Posts Tagged ‘Online’

Welcome to our guided tour of online privacy policies!

Tuesday, July 21st, 2009

We’ve just published our report, “How to Read a Privacy Policy” on our website.  You may have seen some of the blog posts we wrote summarizing each section, but you can now find all the sections together here.

There are other privacy policy analyses out there: Privacy International’s 2007 report describing privacy practices of major companies in general and Know Privacy, a research project created by students from the UC Berkeley School of Information that compares user expectations with data collection methods today for policymakers and website operators.

But we thought there was room for one more, one that takes the web user on a guided tour of that inscrutable document, the online privacy policy, and explains what issues she should keep in mind.  We walk through the privacy policies of companies like Microsoft, Google, Yahoo, and Amazon, as of June 2009, and explain what they’re promising and what they’re not.

A quick visual of how privacy policies stack up next to each other, literally. See it bigger.

Questions or comments?  Please let us know!

In the mix

Tuesday, June 23rd, 2009

Swedish Court Says IP Numbers Privacy Protected (Slashdot)

Congress Looks Into How Online Companies Track Consumers (Media Decoder Blog NYT)

Verified Identity Pass Shuts Down “Clear” Operations (Slashdot)

Typing in an Email Address, and Giving Up Your Friends’ As Well (NY Times)

Freep this poll!

Thursday, October 9th, 2008

Have you ever been asked to “Freep this poll”?

The word “freep” comes from the “Free Republic,” an online forum for conservatives where its members are regularly informed of online polls and told to go vote en masse.  Although they don’t necessarily admit to “cheating” the polls, they have been accused of clearing cookies or otherwise circumventing the systems set up to prevent one person from voting multiple times.

Conservatives aren’t the only ones “freeping,” though.  The term has migrated across the political spectrum, and readers of decidedly more liberal sites, like DailyKos, are regularly asked to freep a poll.  And right after a presidential debate is prime freeping time for everyone, as nearly every newspaper and cable news channel will set up online polls asking, “Who won?”

I think freeping is great.

Freeping makes obvious how ridiculously inaccurate online polls can be.  Der Spiegel, a German magazine, was shocked when a 2004 online poll asking readers to rate President Bush’s performance in office was rated “excellent” by 59% of its readers–it turned out it had been freeped.  When freeping skews results to the point that no one can believe them, well, that’s a blow for truth, not ideology.

But being an ever-so-optimistic sort of person, I think freeping also shows the potential of online polls, and online measures of public opinion in general, to be more accurate than they are today.  Online polls are popular, despite being obviously inaccurate, because they’re cheap and fun (for those who just can’t get enough of sharing their opinions).  Most of all, at least in theory, they can reach a much larger group of people than professional pollsters.

The problem is that this larger group, even before freepers get involved, is shaped by the website and the audience it tends to draw.  (And of course, the world of people online is already smaller than the world as a whole.)  It wasn’t surprising, nor particularly revealing, that the people who went to the conservative Drudge Report and voted in its poll rating the Palin-Biden VP debate overwhelmingly found that Palin had won.  But if liberal online politicos had freeped the poll, they could have made the poll more representative of our country’s mix of conservatives and liberals.  And vice versa.

My point is that freeping, as creepy as it seems, is one of those strategies that’s open to everyone, left, right, liberal, conservative, polka-dotted or striped.  Some people will always just enjoy freeping for the sake of messing up the system, to enjoy their power to clear cookies and skew polls, though as I stated above, that can easily go so far that no one believes the results.  But if freeping pushes people to participate in polls in forums where they normally wouldn’t be heard, well, that sounds kind of democratic.  Sure, we still have that problem with ensuring one vote per person, but if we thought online polling could have more than entertainment value, maybe we would try harder to come up with better systems.  (I wonder if it would be possible to set up an online poll that actually let you vote as often as you wanted, but indicated you had done so.  Sometimes it’s entertaining to see who cares the most, or maybe more accurately, has the most time on his hands.)  As Mimi stated earlier, choosing to participate in polls, surveys, and studies that shape our world and our lives is increasingly becoming as democratic a duty as voting in the election booth.

How should we define “personal information”?

Thursday, September 4th, 2008

We at CDP recently decided that in keeping with our work on developing new standards for online data collection, we should also create a survey of the privacy policies of the biggest online companies. We want to help users not only understand privacy policies more quickly and easily, but also to help them compare the practices of different companies.

As a result, I’ve been spending a lot of time reading privacy policies.  I knew it wouldn’t be a fun activity, but it’s also been challenging in ways I didn’t quite anticipate.  As I started to sit down and actually compare policies across a set of specific issues, it became quickly obvious that although they use many of the same words—private, personal, anonymous—they aren’t all using the same definitions.

For example, Yahoo defines “personal information” as “information about you that is personally identifiable like your name, address, email address, or phone number, and that is not otherwise publicly available.”  Although it discusses the collection of other information, like log data and IP addresses, it never calls this information “personal.” takes a similar tack, disclosing that it does collect such information, but calling it “anonymous information.”

AOL, in contrast, defines “AOL Network Information” as “personally identifiable information” that includes data like IP addresses, sites visited, and search history.  Of course, AOL can’t pretend that such data is actually “anonymous.”  After all, its proud release of “scrubbed” search query data two years ago was quickly shown to reveal the individual identities of thousands of users.

So what do you think?  When a privacy policy makes promises about your “personal information,” should that include your search query history, your IP address, and your log data?  If not, does that mean these companies are free to do what they will with this data?  Leave it unsecured? Hand it over to marketers, government, anyone?

And what does it mean to us, as a society, that companies are defining these words on their terms?

Get Adobe Flash player