A System Of Icons For Demystifying Online Privacy

Instead of letting websites hide behind thousands of words of legalese presented in six-point font, why not illustrate their privacy policies with a nice set of icons?

When you install a new piece of software on your computer, you always have to “read” its privacy policy. The Internet doesn’t even require that ceremonial scroll-through. On websites, privacy terms typically get a link at the very bottom of the page in a single-digit font size, and if you looked at a heat map of where users look and click on a given website, I’d imagine that “privacy policy” link is basically the South Pole.


But that’s not just an indication of how lax we’ve become with our data online. It’s proof, too, of how utterly inaccessible privacy policies are to begin with. As Casey Oppenheim of the privacy-centric outfit Disconnect puts it, if you tried to read all the fine print on the sites you visit on a daily basis, “you’d literally spend hundreds of hours a year.” But since no one has the time, or the patience, or the law school degree that those policies typically demand, Oppenheim and his colleagues have been working on a different solution. Along with a group from Mozilla and a team of designers at the agency Ocupop, Disconnect is trying to establish an iconography for online privacy, starting with a collection of emblems designed to tell users, at a glance, what sites are really doing with their data.


The issues of privacy and protecting personal data online are huge ones, and they’re not going away anytime soon. In fact, they’re only growing thornier with time. “Privacy changes so fast as technology evolves,” Oppenheim says. He cites the proliferation of third-party widgets, like the Facebook “Like” button you see all over the web these days, as one example. Sure, that button’s handy for sharing, but it’s also handy, from Facebook’s perspective, for getting an even clearer picture of how you surf the web.

While it’s clear that these types of things are problematic, it’s hard to pin down precisely what problem it is that needs to be solved. For many, the potentially less-than-savory things companies do with data behind the scenes are just part of the way the Internet works. And for others, ignorance is bliss. But Oppenheim and company believe that people should, at the very least, have some sense of what’s going on. Thus, their current campaign is one centered on increasing the visibility of privacy issues online, and the new icon set, along with an accompanying Firefox plug-in, is the latest weapon in their arsenal.


The nine icons currently in the set represent various levels of compliance on a range of online privacy issues. If a website explicitly states that it won’t sell your data to outside parties, it gets an icon that shows a dollar sign with a green circle around it. If the site’s privacy policy is hazier on the issue of selling data, it gets an icon showing a dollar sign with an orange circle and arrow pointing upward, representing that your data could be on the move. Over the last several weeks, Disconnect has started compiling a database of what sites deserve what icons, and they’ve hacked together a rough Firefox plug-in users can download to show the relevant icons in their address bar as they surf.

But as Michael Nieling, founder of Ocupop, the company that handled the design of the icons, explains, distilling the murky waters of Internet privacy down to a simple set of icons was anything but straightforward. Take one of the central icons of the set, intended to be used for sites that might only collect the data you tell it to expressly, but might also collect other data and use it willy-nilly. “That’s a pretty ridiculously abstract concept,” Nieling says. “How do you convey data, intent, all these different things?”

His solution became a sort of template for the rest of the set. It shows an arrow pointing toward a circle, or a bull’s-eye. That’s the intent. But it also shows two arrows shooting off in other directions, representing the fact that, as far as this site is concerned, your data might go astray. Those arrows are all shown in orange, essentially telling users to “proceed with caution.” On the other hand, if a website makes it clear that it’s using data only as you’d reasonably expect it to given its service or function, it gets a single green arrow pointing to a green dot.


All the icons take the shape of a document, signifying their relationship to the user’s data in a broader sense. But if the icons were to be useful for users, at a glance, in their browser’s address bar, Ocupop had to make sure the content inside those rectangular container shapes was as bold and concise as possible. “If we succeed, these are going to have to be Favicon size,” Nieling says. “These are going to have to resolve at 16 pixels high, potentially. So we have to be as efficient with the space as possible.”

Of course, privacy policies don’t always spell out exactly what’s going on, even when they’re being read by someone who can decode all the jargon. So everyone agreed it was best to avoid making icons that branded sites definitively vis-a-vis privacy.

“We didn’t want to have a ‘good’ and a ‘bad,” Nieling explains. “These shouldn’t be a value judgment. They should be, ‘Hey, be aware.'”


Disconnect has plans for a second phase of the project that will urge websites themselves to take a privacy pledge–an agreement to adhere to a certain level of compliance and transparency with regards to data collection and use–for which they would get a special privacy pledge icon to display on their site.

But personal data is big business, and with sites scheming like colonial-era powers about how best to expand and exploit their social graphs, it’s hard to imagine everyone just deciding to play nice for no reason. A true change in how websites use private data will require pressure, and pressure requires awareness. And while Disconnect’s icons will need to be adopted on a far wider scale than a Firefox plug-in can offer to truly start raising that awareness, they’re certainly a start.

“The more in peoples’ field of view these issues are, the more respectful companies have to be,” Nieling says. “When your privacy policy gets displayed in a standardized way, all of a sudden you can’t hide behind something that’s three links deep on your website and takes a hundred hours to read.”