A quick clarification. I’m not trying to hold up the current https implementation as a good user-experience. For one, it’s so obscure that the majority of the population are not be able to explain it.

As an attorney interested in information privacy, I think you got something going here. How can I stay in the loop?

The problem comes when we try to think of privacy as a binary secret. Far from it, privacy in the offline world is very nuanced and contextual. I may trust some people with certain information, but I have a right to be upset if they breach that trust. The same is true online. Social networking services market certain features for privacy control, and we should hold them fully accountable. Likewise, our trusted friends and family need to understand that it doesn’t matter whether we whisper in their ear or post it to only three people on Facebook.

Just on the “bad” icon assignment problem how about having a Privacy Icon directory that anyone can use to assign icons to any company? It wouldn’t be legally binding but it would allow people to look-up companies before they sign-up and would, hopefully, spur companies to use the system to counteract mis-assignments or explain why they “sell your data to 3rd parties.” Firefox could even automatically query this directory when you visit a site and display its icons in the Awesome Bar like an SSL cert.

Obviously there would be problems with a user contributed directory but lets not get bogged down in that, it is working well enough for Wikipedia.

As someone who has been arguing for that for the past three years, “extatic” doesn’t begin to cover my enthusiasm to see you starting to draft it.

To answer most of your concerns, that seem rather Chicken & Egg, I think you should implement it as an extension first and signal to the websites most visited by those who use the extension what your browser over-lay unless they use proper meta-data: presumably, those used by privacy-concerned people are privacy-aware website, so they’d understand and be delighted to be beacons of fairness on-line. From there, you’ll be able to move towards the less savvy users—and maybe other browsers: I’m sure Google will be happy to use Chrome to insist on how respectful they are of their users’ privacy (as lovingly respectful as Don Giovanni was to women’s virtue).

I’d love to respect (CC)’s two-icons simplicity; however, if I count properly, you already have three (will demand warrants to authorities; will store your details at personal level; won’t resell it with others) and I can think of three more that would be necessary, simply because they can defeat any of the previous one entirely:
* some employees have full access—what if that employees stores it (and leave)? Company is legally safe, your data is not;
* publish de-identified or aggregate version of your data (for research purposes)—What if un-scrambling or re-identification algos become better;
* we will give your the opportunity to erase your data if we change our policy, sell out or contact in any way with another company—Because buy-out is the usual way-out.

And attacks trigger another wave of concerns: will the company warn, or even be able to assert, what the extend of the attack was? Are they using fake users to track stollen data?

Last point: apart from employee access and erasing (neither you’d include in your default set), Facebook would have the best privacy badges: they don’t sell data, they just sell aggregates and targeted ads. However, that service has been massively associated with privacy issues: mostly apparent stalking (because of lack of control or context collapse) and some over-blown identity theft case. Giving your best grade to a company associated with suspicion won’t help you at first.

I’m sure you can pool some of those together (won’t reveal your information to anyone, not even with money, unless they have a US warrant / unless we share that money with you / etc. — or — will warn you of any buy-out, legal inquiry, etc. 24 hours in advance) but that might get confusing.

Sorry to make all those points now, but as a European, I won’t be able to be at Mozilla next week. Oh: and be sure those icons make sense in Europe where “Free speech” exclude hate-speech.

@Bertil Hart: Facebook is a high-profile site, but, as you note, their privacy policy has been carefully constructed to hit the right notes. The problem that many users have with Facebook is understanding their complex “privacy settings” system and the shifting lines of what data can be made private on a per-user basis.

The privacy icon system being proposed here is not directly relevant to that problem, because it wouldn’t help much with per-user settings. If you’re interested, please check out the Mozilla Labs Account Manager project (https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager) which is working to improve the transparency of per-user account settings.

If I was going to highlight a recent privacy issue that the Privacy Icon system could help with, it would be the Sentry/FamilySafe debacle. In that case, a content monitoring program, installed by parents to restrict their childrens’ Internet usage, was logging all of the childrens’ chat and IM traffic and selling keyword analysis to advertisers. (Also: there are special US laws regarding the privacy of under-13 children, which complicates any iconography, and I’m sure other countries have similar laws)

(More at http://epic.org/privacy/echometrix/ and by searching on “Sentry FamilySafe privacy”)

When you’re thinking of the target user for this, think of a concerned parent of an 11-year-old kid, trying to make a snap decision about whether to let the kid sign up for HappyFunDragonWorld.com, or whether to install “Super Safe Internet Pro”. They’re going to think about it for about five seconds.

Yes this is a GREAT idea. We have been talking about this idea for many years in the identity community – thing is apparently it will take hundreds of thousands of legal work and a bunch of great design and usability testing. It needs to be done. I co-wrote a paper with Phil Windley & Aldo Castenada in 2006 “Identity Rights Agreements and Provider Reputation. Identity Commons Position Paper.” http://www.w3.org/2005/Security/usability-ws/papers/26-idcommons for a W3C workshop on usable security http://www.w3.org/2005/Security/usability-ws/papers/

http://www.w3.org/2005/Security/usability-ws/papers/
The Data Portability Projects is also working on this idea right now and ways to support sites clearly articulating their data portability policies. http://wiki.dataportability.org/pages/viewpage.action?pageId=4490392

The entire set of compliance icons should be visible. If the site ranks as positive for a particular report page, the icon should be shown at “full strength” in black. If not, the icon will be shown in a disabled state, in grey.

Each icon should be linked to a report page about the publishing site and the specific privacy feature represented by that icon. The report pages could have a top section filled out by the site operator (or perhaps by any user) that lists the evidence that the site complies with the concept indicated by the related icon. This evidence might include an excerpt from the site’s Terms of Use, a screenshot from privacy settings, etc. Beneath this section, the general public could contribute comments about their experience.

The icons and report pages would ideally be hosted by an impartial third party.

With a system like this, site publishers don’t have to decide which icons to include (and which to omit). Site users can understand which privacy features are supported, and get a sense for the full spectrum of features — not just those merchandised by the publisher.

love the idea. Isn’t the FCC responsible for all opt-in opt-out content to begin with? Couldn’t they regulate all national companies by mandating that these companies use the suggested icons to warn consumers? i believe getting the fcc on board is a step in the right direction-

There has been a lot of work done around this idea in the past but in a different form: P3P = Platform for Privacy Preferences

Basically it is a format for declaring the policy of the Web site in a standard format http://www.w3.org/TR/P3P11/ . It doesn’t solve all the issues, and there has been argument in the past that there was misunderstanding between the fact of “having a declared policy on the site” = “I’m protected”. A bit like I put my belt in a car, so I’m protected against car crash.

As many people said, it is very hard to have evil icons, because most bad sites will not put them. On the other side, if you have good icons, you will have people putting them to mislead people.

The other strategy is the browser telling the user, this site has a policy (cf p3p) but which leads also people to make sometimes the shortcut to “I’m safe”.

Trust is a shortcut mechanism for being able to live. We decide to abandon doubts, verifications (aka to have faith and trust) because we need to go faster. I check the baker when she is giving me my change, because 1. the risk is low, 2. I trust the person after repeated actions alike.

It is usually long to build and very quick to destroy.

It is also a mechanism which works with being local and/or having a legal framework to act on it. Local = physical proximity (a friend, a shop owner, etc), I can act now and effectively if something is happening. Legal framework = I have recourse in case of bad things happening.

One of the issues right now is that most of the big sites would have a terrible reputation if people understood what would happen with their data, and this will be very hard to change. A new system will help to protect against bad small sites but not necessary against the big ones.

A possibility maybe could be a kind of local p2p *real* friends mechanism. This has its own issues too. Who is your real friend? How do you game the system? etc.

ps: It seems for example that Mozilla doesn’t have a declared P3P policy. http://www.mozilla.org/P3P/

My take on the issue: How about reserving space in the browser’s chrome for those icons. If a given website supports a privacy feature we fill the icon (like the bookmark star in the location bar) or it could be green for “privacy feature is supported” and red for “not supported” (although that’s a problem for the colorblind). So the icons should always be present and just change appearance based on supported/not supported

How on earth does someone/ abrowser decide if a website actually meet its privacy statement.

If I say “I will not sell you data to third parties” who decides if I do or don’t? A browser will certainly have no idea.

People might maliciously claim that I do when I don’t. Or, I might sell it but noone ever reports it.

Who will act as judge? And that will take money. So then it becomes a case of whoever has deep pockets will buy the icons. then noone can trust if they are genuine.

Sorry chaps cannot see this working at all much as it would be ideal its completely impractical.

I think the Tech Policy Summit is one of the best (new) parts of CES. Glad to hear there was give-and-take in some of the other sessions.The commentary was more about the general approach taken by CES, which, after all, paints us as consumers right in its title.

I’ve always been an advocate for “plain-english” (even slightly entertaining and enlightening) privacy policies and terms of use. A privacy policy that Warren Buffet or Wilford Brimley would write. :-) However, as our company has grown, we frequently run into people who took advantage of this by exploiting every tiny little loophole that we couldn’t fill in with legalese. Sigh.

So we’ve had to make lots of modifications to our privacy policy, pricing policy, refund policy, and terms of use over the years, which turned those pages into Frankenstein looking contracts. Add to that our ever changing features list, which sometimes bring up more privacy issues (not bad issues, just clarity issues), which then require more updates to the privacy policy. Also, we sometimes get new clients who ask us to sign their own data protection and privacy contracts. Mostly from financial institutions, or global organizations that have to adhere to different laws in different countries. We never sign those agreements. But we *do* take their language, and add them to our own agreements. What’s good for the goose is good for the gander. In other words, these privacy policies change. A lot.

So the one thing I’ve resorted to, and have always been really proud of, is that we’ve kept a *changelog* under our privacy policy. Where I can say, “On this date, we changed this section, to clarify blah blah blah.”

Actually, I’m kind of embarrassed to say this, but it looks like our web designers have lost that changelog. Oops. I’ll find that and replace asap!

(Ahem. Let’s just say I didn’t accidentally lose my changelog)

Have you considered this approach? The browser could notify a visitor to a website if something changed in the privacy policy. I would *love* it if my users saw this in their browser, instead of having to email all of them about a tiny change in language. So long as the icon/warning displayed by the browser isn’t too scary, you know.

Çok güzelsin hayatım, ölüyorum sana. pecrankın 6 ya, benim için bi tanesin.

çok güzelsin canım, nasıl oluyorda bu kadar mükemmel siteler yapıyorsunuz anlamıyorum.

weldone guys.

dsadksaşlfdsşfdsf

There are other options as well; like crowdsourcing tentative Privacy Icons for a website whose privacy policy does have icons yet (and deferring to the company’s as soon as they put them up).

admin thanks for it

very useful things

super trick good idea

thanks.Great post.

3 columns, 2 Right sidebars, Orange, Yellow, Pink, Red, Black, White colors

ty good work and site

thaks

thank you mr. admın

website which may mean (but doesn’t have to) that the privacy policy is not good for the user.

I think your point on adding clarity to the goal is important. Content without a clear goal in mind is distracting.

very good..

Askerlik sorgulama e thansk and you.

thnk u for this site

yes good post

thanks admin :)

Very good.. :)