Firefox Designer: New Feature Will Expose Sites With Weak Privacy Policies


Another sign that browser companies are toying with new ideas for beefing up privacy protection: Mozilla has released a set of icons that are intended to communicate to users, in a simple and straightforward way, how their data can be used. And what about the many websites that presumably won’t use them? Well, the Privacy Icons won’t just be pretty pictures-they’ll be machine readable, and anyone using a Firefox browser could see a graphic warning that non-participating sites might be sharing or selling their data.

Mozilla lead designer Aza Raskin announced an “alpha release” of the icons, and has posted the full array of Privacy Icons on his blog, along with some explanation.

By designing a set of simplified icons to help users make decisions about a complicated issue like privacy, Mozilla appears to be taking a page out of the Creative Commons playbook. Creative Commons, which was co-founded by internet copyright guru Lawrence Lessig, is a non-profit group that promotes a set of simplified copyright licenses which allow creators to share their creations in some ways but not in others-that is, to keep “some rights reserved.”

Raskin says the icons are not aimed at replacing a company’s privacy policies-that’s probably impossible, because “there are too many edge-cases and specifics that each company has to put into their privacy policy,” he notes. But Privacy Icons will “bolt on to” existing policies and provide consumers certain guarantees. Firefox has about a quarter of the browser market, well behind Internet Explorer, according to Net Applications.

Of course, the big question about such a move is whether website owners-especially the websites that do engage in practices like sharing data with advertisers, or sell data to aggregators-will use the icons. Raskin recognizes they might not, but says that upcoming editions of Firefox will then display the most permissive icons to users, who will know their data might be used in ways they don’t like. Raskin writes: “[I]f Privacy Icons become widely adopted (and I think Mozilla is in a unique position to help make that happen) then the correlation of good companies using the icons and bad companies not using the icons becomes rather strong. The absence of Privacy Icons becomes a warning flag for when you go to sign up for new service.”

Mozilla releases the icons at a time when the federal government is paying increased attention to the issue of online privacy. Both the Federal Trade Commission and the Commerce Department have made separate proposals about beefing up online privacy enforcement. The FTC’s proposal includes granting internet users a “Do Not Track” option that would need to be implemented in web browsers, which puts browser companies like Mozilla squarely at the center of the online privacy debate.

The five sets of icons break down how a particular website will treat users’ data, by trying to provide clear answers to five not-so-simple questions:

»  Will the site only use your data for its “intended use”? Raskin’s example: “ uses your login information to import your financial data from your banks – with your explicit permission. That’s primary use and shouldn’t be punished.” But a site that has a feature that poses “as a cute questionnaire and then turns around and sells your data. That’s secondary use, is undisclosed, and feels scummy.”

»  Will your data be bartered or sold? In other words, will a shopping website just send your address info to the shipping company? Or will it collect data about your shopping preferences, frugality, and IP address and sell that info to data aggregators or other e-commerce sites?

»  Will the site give your data to advertisers? Sites that share data about their users with advertisers would have to use the more permissive icon.

»  How long with the site retain your data for? Separate icons are available indicating the data retention lasts one month, six months, or 18 months, or indefinitely.

»  Under what conditions will the site give your data to law enforcement? Will the site only hand over data when the government follows the “legally required process,” such as getting a warrant? Or will they hand over data to government representatives in response to a simple phone call or letter?

Comments are closed.