At the end of 2010, I saw the “alpha release” of Mozilla’s privacy icons. As explained in that blog post, this was the culmination of efforts undertaken throughout the last year, including a workshop that was attended by some very smart folks.
In advising some students at UC Berkeley’s School of Information on their Masters Final Project, KnowPrivacy, I spent a good bit of time thinking about privacy policies and we even created our own set of “privacy icons” to reflect some of the features of the privacy policies analyzed. (See the KnowPrivacy profile for Google, for an example.) This experience taught us that online privacy is a HARD policy issue. Designing useful, comprehensible privacy icons that might actually get used is just one really hard part of a really hard problem.
I preface my remarks with all that in order to make clear that what follows is not intended as criticism, but feedback, which Mozilla has solicited all along the way.
Which Distinctions Matter?
A difficult problem facing anyone seeking to make privacy icons is that you have to decide which distinctions you are going to illustrate, typically based on what distinctions you think do (or should) matter to the audience for those privacy icons.
I disagree with three choices the Mozilla team made about which distinctions to illustrate with their privacy icons.
- The Mozilla (alpha) privacy icons do not distinguish between the types of data collected.
- This is a mistake because most users don’t care if a site collects data on which web browser they used (and whether the site keeps such information forever) but many users do care if a site collects their credit card number (or health records or …) and intends to retain it.
- The KnowPrivacy researchers found that many sites do not “give” information to anyone, but many popular websites allow third parties to place collection webbugs right there on the site’s home page. Privacy policies exploit this distinction to hide the fact that your information is leaking. While Mozilla’s explanation of this icon group seems to take this into account, there is no reason to expect that most users will understand this.
- The KnowPrivacy researchers also found that most popular sites share with “affiliates”, some share with “contractors”, some share with “advertisers” and some share with third parties generally. The icon group only references “advertisers” and a finer-grained set of distinctions might encourage greater transparency about these different sorts of sharing.
- Users just want to know who has or might get their data and don’t really care what the monetary terms of the deal were when their data was given/sold to another party.
Stylistically, one thing I really like in the alpha release is the length-of-time icons for indicating how long a user’s data is kept. However, the KnowPrivacy researchers found that most popular websites do not disclose the length of retention, and so one can assume that, at present, only the infinite icon would get much use. However, perhaps these retention icons would be a sort of public shaming that might encourage sites to select a data retention time period and to disclose it.
Finally, I don’t mean to suggest that the Mozilla team should have just adopted the KnowPrivacy icons and called it a day. The KnowPrivacy icons were intended for an audience visiting the KnowPrivacy website, i.e., a user that is engaged in comparing and contrasting the policies of the most-visited websites. Mozilla’s use case is different and almost certainly requires a different set of icons to serve their purposes. However, my points above are intended to suggest that even for their purposes, Mozilla should strive to capture a different set of distinctions in the beta release.