, you may need to ask your vendor to do this on their behalf.)
How do I know that I have installed it correctly?
Simply go to the URL “www.<your_domain>.com/trust.txt” in your browser. It should redirect to “www.<your_domain>.com/.well known/trust.txt” and display the contents of your trust.txt file. If you are still having problems, feel free to contact JournalList and we can assist you.
What if I have multiple publications on multiple websites?
Some Publishers have multiple publications on multiple different websites, e.g., www.mediagroup.com, www.publication-1.com, www.publication 2.com, etc. In this case, each site would have its own trust.txt file. The www.mediagroup.com trust.txt file would have the entries:
control=https://www.publication-1.com
control=https://www.publication-2.com
And the trust.txt files for www.publication-1.com and www.publication 2.com would have the entry:
controlledby=https:// www.mediagroup.com
Any associations to which www.publication-1.com and www.publication-1.com belong would have either or both of these entries depending on the membership of that publication to the association:
member=https://www.publication-1.com
member=https://www.publication-2.com
What if I have multiple publications on a single website?
Some Publishers have multiple publications under subdirectories on a single website, e.g., www.publisher.com/publication-1, www.publisher.com/publication-2, etc. In this case there is still only one trust.txt file for www.publisher.com, but it includes all the “belongto=” entries for all of the associations to which all of its publications belong and all the “social=” and/or “contact=” entries for all of its publications. If its individual publications belong to different associations, those associations can reference either the publisher’s website directly (www.publisher.com) or the specific publication (www.publisher.com/publication-1), as these references are essentially the same.
Can’t someone just copy my trust.txt file, post it on their website, and automatically have the same level of credibility as my organization?
Absolutely not! The trust.txt specification is specifically designed to expose imposter websites like this. None of the relationships expressed in the trust.txt file will be validated for the imposter website. In other words, while the trust.txt file may claim to “belongto=” a particular association, or be “controlledby=” a particular organization, the corresponding trust.txt files it references will point to your website and not the imposter website. This is a big red flag and exposes the imposter website as an imposter.
Can’t someone create a bogus trust.txt file with fake or invalid entries?
This is certainly possible, however as in the question above, the trust.txt specification is specifically designed to expose fake websites like this. None of the relationships expressed in the trust.txt file will be validated for the fake website. In other words, while the trust.txt file may claim to “belongto=” a particular association, or be “controlledby=” a particular organization, the corresponding trust.txt files it references will not have a corresponding entry for the fake website. This is a big red flag and exposes the fake website as a fake.
Can’t someone hack my trust.txt file to undermine my organization’s credibility?
You should protect all the content on your websites from hackers under any circumstances, but it is more likely that a hacker would post bogus content on your website to undermine your organization’s credibility than to hack your trust.txt file. Further, we monitor the JournalList ecosystem on a weekly basis and can see when trust.txt files change. We notify our members should we see anything unusual.