Privacy Icons: Alpha Release
Earlier this year, Mozilla convened a privacy workshop that brought together some of the world’s leading thinkers in online privacy. People from the FTC to the EFF were there to answer the question: What attributes of privacy policies and terms of service should people care about? This lead to a proposal presented for the W3C, among other places, which further refined the notion.
We are now ready to propose an alpha version of Privacy Icons that takes into account the feedback and participation we’ve received along the way. We’ve simplified the core set dramatically and tightened up the language. While the icons don’t touch on all topics, we do think they significantly move the discussion on privacy, as well as the general level of literacy about privacy, forward. We do not want to let perfection or devotion to taxonomy get in the way of the good.
Keep in mind that the target adopters of Privacy Icons are 2nd-tier sites—the sites where differentiation based on privacy matters to their users. Think about the large number of sites which vehemently promise to never share your email address when you sign up for their service or mailing list. Those are the kinds of sites, which make up a significant fraction of the web, that would adopt Privacy Icons.
The Icons
References to Data mean data that is either personally identifiable (including name, ip address, or email address) or associated with some personally identifiable aspect of your identity (such as correlated with your ip address name, or email address).
This means that data is only collected and used to carry out the interaction you are engaged in with the website. The website is only using your data in ways that are functionally necessary to carry out the relationship as users intend. This means if you are buying a pair of shoes, your email address is collected to confirm the order, provide updates on shipping status, etc. An intended use of your email address would not include sending you marketing messages from other companies or for other products.
The European Union has spent time codifying and refining the idea of secondary use; the use of data for something other than the purpose for which the collectee believes it was collected. Mint.com uses your login information to import your financial data from your banks — with your explicit permission. That’s primary use and shouldn’t be punished. The RealAge tests poses as a cute questionnaire and then turns around and sells your data. That’s secondary use, is undisclosed, and feels scummy. When you sign up to use a service you should care if your data will only be used for that service. If the service does use your data for secondary use, they should disclose those uses. If they share your data with 3rd parties, then they should disclose that list too.
This means that your data is collected and used in ways that go beyond what is necessary for the interaction. For example, in addition to collecting your address to ship you a pair of shoes you just bought (which is an intended use of your address), the web site might also sell your address to data aggregators who sell it to junk mail companies.
The site that is collecting data about you is not trading or selling it. It will only share your data with other organizations in order to carry out the intended transaction.
This means that a website is collecting data about you and selling or trading it with another organization, government, or person. An example of this is where a shopping website collects data about your shopping preferences, frugality, and ip address and sells that info to data aggregators or to other e-commerce sites directly.
Besides the information exposed via on-page advertisement, the site does not share the data it collects about you with advertisers.
This means that a site either shares the data it has about you with marketing or advertising companies or allows those companies to collect info about you while on its site.
Your data is deleted before 1, 3, 6, or 18 months from the date of transmission have elapsed, respectively. Alternatively the data is never deleted.
This means that when an organization gets a phone call, letter, or other legally insufficient request for your data, they don’t comply because the law requires the government to take additional steps before getting your data. These organizations require the government to comply, at a minimum, with the legal process provided by the law before getting users’ data.
These organizations might provide your data to a government that asks for it without following the legally required process. They might just send a letter or make a phone call to the company to ask for your data.
Bolt On Approach
Privacy policies and Terms of Services are complex documents that encapsulate a lot of situation-specific detail. The Creative Commons approach is to reduce the complexity of sharing to a small number of licenses from which you choose. That simply doesn’t work here: there are too many edge-cases and specifics that each company has to put into their privacy policy. There can be no catch-all boiler-plate.
Here’s the solution: Have Privacy Icons “bolt on to” an existing privacy policy. When you add a Privacy Icon to your privacy policy it says the equivalent of “No matter what the rest of this privacy policy says, the following is true and preempts anything else in this document…”. The Privacy Icon makes an iron-clad guarantee about some portion of how a company treats your data. This method means that without ever having to delve into the details, everyday people can glance at the simple icons atop a privacy to know if and how their data is being used. At the same time, it gives companies the flexibility required to create comprehensive and meaningful policies.
Nobody Will Use the Bad Icons?
Some of the Privacy Icons have potentially poor normative value The question becomes, why would any company display such an icon in their privacy policy? Wouldn’t they instead opt to not use the Privacy Icons at all? This is the largest problem facing the Privacy Icons idea. Aren’t we are creating an incentive system whereby good companies/services will display Privacy Icons and bad companies/services will not?
First, because the target implementers of Privacy Icons are the second-tier sites, a privacy market-place has a chance of growing. Sites already try to differentiate base on privacy concerns, and these icons simply codify what they are already doing. Second, if Privacy Icons become widely adopted (and I think Mozilla is in a unique position to help make that happen) then the correlation of good companies using the icons and bad companies not using the icons becomes rather strong. The absence of Privacy Icons becomes a warning flag for when you go to sign up for new service.
Note that Mozilla has not yet decided to integrate this into product yet.
Asking people to notice the absence of something may be asking the implausible. People don’t generally don’t notice an absence; just a presence. The solution hinges on Privacy Icons being machine readable and Firefox being used by nearly 500 million people world-wide. If Firefox encounters a privacy policy that doesn’t have Privacy Icons, we’ll can automatically display icon with the poorest guarantees during the sign-up phase when Firefox implements identity. This way, companies are incentivized to use Privacy Icons and thereby be bound to protecting your privacy appropriately. There are other options as well; like crowd-sourcing tentative Privacy Icons for a website whose privacy policy does have icons yet (and deferring to the company’s as soon as they put them up).
Get involved
Thoughts, comments, suggestions, and alternate constructive proposals are welcome. This is an alpha proposal for highlighting the parts of a site’s privacy policy you, as a user, should care about. For a more detailed set of thoughts on how these icons can be made enforceable, please read the original blog post. You can also get involved at the Drumbeat Privacy Icons project page.
A huge thanks to Mozilla’s Associate General Counsel, Julie Martin, who wrote the text descriptions for the Privacy Icons.
RT @azaaza Privacy Icons: Alpha Release | Follow @azaaza on Twitter | All blog posts
Asa Dotzler
You’ve got the law enforcement icons twice. the first set are the wrong ones.
Aza Raskin
Fixed it. Thanks Asa :)
comparer forfait
I have also seen prototype. It seems average not bad or nor good. Facebook connect now integrated on almost every website today. Thanks for info
Amr
Love the idea.
few comments:
1. Icons are missing something to distinguish them as “Privacy Icons”. Creative Commons have a wide rectangle that is recognized. These icons are missing something like that. they’re just black circles, I have to look in them to recognize them.
2. What is “Your data”? Is it personal/contact/login data or does it also include activity (wall posts, comments, tweets, page views, etc.).
3. There has to be categories that MUST be declared. If not, some sites might fool users by omitting an icon (showing the “data used for intended use only” but not showing that “data is giving to law enforcement”)
4. Maybe it’s not exactly privacy, but the Gwaker incident revealed that they didn’t encrypt password and they actually stored all those passwords. Maybe these icons could also include something about how my data is secured.
Great effort.
Guy
The ‘data is given to law enforcement’ row is up there twice, btw, with different copy underneath the images.
I like the ‘i’ and how it simultaneously invokes the idea of both a person and information. The ‘i’-in-a-document has pretty much lost all legibility on the icons under 64px, which probably isn’t good.
Ilia
Very interesting ideas. If sites adopt these policy and are actually honest about it then it would be very useful info. The only thing I’m thinking is that some of these icons – law enforcement and duration in particular – might be a bit difficult to recognize when scaled down to 32 or so pixels (which is how they’re likely to be display). But that’s obviously something that can be tweaked later down the road.
Robert Accettura
One concern I see is that nobody would ever implement the negative side (right hand). I can’t imagine a legal dept who would allow that. Even if they would, marketing would be dead against it. Hence at best adoption would be to include a badge or two that a site complies with.
Users then, unless they know there are x possible points to look for wouldn’t know that y isn’t specified.
CreativeCommons doesn’t really have this issue since the nature of the problem they are solving is (shockingly) simpler. Also saying “you can’t use this commercially” isn’t as frowned upon as saying “your data may be bartered or sold”.
IMHO that’s a launch blocker. It needs to be either show all or nothing, include some sort of a rating based on points complied with (though how would you revise in the future?!?) etc. So that it couldn’t be broken up.
Havvy
“This means that when an organization gets a phone call, letter, or other legally insufficient request for your data, they don’t comply because the law requires the government to take additional steps before getting your data.”
legally insufficient request from whom? Anybody, or just governmental organizations?
lmarcetic
Love the idea, don’t like the icons.
The following is my impression:
The red is not red enough (it’s basically brown), and thus ambigous. It seems the icons would be more understandable if they weren’t put in circles (some at least). I’m not sure if my profile is playing ping-pong with the officer or if I’m driving on a highway. I’d suggest loosing the dashed line, and rotating it by 45°, so as to imply something that “doesn’t happen” (pretty universal, while the green color will take care of any associated negative implication). Regarding the data retention: I didn’t get it at first. I believe the time indicator needs to go clockwise, not counter-clockwise. Also, I must point out the inconsistency between the icon sets themselves: The equal sign in selling data vs. arrow for the ADvertizers vs. the officer holding data. Perhaps just make it all arrows? For everything except the data retention set: those would probably be more understandable if perhaps make the data retention set have clock-like look, instead of arrows.
I hope you’ll consider my constructive criticism. I’m willing to draw mockups that use the above art as the base if you want.
Aza
Good feedback lmarcetic! Would love to see your mockups.
lmarcetic
Thank you. For obvious reasons I didn’t start making the icons just yet (merry Christmas btw.), but I will be in a short while. I’ll post back.
lmarcetic
I’ve decided to retain the circular shape of the icons for aesthetic reasons. I hope I didn’t butcher your art much, I had to recreate it as vector graphics.
Here’s what I have so far:
http://arka.foi.hr/~lmarcetic/pic/privacy/
I think the above is enough to get the feel of it. In the process, I found new appreciation for your icons, but I’d still like to think I’ve managed to simplify some, and hopefully remove some ambiguity.
Tell me what you think.
DE
Not quite enough detail.Biggest issue is lack of differentiaiteion between static identity data, and transaction data. They are usually treated differently.
“Primary use / secodary use” is probably too hazy in the mind of the service consumer. And unless you are a software architect, your data IS ALWAYS USED FOR PURPOSES YOU DID NOT INTEND. Indeed, if the company has yet to pin down a business model, how can it be any other way?”
Companies may need to say “some of your data may be used for trend analysis, but it will be anonymised” – how is that expressed?
“Your data is deleted” meaning just transaction data, or both transactiona and identity data? I’m assuming you mean x months from last recorded transaction – or last produced artifact from the last transaction.
How about your account may be terminated if we don’t like what you do? Is that a privacy concern? Oh, yes it is.
LTGW
i think your missing teeth or even a legal basis for inventing privacy icons. Do you have the support of gov agencies or any authorities that you recognize?
njn
Isn’t the 2nd and 3rd pair of icons (“bartered or sold”, “given to advertisers”) subsumed by the 1st pair of icons (“intended use”)? Maybe that’s also true for the last pair (“law enforcement”).
Billy Roh
Just a small note, you’ve spelt “indefinitely” as “indefinetly”.
Aza
Thanks, fixed :)
Benjamin Lupton
Great post, I can definitely see the value.
How come storing data indefinitely is a bad thing – if I register for a site, having them keep my data for as long as I want them to, is a good thing! Imagine Facebook abiding by the 1 month icon in order to get a good privacy rating – everyone will have to recreate their profiles each month!
Perhaps that icon should be changed for “Once you have indicated that you would like your data removed from the system (eg. to delete your account), your data will be deleted in …. months” – which is much more on the ball :)
Great stuff Aza.
- Benjamin
Pete Austin
Where does Google fit in (or Apple)? They seem to be an edge case, because they provide services *and* are advertisers. E.g. can Google claim, “Your Data is Used Only for the Intended Use” or must it say “Your Data May be Used for Purposes You Do Not Intend”?
Also, why the random capitals? They make it more difficult to ask accurate questions about these categories. Please could you just capitalize like English sentences?
Pete Austin
“give to advertisers” and “give to police” should use the same graphical metaphor for “give”.
Please use the standard diagonal-bar (crossing-out) to indicate “not”.
Daniele
Great icons, i think every website should tell in a short and comprehensive way; a icon will be perfect.
But.. as you said, i dont think sites will use the ‘bad icons’: evil people never admit they’re evil ;)
gossi
I’ve observed this process since you first blogged about it and really like this project.
I’d see high potential to simply fake the “good” icons. As example a company doesn’t want to display the bad icons, so they decide to not show them at all. A malicious site may display the green icons – where is the proof?
Think even further. I’d actually really like the machine-readible proof with mozilla identity you describe here. Well if you browse to a malicious site, they use the green icons and firefox would tell me “everything” is fine with that site and the user would ran into a big problem here.
Is there something like an assurer? Like for SSL-Certificates? Well I don’t like this process at all, the companies earn money with a little piece of bits and just their name. Instead I really like the approach CACert is doing here and could think of a smiliar approach for privacy concerns. Even browser could expose this to the user: This privacy policies/icons are assured with x points, the higher the value, the better.
CyberPlayGround
Fantastic! About time this happened. Most people don’t realize how valuable their privacy is and are willing to trade it away for any reason or no reason at all.
I try to explain why we need online privacy protection and that goes for the meatspace as well.
keep going!
Educational CyberPlayGround
Danny Moules
Love the concept and execution. But:
“These organizations require the government to comply, at a minimum, with the legal process provided by the law before getting users’ data.”
What jurisdiction? International law? EU law (if you’re in the EU)… your native federal law? Your native provincial law? The client’s law? What about international disputes? CC neatly handles these kind of issues. These will need to as well.
ujh
+1.
Stéphane Moussie
Just few words to say that the Privacy Icon itself is the same as a pictogram on french TV (downloadable in high resolution here : http://bit.ly/dRLvvu). I don’t know if there are legal issues about that, so I let you know. ;-)
Great idea by the way.
bobt
Who verifies the icons represent reality?
John T. Haller
I think all the icons and categories make sense to me except for the retention section. When you create an account on a free email site… isn’t keeping your account active indefinitely (until you delete it) a good thing? Or when you create an account on a forum or community site? Or on Mozilla Sync? Wouldn’t it be bad if any of those decided to simply delete your account in a few months?
Perhaps it needs to be more specific to anonymous data like IP address, etc. Or searches. Basically, things the user wouldn’t specifically WANT to be maintained and have available for themselves.
John Dowdell
… the elephant in the room, how can you tell that those graphical promises, even if made, will be kept?
Meanwhile, why is asarask.in.woopra-ns.com wanting to set over a dozen cookies when I read your page here? Why is Google notified when I visit? Who is skitch.com, and why should I trust them knowing that I read your webpage? Why should Twitter be alerted when I read you? Why is bit.ly serving scripts to readers of this webpage? (Analyze this page to see its third-party requests.)
Cross-site tracking depends on having third-party web beacons in pages. This accelerated during the “Web 2.0″ campaign. Pages and browsers which disclose which third-party beacons are being set will do more for privacy than occasional icons of dubious promise.
Jay
I am color blind and don’t find the dividing line to be a quick enough indicator. A traditional “No” slash across the icons would be clearer. My wife was who pointed out to me that these are green and red bordered, I would never have noticed otherwise.
Otherwise, great start!
Guy
Interesting concept…
Regarding the icons, I find their black background very aggressive. I wouldn’t make them appear like that on my site.
Moreover, some of them will be unreadable when cropped at a decent size (the “MONTH” label, the paper sheet).
Also, if you want the initiative to be worldwide, just get rid of the “AD” word that will not be understood by everyone (that should be fine for the “$” sign).
andyfitz
Both cosmetically and as a tool for effective visual communication, these icons have a long way to go.
While i’m glad someone is thinking about it, the execution must evolve much more.
Wyn Williams
Although I love the idea in principle (and I would be happy to adopt the icon idea) I see it as very hard to enforce, or to stop websites simply using the “good” set instead of the bad.
Mozilla would have to have a reporting system allowing for people to report sites misusing the icons and be able to feed that back to firefox, deal with complaints from sites that the reports where wrong, deal with lawsuits alleging that Mozilla where costing them business because Firefox displays the lowest standards of Icons just because the Site does not want to adopt Icons.
It would have to be user driven, a little like Verisign for instance in order to be widely adopted as you can not (and should not) impose a standard like this.
Better that FF adds a sign saying this site does not use Icons displaying what it really does with your data, suggest this to them by clicking here etc.
Otherwise a good idea and I will follow this with intrest
Jasper
It’s like you said: if these icons are used on websites by the admins, only ‘friendly’ websites will show them. I think it will take quite a while for the general public to get used to ‘missing’ the icons on websites that don’t want to show the icons because they DO share your information.
Though I think website may want to implement the bad icons sooner if they we’re less negative. Especially the user = $ icon would never be used out of free will.
I feel using red and green is also odd, since it implies the red ones are always bad, which isn’t the case when it’s advertised and people can make an informed choice.
But overal: great initiative!
Tijn
I completely agree with Jasper, the red and green colours imply things they shouldn’t imply. Also, I’d be more likely to put a “bad” icon on my website if it doesn’t have a red border surrounding it which basically indicates that my site is evil, so to speak.
From a users point of view it is understandable to categorize the icons like this, and removing the coloured borders would slightly take away the purpose of the icons, but I still feel that it is a bit too explicit.
The “secondary use” is somewhat confusing to me. “Your data may be used for purposes you do not intend”, “Your data may be bartered or sold” and “Site gives your data to advertisers” all look like they can be used for the same thing. There might be some slight differences between them, but I think it’s too complex for icons that are meant to provide a quick overview.
Still, it’s overall a good idea.
from france
Sorry, but with the last law “Loppsi II” in France, nobody can put the last icon on a french website. Privacy and liberty on the www ? A dream, just a dream. It’s too late.
joey van der bie
I like the idea of making people more aware about what is happening with your data on a site.
But what I don’t see working is this implementation, as pointed out before “bad” guys aren’t going to say they are bad. So maybe we shouldn’t rely on them. I would rather rely on the browser, why not make the browser smarter. As is now with the usage of 3rd party cookies, javascript and secure browsing mode, we could allow more predefined security policies. As secure browsing by default and only allow sites out of security mode which comply to some rules. This allowing could be manual as is with html5 geolocation now. Why not expand that way. I could imaging a dialog window as in Android when installing an app, only also allowing some features of site in stead of all.
the developed icons and way of caregorizing may then still be of value.
2423
I like the idea a lot…
maybe the following suggestion is equivalent to “crowd-sourcing tentative Privacy Icons for a website whose privacy policy does have icons yet (and deferring to the company’s as soon as they put them up).”
But I think the best strategy, would be that machine readable privacy icons going along with a centralized collaborative website for user set icons. This way firefox could upon logging into a Website :
• highlight existing website provided icons when available ;
• check centralized collaborative website and display user provided icons (ideally the website would link icons to the paragraph of the “privacy policies” justifying them – or to articles indicating how they are enforced -);
• finally indicate the absence of privacy icons, whenever the above 2 strategies do not yield any results.
This plugin/functionnality could also ask the user of firefox to provide information for the collaborative database.
How about a privacy icon for the comment zone on your blog ? ;-)
2423
+ a centralized website could allow the browser to diplay when user indicated privacy icons are inconsistent with site provided icons (and if the above suggested links are provided, help the final user to make his/her own opinion about the trustworthiness of the Website).
Steren
I assume websites with “bad” terms in their privacy policy will not display these icons.
Instead of waiting for the websites to adopt these icons, I agree an external library should be used. As you said, a library that translates an given privacy policy of a given website into a set of icons.
I would also add a “general feeling of the privacy policy” (a color, like the Creative Commons licences page color) that should help the user to take his decision.
If I find time, I would love to create a prototype.
Serbian Toshiba blog
Interesting concept… but where is simplicity, ease of use
Jaume
I think a “your data would be erased when you request it” wolud be more used, isn’t it?
Asa Dotzler
John Dowdell said:
“Cross-site tracking depends on having third-party web beacons in pages. This accelerated during the “Web 2.0″ campaign. Pages and browsers which disclose which third-party beacons are being set will do more for privacy than occasional icons of dubious promise.”
You’re focusing on just one category of privacy concern. Sure I care about third party tracking, but I also care about what you, the service I’m directly engaged with, do with my data — how much of it you store, how long you store it, what you use it for, whether it’s personally identifiable and for how long, whether I can delete it, take it out of your system, etc. Those are all just as important to me third party dealings, often times more important.
richard porter
Good idea except that the dotted line suggests a porous boundary. A solid line would be better. The dollar sign is territory dependent so use a bag of money or a representation of coins, otherwise you will need versions with pounds, euros, yen, etc. The same applies to the law enforcement officer, so maybe the scales of justice would be more universally understood. Finally of course the word ‘data’ is plural!
Diarmuid
added to my site!
sometwothings
I love the idea! Most symbols are transporting a clear and intuitive message. Yet I am not that happy with the symbols communicating the duration of time your data is stored:
a) I think there should be an even clearer correlation between the duration and the arrow. The arrow for 1 month should really have one third of the length the arrow for 3 months has.
b) The mathematical sign for infinity works fine for (more or less) tech-savvy people (or at least people with some mathematical education), but everyone else won’t understand it’s meaning. I’m not sure whether the closing circle (which could accentuated even more by really closing it one the upper right side) as a metaphor for infinity suffices to those people.
David Jonas
How come the extension hasn’t been built yet ?
David Jonas
Could we make a privacy icon to address the issue somehow of what happens to private user data when a company is acquired ?
Somehow.
This is a very important issue. As well as it can be very dangerous to users. I think its something that should be addressed immediately.
Chris Gabriel
Why not integrate it as a browser feature or extension instead of looking for only voluntary adoption? Sites could use a tag to tell the browser about their privacy practices. Going further, a wiki-style database of discussion and user reporting could empower the public to influence or override how the site’s privacy practices are seen by others, “reputation style”
John K
I really like this idea, especially because I am currently in the middle of “The Design of Everyday Things”.
It seems that Privacy Icons are like an interface to privacy policies and terms of service. A “Check Engine” light abstracts the behavior of the engine and presents only the most useful information to the user, relieving her of the need to open the hood, check the pistons, etc. In the same way, it seems that Privacy Icons filter and present only the information users really care about, releving their need to to read full policies, parse the technical language of those documents, etc. Both interfaces give an incomplete picture of what’s actually happening, but both provide a good balance between knowledge gained and energy expended.
I don’t know that I’m presenting any new knowledge here, perhaps I’m just thinking out loud. Anyway, this is great work as always. I am excited to see where this will go.
Koos van den Hout
I like the idea of the icons, but in the implementation I would suggest ‘use less black’. About the ‘dealing with law enforcement’ icon: maybe the (2 letter country code) of the jurisdiction would be a nice addition. Laws differ per country and “We only give the authorities what they have a legal right to” is depending on that.
Clerkendweller
Yes jurisdiction is important — and complex too. The domain, the server hosting location as well as the organisation’s legal base all affect the ability for consumers and regulators to take action. See some ideas for a location label at http://www.clerkendweller.com/2010/12/14/Trust-UK
Archimedes
I agree with several other comments on here already, but I’ll add some more thoughts.
Part of the reason privacy policies are as complex as they are today is simply because the situation is so complex.
I’m responsible for a non-profit web site, and we use a variety of third party systems from aggregated traffic tracking (e.g. Google Analytics) to payment processing to content delivery systems. These icons don’t represent the depth that exists in every day web systems.
I simply don’t see a wide-spread adoption of these icons unless there is some more clarity built in. I know I wouldn’t use them, because we’d be displaying several “evil” icons, even though we don’t sell information or use it inappropriately. This is just because the icons aren’t quite concise or specific enough to get the job done.
Drugoy
I’ve read your article and still wondering – do you seriously plan to show bad/good icons just based on the trust to the sites, that they don’t lie to you?
Either I got something wrong and there are technical ways for such checks or I got your idea right and it is just stupid.
If I’d stumble upon such the icons inside of my browser – the first thing I’d do – cut them completely.
Why?
Because I don’t want to receive untrusted information.
And you are copying the bad sites’ behavior by lying to the users. If you can’t give a 100% guarantee to the user that your icon truly represents a site’s privacy state (and you just can’t technically do such a check), then your privacy icons will reflect nothing. And as a user I would like to get rid of such useless icons asap.
The idea is good only for the ideal world, but we are not living in it.
All you can is to carry out some checks like “is there an iframe from 3rd party site on the page I am viewing?” If yes – then display some bad icon.
“Are there any 3rd party scripts on that page?” If yes – display one more “bad” icon.
That’s all you can.
And you can’t get know for how long some site stores some information about you. Cookies’ lifetime represents nothing, since the site can keep information longer than a cookie’s lifetime in their internal database, where the information might get stored on IP basis (for example). And you’ll never know whether this site sells their bases or not to 3rd party companies.
Cédric
Hi,
Nice project. My two cents would be that some of these icons will need to be localized.
NicoM
And what about sites that will display a friendly policy even if the sell data ? How can you make someone honest with self declared things?
Thanks,
Nico.
samuel
nice idea with these icons. would very appreciate the use of these (or similar). all kind of products do have information about origin, health, security issues a.s.o.. it would be quite logical to inform users of a webservice in a similar manner.
Alan Schietzsch
Excellent initiative!
A suggestion:
Make the dividing line SOLID when “data is NEVER shared.” It symbolizes an impermeable wall, nothing can pass.
vs.
Dashed divider: data can pass through if “forced” (by a police request for example).
Alan Schietzsch
Oh, and if the line is angled rather than vertical, it echoes the ubiquitous “NO” graphic (as in “no smoking”) thus reinforcing the message – even stronger.
vfede
Nice idea.
I didn’t read all the comments, but luckily the last one said one thing I would say: I vote for the solid line, and probably the angled line is even better.
Second thought: the very first icon make me think about…an arrow. Its meaning comes clear only after seeing the second icon, that split the arrow. What I want to say is that “by itself” the icon, for me, it’s not making a good job.
my 2 cents :)
vfede
imho probably a kind of shield around the data would represent better the idea of the first icon ;)
Brian Carver
Some feedback on this alpha release:
http://sharealike.org/index.php/2011/02/08/mozillas-alpha-privacy-icons/
شات الجنوب
Why not integrate it as a browser feature or extension instead of looking for only voluntary adoption? Sites could use a tag to tell the browser about their privacy practices. Going further, a wiki-style database of discussion and user reporting could empower the public to influence or override how the site’s privacy practices are seen by others, “reputation style”
PorusMistry
What is the Money Market Investors who seek highly liquid short-term investments turn to the money markets.
The choices available in this market are diverse, but a usual fact of these investments is that they are
tremendously safe and ideal for traditional investors. Typically, great organizations contribute in these
markets to increase money. These instruments propose a sound investment avenue, which investors can buy to
gain many inimitable advantages.
porusmistry
Han Solo
To be honest, these icons look super-bad; both from a conceptual and a graphical point of view. Maybe you’d better had taken an experienced icon designer, even for the alpha version.
The guys who had done these alpha icons seam to never have understood the basic concept of an icon. An icon does not show a whole story but giving a simple and fast memorable metaphor for something. This doesn’t mean that a icon needs to tell the whole story alone.
For example: Why is the this person on a card on every icon when all icons are about personal data? Why not only show a $-sign or a trash bin, when in context with personal data this only can mean that your data will be sold or deleted? Or graphically: In which size do you expect these icons to be used?
So I really recommend to use simple, neutral and bold icons that fit to any web-design even in small sizes. And remember: the user (the few who actually care about their data) needs to recognize the icon on first sight.
On the other hand, I really understand that creating icons for these kind of interactions is really tricky and definitely not a easy task. But it’s possible and, in my opinion, these icons are far away from being alpha release.
Thanks.
wholesale beads
On the other hand, I really understand that creating icons for these kind of interactions is really tricky and definitely not a easy task. But it’s possible and, in my opinion, these icons are far away from being alpha release.
diyason
Men cry in secret behind closed doors, often called “Men do not cry, ” he becoming enlarged.
Ivan de la Jara
but… what happen when data is public? i cannot seel it but if its public they are going to be able to access it otherwise…
BriansDome
This is a perfect solution. Even if the designs can be tweaked the idea is solid. Its like the privacy policy union. If they wont clearly display how your information will be used then users can decide not to give them the traffic (business).
Mike
Way too literal.
ScepticRail
I’ve posted a suggestion on the forums over at DuckDuckGo, which is a privacy-conscious search engine looking to implement new features, suggesting that they use these icons in their search results to indicate how private the site that they are redirecting to is. The link is http://duck.co/topic/privacy-icons, and I asked a few questions in that topic which probably should have been directed to the writer of this webpage, so I’ll reiterate them here:
“I may be misreading/forgetting something, but I don’t see who decides which sites deserves which icon. In any case, I think that a WOT-like use, with the relevant icons displayed next to the search result showing how private it is would be a good feature to implement. Alternatively, a summary with something like “This website has: very good/good/medium/bad/no privacy policy”, with a “Learn more” next to it could also work. However, this would depend on each of the icons having a coefficient which would then be used to calculate the privacy level.”
Thanks!
phil
Are they all available under Creative Commons or other copy right ?
We’d be missing a bigger one to show we keep data for 6 months.
Pascal
Haven’t exactly trawled through the whole list of comments, but I wonder under which license do you publish these great icons? Are they CC? Are there any limitations on their use, like Share-Alike, Non-Derivatives, etc.?
Thanks, keep up your good work
alexandroid
Isn’t this something like what trustE tries to do? See for example http://www.truste.com/labs/privacy-policy/homeleisuredirect-summary.html and then the end site can just put icons with short descriptions on their TOS page. They are not so explicit in classifying each aspect of the term though…
Daniel
This is a great initiative.
It would be great to see it applied to COPPA.. privacy relating to those aged under 13. http://business.ftc.gov/privacy-and-security/children%E2%80%99s-online-privacy
Thad Guidry
I like the idea of Privacy Icons. And even crowd-sourced applied through Firefox for when those 2nd tier sites are not up to speed yet.
What I see as an improvement in visual design of the green icons is a solid bar down the middle… not the current dashed bar that appears to look perhaps like a fence and one even with holes were your data can seep through. A solid bar line or a solid bar strip with a look of 3-4 metal rivet heads evoking “strength, impenetrable, a safe door that is closed” (in a monochrome color icon set the rivet heads can also be represented with slight dotted stipple pattern on lower right rounded edge of a rivet head, instead of gradient color, to give the appearance of a convex rivet head shape, and not just a simple circle)
žogi
Good work with those icons!
Mike Macgirrvin
All is fine except for the data retention icons. What if your service let’s the user decide how long to retain their data – and unconditionally removes old data according to the chosen expiration? We’d have to adopt the “indefinitely” icon as that is the default choice, but that doesn’t adequately describe the retention policy.
nožogojumi
Someone should use these too!
Baseball Hats
we sell hats online
welcome to our websit
精力剤
like crowd-sourcing tentative Privacy Icons for a website whose privacy policy does have icons
Crystal iphone4 cases
Great recap, I can’t even believe you were able to write that.I got so much anxiety just watching that and I thought I was the only one who had unnatural rage/hate for Kelly, glad I’m not the only one, as I was getting concerned. These women show that you can age without maturing.
Susannah
This is all great and inspiring – but for someone who is new to this space I have no idea if I am looking at information from now (Nov 2011) or 2009.
What happened to putting a date on things?
eBook forum
Thank goodness some bloggers can still write. My thanks for this piece.
Ava
You actually know your stuff… Keep up the nice job!
رمزيات بكاء 2013
tnksa
gooooooood
admin