Privacy simplified -

Privacy simplified

A trio of Yale students has developed a free service to help users navigate the ins and outs of privacy agreements


Facebook’s privacy policy is 6,946 words long. Google’s is a comparatively spartan 2,281 words. Read them lately? I didn’t think so.

Website privacy policies, like their terms of use agreements, are onerously long, bafflingly complex legal documents that hundreds of millions of people accept without ever reading. As social media sites accrue more and more of our personal information while always developing new ways to exploit our data, they are increasingly targeted by hackers and law enforcement. In short, those long privacy statements, which we never read and which get longer all the time, matter more and more.

That’s why a trio of Yale students have developed a free service for websites called Privacy Simplified. Answer a few questions about your site and PS will generate a series of icons you can display to clearly explain the most important aspects of your privacy policy. For example, here’s what Facebook’s would look like:

And here’s what it all means:

  • The green exclamation mark means Facebook will let you know when it changes its Privacy Policy. As the New York Times illustrated a couple of years ago, Facebook changes this document frequently, so these notifications may arrive so frequently that you’ll trash them unread, like so many other emails Facebook sends. Still, nice to know.
  • The person icon is you, the user. Green means you have access to your own data. Anything Facebook collects on you, you can see and get a copy of.
  • Not all green is good. The green circle around the paper icon means Facebook is collecting and using more information on you than it requires in order to function. Why? See the next icon.
  • Red around the arrows means that Facebook is promiscuous with your privacy. It’s selling or trading your deets with unknown others. This may be a bit too vague. I know that Facebook is trying to figure out some broad demographic info on me in order to target ads, and I’m okay with being placed in a “Canadian male, 25-38 silo” or whatnot for that purpose. But who else is getting my info, and does it identify me personally? Perhaps this icon is too simplified.
  • The next icon is another bad kind of green: red around the lock would have meant that Facebook encrypts your data to stop hackers or anyone else from getting at it. They don’t.
  • Finally, here’s a pretty serious one: red around the badge means that Facebook doesn’t protect your info from cops or other law enforcement agencies to the fullest extent possible. Any website has to hand over your info to authorities under certain circumstances, warrants being among them. But many websites reserve the right to voluntarily pass on your info to the fuzz if they feel like it. That’s how Facebook rolls.

These icons might need some fine-tuning, but they’re a fantastic starting-point. We desperately need a shorthand for privacy online. The only problem is that there’s no real reason for a website to use this code if it tells users anything negative or troubling about their business. Best to leave those needles in a 5000+ word haystack.

Jesse Brown is the host of’s Search Engine podcast. He is on Twitter @jessebrown


Privacy simplified

  1. I don’t care about Facebook’s privacy policy because I have not joined but I wonder – how can Facebook continually change their privacy statements? Doesn’t a person agree to a certain set of privacy rules when you first create your Facebook page, how can Facebook change the rules after you have agreed to them? I assumed those privacy statements are a form of contract, I surprised they altered so easily.

    • In some instances, they have to make the changes in order to comply with the law. For instance, our own Privacy Commissioner has required them to change and tighten up their privacy policy a number of times.
      I doubt very much that the changes will result in less privacy as they are having a hard enough time keeping up with global legislative requirements.

    • It is a contract, but it is a very one-sided agreement. Its very easy to put in clauses to the effect of, “FB reserves the right to change the terms at any time. FB will notify you of any changes. By logging back into FB after being notified of changes, you agree to the new terms,” or many words that reach the same effect.

      Its easy to write a very one sided contract when you know the party you are contracting with is not reading the contract, and probably wouldn’t understand it if they did.

    • Terms of service and EULAs are very tricky that way. They all say something along the lines of “We’ll change these terms from time to time, and if you continue to use the service/product, then you are agreeing to the changes whether you know about them or not.”
      Only, they write that in legalese.

  2. Still confusing. Red should always be bad, green should always be good. But even that’s not good enough if you’re colour blind. It’s a good start but doesn’t seem like it was thought through fully.

  3. Jesse, you might want to take another look at the definitions for the green paper and padlock symbols, as according to their site ( ) they mean the opposite of what you’ve stated in your post.

  4. Did those people never learn to never ever ever use red and green as only distincion? Come on, that would be the first thing people think about.

    Love the initiative but the way it’s done does not make any sense.