Slashdot Mirror
Undergrad Project Offers Site Privacy Information At a Glance
An anonymous reader writes "Not everyone can read legalese. Websites ought to have clearer, more transparent, and simpler privacy policies. One important step in this direction is a simple way of summarizing a privacy policy's features, to make it easy to see how a website will use and protect user data. Inspired by Creative Commons and the Mozilla Privacy Icon Project, we (a group of Yale undergrads) have designed a set of icons, as well as simple descriptions, to describe common features of privacy policies. Additionally, we have built a generator to make it easy for websites to add these icons to their own sites. To further encourage awareness, we have reviewed several popular websites' privacy policies, so that users can see for themselves how they fare." True to their word, the examples show some tiny but nicely scannable icons.
Nice idea and I hope the implementation is well thought out -- designing pictograms that make sense to many cultures is difficult. The other usual concerns also apply -- speaking of which, one issue I see right off the bat is that they're using color as a sole designator in the icon set. For people with red/green color blindness, this makes the set of icons unusable for its intended purpose.
This is something that was needed for a looooooooong time. Bravo!
A simple bunch of icons that are easy to understand.
Just keep it like this, dont make any more, that will just dazzle people. Keep it simple and uniform, and with a good reference on-line so that it is easy to retrieve what something means.
P.S.
EU, have a look at this! This is how things should be done icon-wise...
rm -rf --no-preserve-root /
In my not-so-humble opinion, my take on the Mozilla icons is more clear: http://arka.foi.hr/~lmarcetic/pic/privacy/
I thought this was going to be about a parser that processes the legalese and summarizes it into a couple of icons. Now that would be worth looking at.
I do like the idea of presenting privacy-relevant variables in a concise format; but I have to wonder if that would actually attack the problem usefully...
It seems that(barring the institutionally incompetent, who usually get weeded out unless firmly entrenched in some other industry and just shoving a pseudopod into the web) people are usually pretty good at making obvious on their website whatever they wish to be obvious to the user. Privacy policies are generally made non-obvious, and written to be as incomprehensible as they are mandatory.
This suggests, as does the general miasma of boilerplate evil and overreaching claims generally embedded within, that the privacy policies are largely invisible by design. Icons aren't going to solve that problem.
Potentially worse, icons that allow for the slightest weasel-wording, or which simply aren't construed to imply any meaningfully binding promise on the site operator's behalf, can simply be used to lie more easily and reassuringly.
I think this needs some work. Claiming Facebook doesn't collect information not necessary for the transaction? Isn't this the same company that is well known for raiding peoples contact lists and location data on smart phones? Meanwhile craigslist collects too much information? They only ask for your email address these days!
As they point out in their faq, companies may not reliably use the bad ones. That leaves it unclear whether a statement doesn't apply (e.g., no facility is provided to access and export your data because none is collected), or whether someone is just refusing to disclose whether the statement is true or not. An icon indicating that a policy statement doesn't apply would help clarify that distinction.
Also, I'm not sure what the icon for indicating the site alerts you to policy changes implies...is posting a notice on the website sufficient (for how long? does it need a history?), or is it supposed to mean that direct contact (an email) will be made?
I had to look at the key to understand these icons. I know these are hard concepts to encapsulate in an icon, but some alt-text would have really helped.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Yup. This is privacy obfuscated, not "Privacy Simplified". If you're color blind, this is badly designed. And the examples have no "hover text", so you can't see what the icons actually mean without clicking on them.
Also, I noticed that in certain examples the text for the "red" and "green" compliance icons is identical. For example:
For example, Facebook (red compliance icon):
"This organization might provide your data to a government that asks for it without following the legally required process."
but Craigslist & Google (green compliance icon):
"This organization might provide your data to a government that asks for it without following the legally required process."
Ebay, Netflix, Pandora, & Spotify (green compliance icon):
"When an organization receives a phone call, letter, or other legally insufficient request for your data, they don't comply because the law requires the government to take additional steps before getting your data.
This website requires the government to comply, at a minimum, with the legal process provided by the law before getting users' data."
So, are Craigslist and Google supposed to be red? Or was somebody getting carried away with copy & paste?
I'm not knocking the idea - it's a good one - but the icons as shown on the sample page differentiate 'good' from 'bad' icons only by the colour of the surrounding ring. That means that if displayed on a monochroms screen (think e-ink displays, or printout), or viewed by a colour-blind user, the information content is totally lost - at worst they could be actively misleading. Far better if the 'bad' icons had a triangular frame as well as a red border, as with 'warning' road signs, and 'good' icons remained circular and possibly got a non-white background.
I'm old enough to remember when discussions on Slashdot were well informed.
These are so badly done... Opaque (in meaning) icons, no hover text on the examples, and many of the icons (especially on the 'negative' side) represent user opinions rather than descriptive statements of fact that reflect real life TOS's. (And also ignorant of the non-binary nature of at least one option.)
Disclaimer: I am not affiliated with this source in any way; just a very satisfied user.
Check out the free EULAlyzer which can be downloaded from: EULA Research Center. EULAlyzer works on Windows 2000, XP, 2003, Vista, and 7.
Example: I took a look at the Privacy Policy for /. which is located at:
Geeknet Privacy Policy . "(Last Updated February 29, 2012)
(Effective Date May 24, 2008)"
EULAyzer summarized as:
The "Flagged Text" Called out the following, each of which can be expanded:
Each of these are expandable. Each expanded item provides an "Interest Level" graph and a link to its place in the License Agreement Text.
PS: I've lurked on /. since before there even were UID numbers, but privacy concerns delayed my signing up. I'm quite frankly surprised at how extensive the policy is and that just shows me how much has changed since the olden days. I should probably check other on-line site's policies to see what's new there, too.
Why do the examples show the wrong "Information" color for Google? The description for the information collection category says that Google " might collect and use more information than is strictly necessary" (no doubt in my mind there). So why is the icon in the example green, meaning Google "collects and uses enough data to provide any necessary services"? If the examples are not even reliable, what hope does this system of icons have?
Take a look at their ratings of major sites. That's a simple feature comparison checklist chart, but hard to read. Graphically, all the info is conveyed with colors only, which is awful. From a graphical standpoint, the icons are non-obvious. The picture of a human in a circle means "you can view and export your personal data". From a data collection standpoint, everything is either self-reported or manually set for major web sites, so there's a scaling problem. From an accuracy standpoint, Facebook has "will alert you to material changes" and "you can access all of your data" set to True, which is somewhat questionable given Facebook's history in those areas.
Compare "The evolution of privacy on Facebook" Now that's an excellent, and original, graphical representation of Facebook's privacy issues.
Presenting detailed information with multiple icons creates confusing visual clutter. Here's the chart for the international standard fabric care icons found on clothing labels.A liquid-filled cup with two dots and an underline means "Machine wash, warm, permanent press". A triangle with two diagonal lines means "Bleach with non-chlorine bleach as needed". Did you know that? It's on most garments.
We've struggled with this problem for SiteTruth We collect information about the business behind a web site, and present it to the user through browser add-ons. Doing this both concisely and effectively is tough. Right now, we have red, yellow, and green icons, with "do not enter", question mark, and checkmark graphics. We're about to launch a new system which brings up a small "dog tag" on link mousover, with information about the business. The dog tag uses text, not icons.
The average web site is now loaded with buttons and icons whose meaning is obvious...once you know their meaning. (Look at this one, for example.) Adding still more is not forward progress.
I think it's a useful exercise for all web designers to attempt to use their sites in text-only browsers. Not only does this give at least some appreciation for the difficulties of handicapped users, but it tends to highlight problems that affect all users. It strips away all the eye candy and leaves only the skeleton of basic function -- and sometimes that function isn't very good. I'm not just talking about navigation (although that's often an issue) but communication: is it obvious INSTANTLY to someone what the site is trying to tell them? Or is the site using some cute and idiosyncratic mechanism that everyone involved thinks is great...but which leaves users with "huh?".
If you're color blind OR using a device with a monochrome display (think e-ink like the Kindle Touch) then color alone will not convey any information.
Going with "hover text" is also the wrong approach with more and more devices like the iPad, Kindle Fire and Kindle Touch being touch-screens browsers.
Lol, is it only me, or Spotify = ~Wikipedia?
42.
Good point about the monochrome display. The "Hover" text thing is really a nit related to the examples, since it would almost certainly be done by web developers. However, it still does apply to tablets and other touch devices, since I understand that accessibility software (for example, screen readers) generally reads the alt text for images.
I have tried running several well known privacy policies, such as Google's and Facebook's through the online Gunning-Fog Index (GFI) calculator at http://gunning-fog-index.com/. The program said that you need to be in 15th grade in order to follow those policies. This post, by the way has a GFI of 9.733.
A naked man, doggy style, screaming, DO IT, DO IT, HERE, TAKE MY MONEY (ops, that was Apple :D )
I thout-off and designed such icons back in 2008
My version is modular, account for color-blindness and can render B&W over white, black or any coloured background..
I released them by-nc-sa
http://www.noiraude.net/notracking/notracking.svg
Léa Gris