I think any "bad" actors will simply display the easier-to-achieve privacy icons and not display poor privacy icons (this is contrary to the authors opinion that bad actors will decide to display none at all). The issue is consumers will start to see "black circle with green ring" and associate it with good privacy, whether or not the site displayed all 5 or only 1 or 2 of them.
To summarize, it is worse for a consumer to be misled about a website's privacy policy than to not display one at all.
A lot of scummy sites use static "secure site" logos which have no backing in order to deceive the user into believing the site has some sort of security in place. These mimic the geotrust and hacker safe logos typically but I've seen all kinds. Bad actors have no problem misleading consumers by duplicating common "indicators" of positive reputation and are already actively doing so. A new set of privacy icons would just as easily and quickly be deployed to deceive consumers further.
I think you're right about the danger of conditioning users to trust a certain symbol. See also: anything with a yellow padlock icon or a brightly coloured shield icon.
> To summarize, it is worse for a consumer to be misled about a website's privacy policy than to not display one at all.
On a related note, the descriptions for the negative icons aren't in the form "can't promise this good thing", they are in the form "does this bad thing". If Mozilla started displaying those negative icons against any site just because the site didn't follow their non-standard privacy policy protocol/mark-up, then that would be not only misleading to users but potentially damaging to sites that really do take privacy seriously and happen to say so in plain $LANGUAGE rather than using Mozilla's pre-defined, machine-readable categories. That also sounds to me like a lawsuit waiting to happen if anyone's traffic stats suggest that they are taking a hit because of Mozilla's misdescription.
I'm wary of this. Are the bad guys really going to be honest about what icons they display? (edit: I realize I'm repeating what's written in the article)
I like the idea behind the icons, however these tend to be judgement calls, or at least prone to being "optimistically" interpreted by interested parties.
I honestly don't see how "length of time data is stored", "whether or not data is sold to third parties", "whether or not data is shared with advertisers", and "whether or not data is shared with law enforcement when not legally required" leaves room for a judgement call.
At least, not one that would stand up in a courtroom.
Well there is a lot of wiggle room in those definitions, for instance
Length of data store: under what circumstances is what data stored, performance data, explict user data, all data, some subset of personal information, access logs, and for how long?
whether or not data is sold to third parties/whether or not data is shared with advertisers: notice the "Besides the information exposed via on-page advertisement" exemption, thats a very broad avenue of information sharing, with things such as Google analytics, which if you used, under this exemption would be perfectly fine to say "you don't share data with 3rd parties". However, via such a service you would be sharing a very large amount of information indeed.
whether or not data is shared with law enforcement when not legally required: Nearly impossible to verify, and even if it was verifiable, very hard to stop, i mean look at the AT&T wiretapping situation for instance.
> Length of data store: under what circumstances is what data stored, performance data, explict user data, all data, some subset of personal information, access logs, and for how long?
Note that everything in the article is about personal information. It's an obvious question to say "Do you store personal information for more than X months?". It's also very straightforward to say that "If you say you delete all personal information after X months, but store some subset of personal information indefinitely, you are lying."
> whether or not data is shared with law enforcement when not legally required: Nearly impossible to verify, and even if it was verifiable, very hard to stop,
So what? It's "very hard to stop" any privacy violation. Google could turn around and sell every single bit of data they've gathered about you, and there is nothing you can do to stop them. The whole point of privacy laws is to provide a deterrent to such activity and to provide recourse for those who have been wronged by it.
Similar to how the law doesn't stop burglary from happening, instead it provides a deterrent to burglary and an avenue of recourse for those who have been burgled.
> It's an obvious question to say "Do you store personal information for more than X months?
still the question is, what exactly qualifies as "personal information", many seemingly irrelevant things can be used to identify you, login ip addresses, session ids, login frequency, Its a term with holes the size of Montana.
> Being "very hard to stop" isn't relevant.
I will concede this point, but uncovering cooperation can be a near impossibility
> still the question is, what exactly qualifies as "personal information", many seemingly irrelevant things can be used to identify you, login ip addresses, session ids, login frequency, Its a term with holes the size of Montana.
"Personally identifiable information" is not some nebulous term that means whatever the writer wants it to mean, it has a pretty strict legal meaning.
"Information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual".
You know how you sometimes run across a set of icons which immediately spark universal recognition? Ones which are visible at any size, that are language and culture independent? For me, these don't come close.
How I'd make things clearer is mostly by eliminating the "person in document" graphic and focusing on the rest. So the "your data is never sold" icon, it's a dollar sign in a circle that has a diagonal slash trough it... like the creative commons non-commercial icon. For "your data may be sold" there is no slash. Similar for law enforcement. The others I don't have a lot of ideas about, but I would think that "AD" (for example) doesn't translate well into other languages. Would Japanese users recognize what that means?
In America law enforcement can get a court to issue a warrant if they can prove just cause. You could refuse to comply with the warrant, but you'd be jailed.
Besides, I want police using the Internet as an investigative medium. I just want them to get a warrant. The real problem we have these days is when companies roll over for the government and give them whatever data they want without just cause.
To summarize, it is worse for a consumer to be misled about a website's privacy policy than to not display one at all.