New software targets hard-to-understand privacy policies

The Privacy Icons browser add-on translates websites' privacy policies into nine easy-to-grasp categories

Have you ever tried to read a website's privacy policy only to give up after slogging through paragraphs and paragraphs of dense, lawyerly language? Privacy-focused companies Disconnect and TRUSTe have released a new browser add-on that attempts to translate those policies into easy-to-understand terms.

The companies' Privacy Icons software, released Monday for a pay-what-you-want fee, analyzes websites' privacy policies, breaking them down into nine categories, including location tracking, do-not-track browser request compliance and data retention policies.

The software then displays, as a browser add-on, nine color-coded icons, with green, yellow and red icons signifying the level of concern about the website's privacy policy in each area.

More transparency on privacy policies is needed, said Casey Oppenheim, co-CEO at Disconnect, which also makes software that blocks online tracking requests. The average website privacy policy averages more than 2,400 words, takes 10 minutes to read and is written at a university-student reading level, according to the TRUSTe Privacy Index.

"The end goal is to help individuals regain control of their personal information online," he said. "As a means to that end, we definitely hope that this project will inspire companies to improve their data practices and compete, even more, on the basis of privacy and security."

The software, available now for recent versions of Chrome, Firefox and Opera and with versions for Internet Explorer, Safari, and mobile browsers available soon, attempts to simplify website privacy policies.

"In the case of the Privacy Icons we hope to make data practices more transparent, so that people can make more informed choices when it comes to visiting websites and using services," Oppenheim said. "If a person feels comfortable sharing all their information with a certain site after seeing it has all red icons, that's better than the alternative, which is sharing all their information without any understanding that's happening."

While more transparency may be good news for Web users concerned about privacy, the bad news is that many of the Web's top destinations get some red marks from Privacy Icons., the world's most-visited website, according to Alexa's February rankings, received red marks in the data retention category, for no stated policy on when it deletes user data, and in the precise location category, for tracking users' geolocation.

Facebook, the No. 2 most-visited site, gets red marks for precise location and for expected use, for not disclosing whether data it collects about visitors is used in ways other than that they would reasonably expect., the No. 4 website, gets a red mark for expected use. Twitter, No. 10, gets red marks in expected use and precise location, while, No. 11, gets red marks in four of the nine privacy categories, and grey marks, meaning the information is not available, in four more.

Representatives of those five websites didn't respond to requests for comment on the ratings. Websites that dispute the Privacy Icons ratings can contact Disconnect to explain their concerns.

Privacy Icons evolved from a Mozilla-led working group, in which TRUSTe and Disconnect participated, starting in 2010. Other participants in the Mozilla privacy workshops included the U.S. Federal Trade Commission, the Electronic Frontier Foundation, the Center for Democracy and Technology and the World Wide Web Consortium.

Evan Greer, campaign manager for Fight for the Future, the advocacy group behind the antisurveillance Reset the Net campaign, praised the new software.

"The single most important thing we need right now in the fight to defend our online privacy is simple tools that everyday people can use to protect themselves," Greer said in a statement.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Join the CSO newsletter!

Error: Please check your email address.

Tags amazon.come-commerceFight for the FuturedisconnectinternetprivacymozillaFacebookanalyticsYahooGoogleCasey OppenheimsecurityEvan GreertwitterTrusteadvertisingInternet-based applications and services

More about Amazon.comAmazon Web ServicesElectronic Frontier FoundationFacebookFederal Trade CommissionGoogleIDGMozillaTechnologyTRUSTeWorld Wide Web ConsortiumYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place