Building an Iconography for Digital Privacy

Photo
Mozilla's icons tell users whether sites collect user information in non-obvious ways, whether they sell personal data or share it with government officials without court orders and how long they keep it. Credit

Web site privacy policies are usually long, vague and notoriously neglected by most of us. Or as Alex Fowler, chief privacy officer at Mozilla, put it, “We have long upheld that privacy policies suck.”

Now, an experiment is under way to make those privacy policies somewhat more palatable. The idea is to have lawyers and coders muddle through thousands of words of legalese and distill their meaning into a set of graphic icons. In effect, the pros will read those notoriously unreadable policies, so the rest of us don’t have to.

The experiment began last Friday in Mozilla headquarters in San Francisco, under aptly dark clouds overhead. It was fueled by chicken-and-bacon sandwiches supplied by disconnect.me, a start-up that offers Web users tools to control how and with whom their personal data is shared. Friday’s assignment was to vet the policies of 1,000 Web sites.

If a Web site’s privacy policy suggested that it might sell users’ personal information to third parties, the site was assigned an orange circle with a dollar sign in the middle and an orange arrow pointing up, suggesting caution; if it promised not to sell personal information, it got a green circle.

Likewise, if it made personal information available to law enforcement “without proper legal procedure,” it was assigned an orange sheriff’s badge-shaped icon, with an orange arrow pointing up. If it specified how long it retained the data of its users, the number of days was encapsulated in a box; if it did not specify, it was assigned, provocatively, an infinity sign.

Web users can install a browser plug-in, available for now only on the Firefox browser made by Mozilla. Once the plug-in is installed, visited Web sites will be marked with a series of icons summing up their privacy terms.

The experiment is part of a nascent movement by privacy advocates to educate Internet users about the spread of their personal data online and to offer tools that allow them to control who sees what. It’s aimed for now at Web browsing on desktop computers, but not yet on mobile devices, where it is much harder to scroll through privacy policies.

“We are in a model now where no one reads privacy policies,” Mr. Fowler said. “Does icon-ifying them make it of interest to the user? We have a ways to go.”

Not even the pros were able to plod through so much jargon, or agree on exactly what it meant. They finished making icons for just 235 Web sites.