Slashdot Mirror
Undergrad Project Offers Site Privacy Information At a Glance
An anonymous reader writes "Not everyone can read legalese. Websites ought to have clearer, more transparent, and simpler privacy policies. One important step in this direction is a simple way of summarizing a privacy policy's features, to make it easy to see how a website will use and protect user data. Inspired by Creative Commons and the Mozilla Privacy Icon Project, we (a group of Yale undergrads) have designed a set of icons, as well as simple descriptions, to describe common features of privacy policies. Additionally, we have built a generator to make it easy for websites to add these icons to their own sites. To further encourage awareness, we have reviewed several popular websites' privacy policies, so that users can see for themselves how they fare." True to their word, the examples show some tiny but nicely scannable icons.
Nice idea and I hope the implementation is well thought out -- designing pictograms that make sense to many cultures is difficult. The other usual concerns also apply -- speaking of which, one issue I see right off the bat is that they're using color as a sole designator in the icon set. For people with red/green color blindness, this makes the set of icons unusable for its intended purpose.
This is something that was needed for a looooooooong time. Bravo!
A simple bunch of icons that are easy to understand.
Just keep it like this, dont make any more, that will just dazzle people. Keep it simple and uniform, and with a good reference on-line so that it is easy to retrieve what something means.
P.S.
EU, have a look at this! This is how things should be done icon-wise...
rm -rf --no-preserve-root /
In my not-so-humble opinion, my take on the Mozilla icons is more clear: http://arka.foi.hr/~lmarcetic/pic/privacy/
I thought this was going to be about a parser that processes the legalese and summarizes it into a couple of icons. Now that would be worth looking at.
I do like the idea of presenting privacy-relevant variables in a concise format; but I have to wonder if that would actually attack the problem usefully...
It seems that(barring the institutionally incompetent, who usually get weeded out unless firmly entrenched in some other industry and just shoving a pseudopod into the web) people are usually pretty good at making obvious on their website whatever they wish to be obvious to the user. Privacy policies are generally made non-obvious, and written to be as incomprehensible as they are mandatory.
This suggests, as does the general miasma of boilerplate evil and overreaching claims generally embedded within, that the privacy policies are largely invisible by design. Icons aren't going to solve that problem.
Potentially worse, icons that allow for the slightest weasel-wording, or which simply aren't construed to imply any meaningfully binding promise on the site operator's behalf, can simply be used to lie more easily and reassuringly.
I think this needs some work. Claiming Facebook doesn't collect information not necessary for the transaction? Isn't this the same company that is well known for raiding peoples contact lists and location data on smart phones? Meanwhile craigslist collects too much information? They only ask for your email address these days!
As they point out in their faq, companies may not reliably use the bad ones. That leaves it unclear whether a statement doesn't apply (e.g., no facility is provided to access and export your data because none is collected), or whether someone is just refusing to disclose whether the statement is true or not. An icon indicating that a policy statement doesn't apply would help clarify that distinction.
Also, I'm not sure what the icon for indicating the site alerts you to policy changes implies...is posting a notice on the website sufficient (for how long? does it need a history?), or is it supposed to mean that direct contact (an email) will be made?
Yes, that's a common amateur mistake. The easy fix would be to use a prohibitory slash across the circle, like the "No Smoking" sign.
A better one would be to offer two or three columns: Things the site does, things the site doesn't do, and (possibly) Not Applicable, and have all sites distribute all the icons among the three columns, no exceptions.
I had to look at the key to understand these icons. I know these are hard concepts to encapsulate in an icon, but some alt-text would have really helped.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Just using colors to differentiate between values isn't really the best idea.
Add something more, so that it becomes obvious even without the colors.
A symbol that lets you know whether they will let you block your account from the provided services immediately upon request of the account holder and honor the policies in place at the time the information was originally collected.
Posting any policy changes to a centralized governmental website so they can be held accountable for what policies they have in place at which dates.
This would be useful data for Google to add in to search results
I'm not knocking the idea - it's a good one - but the icons as shown on the sample page differentiate 'good' from 'bad' icons only by the colour of the surrounding ring. That means that if displayed on a monochroms screen (think e-ink displays, or printout), or viewed by a colour-blind user, the information content is totally lost - at worst they could be actively misleading. Far better if the 'bad' icons had a triangular frame as well as a red border, as with 'warning' road signs, and 'good' icons remained circular and possibly got a non-white background.
I'm old enough to remember when discussions on Slashdot were well informed.
These are so badly done... Opaque (in meaning) icons, no hover text on the examples, and many of the icons (especially on the 'negative' side) represent user opinions rather than descriptive statements of fact that reflect real life TOS's. (And also ignorant of the non-binary nature of at least one option.)
Nice idea. The problem is that is solves a problem that doesn't want to be solved.
The people who provide these websites have no interest in making their privacy policy easy to understand. If they did, there's a danger that users might read it, and if they read it, they might find something they dislike, and if they find something they dislike, they might not sign up to the service.
This is a much less desirable outcome than users continuing to agree to anything the privacy policy says without reading it.
Disclaimer: I am not affiliated with this source in any way; just a very satisfied user.
Check out the free EULAlyzer which can be downloaded from: EULA Research Center. EULAlyzer works on Windows 2000, XP, 2003, Vista, and 7.
Example: I took a look at the Privacy Policy for /. which is located at:
Geeknet Privacy Policy . "(Last Updated February 29, 2012)
(Effective Date May 24, 2008)"
EULAyzer summarized as:
The "Flagged Text" Called out the following, each of which can be expanded:
Each of these are expandable. Each expanded item provides an "Interest Level" graph and a link to its place in the License Agreement Text.
PS: I've lurked on /. since before there even were UID numbers, but privacy concerns delayed my signing up. I'm quite frankly surprised at how extensive the policy is and that just shows me how much has changed since the olden days. I should probably check other on-line site's policies to see what's new there, too.
Why do the examples show the wrong "Information" color for Google? The description for the information collection category says that Google " might collect and use more information than is strictly necessary" (no doubt in my mind there). So why is the icon in the example green, meaning Google "collects and uses enough data to provide any necessary services"? If the examples are not even reliable, what hope does this system of icons have?
Take a look at their ratings of major sites. That's a simple feature comparison checklist chart, but hard to read. Graphically, all the info is conveyed with colors only, which is awful. From a graphical standpoint, the icons are non-obvious. The picture of a human in a circle means "you can view and export your personal data". From a data collection standpoint, everything is either self-reported or manually set for major web sites, so there's a scaling problem. From an accuracy standpoint, Facebook has "will alert you to material changes" and "you can access all of your data" set to True, which is somewhat questionable given Facebook's history in those areas.
Compare "The evolution of privacy on Facebook" Now that's an excellent, and original, graphical representation of Facebook's privacy issues.
Presenting detailed information with multiple icons creates confusing visual clutter. Here's the chart for the international standard fabric care icons found on clothing labels.A liquid-filled cup with two dots and an underline means "Machine wash, warm, permanent press". A triangle with two diagonal lines means "Bleach with non-chlorine bleach as needed". Did you know that? It's on most garments.
We've struggled with this problem for SiteTruth We collect information about the business behind a web site, and present it to the user through browser add-ons. Doing this both concisely and effectively is tough. Right now, we have red, yellow, and green icons, with "do not enter", question mark, and checkmark graphics. We're about to launch a new system which brings up a small "dog tag" on link mousover, with information about the business. The dog tag uses text, not icons.
The average web site is now loaded with buttons and icons whose meaning is obvious...once you know their meaning. (Look at this one, for example.) Adding still more is not forward progress.
I think it's a useful exercise for all web designers to attempt to use their sites in text-only browsers. Not only does this give at least some appreciation for the difficulties of handicapped users, but it tends to highlight problems that affect all users. It strips away all the eye candy and leaves only the skeleton of basic function -- and sometimes that function isn't very good. I'm not just talking about navigation (although that's often an issue) but communication: is it obvious INSTANTLY to someone what the site is trying to tell them? Or is the site using some cute and idiosyncratic mechanism that everyone involved thinks is great...but which leaves users with "huh?".
Lol, is it only me, or Spotify = ~Wikipedia?
42.
I have tried running several well known privacy policies, such as Google's and Facebook's through the online Gunning-Fog Index (GFI) calculator at http://gunning-fog-index.com/. The program said that you need to be in 15th grade in order to follow those policies. This post, by the way has a GFI of 9.733.
A naked man, doggy style, screaming, DO IT, DO IT, HERE, TAKE MY MONEY (ops, that was Apple :D )
I think the next step is to have the browser (or JavaScript) check the website's Terms of Service and Privacy Policy for changes since the last visit and have the browser or whatever popup a little notification that the legal obligations of the site have changed. This information could be stored in a database and queried whenever a user visits that website for the last update time. The database access would have to be anonymized because you could track users via IP address as they query the database, or it would make sense to have the database run by Mozilla (because you implicitly trust their browser to not spy on you to begin with). Alternatively, the browser/JS could scan the ToS/PP itself for changes and store the last version (or a hash of the last version) for the privacy paranoid.
Also, doing this for all cookies that get set when visiting a website, so users know exactly who is collecting their information and what those people/companies can/are doing with it.
Thanks for all the hard work though!
I thout-off and designed such icons back in 2008
My version is modular, account for color-blindness and can render B&W over white, black or any coloured background..
I released them by-nc-sa
http://www.noiraude.net/notracking/notracking.svg
Léa Gris
I tried to fill out the questions, but kept coming up with an answer of "maybe".
"Do you provide users with the ability to access and export their data?"
Access: Yes. Export: No. It's accessible to them (and most publicly accessible), but no specific export tool exists.
"Do you encrypt user data?"
Only passwords. Really, encrypting anything else is pretty much moot because other than the email address (optionally) it's pretty much all public. Anyway, any hack is most likely to come in through the front end which would need the encryption keys anyway.