

Ask HN: How can we make better, more readable privacy policies? - bhseo

I was thinking about privacy policies the other day and today I came upon this post:<p>http://www.azarask.in/blog/post/making-privacy-policies-not-suck/<p>I had the same idea as Aza, a CreativeCommons-like approach to privacy policies. I also put "make an HN thread about privacy policies" on my to-do list, so here we are.<p>How do you think we can improve the current state of privacy policies?<p>(Some brainstorming is also taking place here:
http://aza.etherpad.com/privacy )
======
makecheck
I personally don't believe that privacy policies are useful at all. They are
at best the web equivalent of a verbal agreement.

People need to adopt the security-oriented attitude that says, if you post
anything, anywhere, the entire Internet may very well see it. Period. You
cannot trust every server, protection mechanism and employee in between. (You
wouldn't really know who to sue, anyway.)

If something really "must" be private or controlled, then you don't need a
policy, you need actual control over your data. For example, _don't post the
thing on an Internet-enabled computer in the first place_. Or, strongly
encrypt it, and have absolute trust in the recipients of keys. If you've made
your key recipients sign something legally binding, and retained proof that no
one else could have received keys from you, then at least you'd know who to
sue for violating your trust.

Ideally, the mechanism for transferring the keys doesn't use a network either,
e.g. physically hand something to your intended audience that will let them
decrypt whatever you do send. The data should also have a built-in "time bomb"
that makes it impossible to decrypt anything after some specified period of
time (for peace of mind). Of course, the recipient could do something stupid
like save the decrypted data somewhere, which is why the legal binding to key
recipients is so important.

~~~
pmichaud
This is a pipe dream. I totally get the engineery argument for certainty and
perfection, but this can't work in the real world. It's too inconvenient, and
relies on users being responsible and educated.

~~~
makecheck
Nothing is written in stone. People decades ago weren't locking their doors,
but factors such as urbanization (with higher crime in cities) created a
reality that made people change the way they think. It wouldn't have taken
many friends or neighbors having TVs and cars stolen, to make them change
their minds. So does it really seem that unlikely that people will not learn
from the experiences of being online, and learn the digital equivalent of
locking their doors?

------
catone
Cuil has one of the best privacy policies on the web, at least from a
readability standpoint: <http://www.cuil.com/info/privacy/>

Using plain English (not legalese) and keeping things short and to the point
seems to be an effective way of making privacy policies more user friendly. By
making them so obscured by legal language that they're inaccessible to most
readers, you're just guaranteeing that they won't be read. Which isn't doing
anyone any favors. Keep it short, keep it simple.

Another great privacy policy, is Bill Monk's:
<https://www.billmonk.com/about/privacy>

They use user-friendly plain English, keep things relatively short (though not
quite Cuil-short), and they provide a summary of the key points at the start.
That's all very helpful for users, imho.

Something Awful should get points for their privacy policy, as well:
[http://www.somethingawful.com/d/feature-articles/website-
pri...](http://www.somethingawful.com/d/feature-articles/website-privacy-
policy.php)

It's written just like anything else on their site -- with a liberal dose of
humor. But that's perfect for their core audience and makes it instantly
readable and easy to understand (for the people whom it effects, at least).

------
jbgh2
You might want to check out <http://lexpuli.ca> They are applying open source
ideas to law. The plan is that will create high quality, readable legal
documents (with supporting documentation, FAQs etc.) that people can use for
free. They are looking for suggestions on what to work on and I know they are
interested in Terms of Service and Privacy Policies for websites.

~~~
bhseo
You mean <http://lexpubli.ca/>

------
mishmax
A few years ago, I knew a Microsoft intern who's project was to do exactly
that for all Silverlight-type software that got installed on a user's machine.
He used the P3P standard to automatically present the user with a 'privacy
evaluation' before the user ok'd the installation of the software.

This was part of the Longhorn project, which as we all know got scrapped, to
produce what is now Vista! :-)

------
bhseo
One thing that bugs me in privacy policies is the "we may change this policy
at any time and without warning" clause.

RSS could be one way to make sure users can receive warnings and notification
of changes. However, subscribing to RSS feeds for each site would be too
tedious.

A browser plugin (or rather built-in feature) that popups a warning in an
overlay bar at the top of the window (like the password remember feature in
Firefox), would be better. It could receive data from a centralized service,
privacy policy RSS feeds, or just by screen-scraping the policy at a specified
interval and checking for changes.

------
bhseo
A related link from Aza's post's comments:

<http://www.privacychoice.org/>

Clickable links from my comment:

[http://www.azarask.in/blog/post/making-privacy-policies-
not-...](http://www.azarask.in/blog/post/making-privacy-policies-not-suck/)

<http://aza.etherpad.com/privacy>

Related projects:

<http://www.w3.org/P3P/>

<http://commondataproject.org/>

Privacy policy generators:

<http://www.dmaresponsibility.org/PPG/>

[http://www.oecd.org/document/39/0,2340,en_2649_34255_2886327...](http://www.oecd.org/document/39/0,2340,en_2649_34255_28863271_1_1_1_1,00.html)

<http://wordpress.org/extend/plugins/easy-privacy-policy/>

<http://wordpress.org/extend/plugins/terms-of-use-2/>

<http://www.professionalprivacypolicy.com/> (free trial)

<http://www.freeprivacypolicy.com/privacy-standard.php> (free trial)

