File Under: Identity, Security, UI/UX

Warning: This Site May Be Sharing Your Data

Aza Raskin, head of user experience at Mozilla, is leading a charge to make privacy settings more explicit to users by creating visual cues in the browser. Raskin’s idea uses a set of small icons to denote the limits of a website’s privacy policy.

Raskin likens the idea to how Firefox (and other browsers) currently handle phishing attack warnings, using visual icons and simple language.

For the active social web user, keeping track of which bits of your data are public and which are private on different sites is a chore. Some websites share your photos, status updates, your list of friends, who you’re following and other data on the open web by default. Some share nothing. The rest are somewhere in the middle.

Part of the problem is the privacy policies themselves. They are complex, mind-numbingly long legal documents. We routinely ignore them, breezing past them by clicking “I agree.” Dangerous behavior, indeed.

Raskin and his supporters have borrowed some ideas from the way Creative Commons licensing works, and the way licensing options are denoted on content sites. Originally, the idea was to create a Creative Commons model for privacy policies — that is, a common, readable, reusable set of policies much like the Creative Commons licenses for content — but that plan was abandoned because policies differ too much from site to site. There’s no easy boilerplate for privacy like there is for content publishing.

But the icon concept remains: A website creates a privacy policy and chooses from a limited set of standard icons that reflect the written policy. Is your profile public by default? Your photos, or status messages? Each setting has its own icon, and the group of settings are indicated by a short stack of icons. The icon set is then detected by the browser and displayed to the user. If there are no icons chosen, the browser offers a warning along the lines of its phishing warning, something like: Be careful, this site might be giving away or selling your data.

Raskin is very clear that, so far, this is a work in progress. There are, as of yet, no icons designed, and the details of how they would be implemented remain vague. Nor has Mozilla made any official announcement that it would support such a system.

However, recent events have proven there’s clearly a need for a standardized, front-and-center privacy notification system. In December, Facebook began a shift towards looser default privacy settings that encourage users to share more of their data. Just last week, Facebook CEO Mark Zuckerberg, in an interview with TechCrunch’s Mike Arrington, noted that people’s notions of privacy on the social web evolve often, and that social web sites will have to continually update their own privacy policies to reflect those changes. As a result, Facebook’s new defaults will offer less privacy. Zuckerberg’s words set off a fierce debate on the topic, with Marshall Kirkpatrick of ReadWriteWeb presenting the clearest counterargument that changing social mores should not lead to looser default privacy settings on the social web.

We’ve often said the browser is the most logical place to display identity and privacy information to the user. As people surf from site to site, they should be able to see, at a glance, what level of privacy they’re currently working with. Raskin’s model sounds like a pretty good plan, though implementing it might be a bit more difficult.

One obvious problem: What’s to stop a site from using icons that are totally different than what the written policy actually says? Raskin and crew want the icons to supersede the written policy so, in that scenario, the written policy is trumped by the icons and the user retains their rights. Whether or not an icon can legally trump a written document is something Raskin doesn’t directly address, and, as one commenter points out, the situation gets much more complex when you start considering international legal systems.

If you’ve got ideas or would like to participate in the discussion, head over to Raskin’s blog or sign up for the upcoming privacy workshop hosted at Mozilla on Jan. 27 (see Aza’s post for full details).

See Also: