Led by a group at Mozilla, the privacy-centric start-up Disconnect and the designers at Ocupop are trying to establish an iconography for letting users know what’s going on with their data online.

The idea is that instead of letting sites hide behind thousands of words of legalese, why not stamp them with easy-to-understand icons ourselves?

The icon here, for example, signifies that it’s unclear whether or not the company might sell your data to third parties.

But the designers wanted to avoid creating a set of icons that definitively branded sites in one way or the other.

"We didn’t want to have a 'good’ and a 'bad," says Ocupop’s founder, Michael Nieling. "These shouldn’t be a value judgment. They should be, 'Hey, be aware.'"

As sites get even savvier about tracking user data, privacy issues are only getting thornier.

But the people at Disconnect and Ocupop agree on one thing: It won’t get better if people aren’t at least a little more aware about what’s going on.

Co.Design

A System Of Icons For Demystifying Online Privacy

Instead of letting websites hide behind thousands of words of legalese presented in six-point font, why not illustrate their privacy policies with a nice set of icons?

When you install a new piece of software on your computer, you always have to "read" its privacy policy. The Internet doesn’t even require that ceremonial scroll-through. On websites, privacy terms typically get a link at the very bottom of the page in a single-digit font size, and if you looked at a heat map of where users look and click on a given website, I’d imagine that "privacy policy" link is basically the South Pole.

But that’s not just an indication of how lax we’ve become with our data online. It’s proof, too, of how utterly inaccessible privacy policies are to begin with. As Casey Oppenheim of the privacy-centric outfit Disconnect puts it, if you tried to read all the fine print on the sites you visit on a daily basis, "you’d literally spend hundreds of hours a year." But since no one has the time, or the patience, or the law school degree that those policies typically demand, Oppenheim and his colleagues have been working on a different solution. Along with a group from Mozilla and a team of designers at the agency Ocupop, Disconnect is trying to establish an iconography for online privacy, starting with a collection of emblems designed to tell users, at a glance, what sites are really doing with their data.

A GROWING PROBLEM

The issues of privacy and protecting personal data online are huge ones, and they’re not going away anytime soon. In fact, they’re only growing thornier with time. "Privacy changes so fast as technology evolves," Oppenheim says. He cites the proliferation of third-party widgets, like the Facebook "Like" button you see all over the web these days, as one example. Sure, that button’s handy for sharing, but it’s also handy, from Facebook’s perspective, for getting an even clearer picture of how you surf the web.

While it’s clear that these types of things are problematic, it’s hard to pin down precisely what problem it is that needs to be solved. For many, the potentially less-than-savory things companies do with data behind the scenes are just part of the way the Internet works. And for others, ignorance is bliss. But Oppenheim and company believe that people should, at the very least, have some sense of what’s going on. Thus, their current campaign is one centered on increasing the visibility of privacy issues online, and the new icon set, along with an accompanying Firefox plug-in, is the latest weapon in their arsenal.

ESTABLISHING AN ICONOGRAPHY

The nine icons currently in the set represent various levels of compliance on a range of online privacy issues. If a website explicitly states that it won’t sell your data to outside parties, it gets an icon that shows a dollar sign with a green circle around it. If the site’s privacy policy is hazier on the issue of selling data, it gets an icon showing a dollar sign with an orange circle and arrow pointing upward, representing that your data could be on the move. Over the last several weeks, Disconnect has started compiling a database of what sites deserve what icons, and they’ve hacked together a rough Firefox plug-in users can download to show the relevant icons in their address bar as they surf.

But as Michael Nieling, founder of Ocupop, the company that handled the design of the icons, explains, distilling the murky waters of Internet privacy down to a simple set of icons was anything but straightforward. Take one of the central icons of the set, intended to be used for sites that might only collect the data you tell it to expressly, but might also collect other data and use it willy-nilly. "That’s a pretty ridiculously abstract concept," Nieling says. "How do you convey data, intent, all these different things?"

His solution became a sort of template for the rest of the set. It shows an arrow pointing toward a circle, or a bull’s-eye. That’s the intent. But it also shows two arrows shooting off in other directions, representing the fact that, as far as this site is concerned, your data might go astray. Those arrows are all shown in orange, essentially telling users to "proceed with caution." On the other hand, if a website makes it clear that it’s using data only as you’d reasonably expect it to given its service or function, it gets a single green arrow pointing to a green dot.

All the icons take the shape of a document, signifying their relationship to the user’s data in a broader sense. But if the icons were to be useful for users, at a glance, in their browser’s address bar, Ocupop had to make sure the content inside those rectangular container shapes was as bold and concise as possible. "If we succeed, these are going to have to be Favicon size," Nieling says. "These are going to have to resolve at 16 pixels high, potentially. So we have to be as efficient with the space as possible."

Of course, privacy policies don’t always spell out exactly what’s going on, even when they’re being read by someone who can decode all the jargon. So everyone agreed it was best to avoid making icons that branded sites definitively vis-a-vis privacy.

"We didn’t want to have a 'good’ and a 'bad," Nieling explains. "These shouldn’t be a value judgment. They should be, 'Hey, be aware.'"

FIGHTING BACK WITH AWARENESS

Disconnect has plans for a second phase of the project that will urge websites themselves to take a privacy pledge--an agreement to adhere to a certain level of compliance and transparency with regards to data collection and use--for which they would get a special privacy pledge icon to display on their site.

But personal data is big business, and with sites scheming like colonial-era powers about how best to expand and exploit their social graphs, it’s hard to imagine everyone just deciding to play nice for no reason. A true change in how websites use private data will require pressure, and pressure requires awareness. And while Disconnect’s icons will need to be adopted on a far wider scale than a Firefox plug-in can offer to truly start raising that awareness, they’re certainly a start.

"The more in peoples’ field of view these issues are, the more respectful companies have to be," Nieling says. "When your privacy policy gets displayed in a standardized way, all of a sudden you can’t hide behind something that’s three links deep on your website and takes a hundred hours to read."

Check out the icons as they apply to some two hundred sites, and grab the Firefox add-on, on Disconnect’s site.

Add New Comment

4 Comments

  • jacob_Somers

    This is a great idea, and a way to make these user contracts much easier to understand. But I also think these are kind of useless, not the icons, but the contract itself. It's not like you can pick or choose what to adhere to, and if you don't like the user policy, you can just miss out and try your luck finding another app/program/site with a slightly less invasive one. But those are getting rarer and rarer

  • Daniel Karpantschof

    So thrilled this is happening! Been talking about it for years, that we need an iconographic style warnings on data protection in the same style as Creative Commons :D