Privacy

What is a Privacyscore?

A Privacyscore is a way to assess the privacy risk of using a website.

Privacy risk is the chance that data about you will be used or shared in ways that you wouldn't expect. Privacyscores cover two kinds of data:

  • We estimate privacy risk to personal data (such as your name or email address) based on the published policies of the website.
  • We estimate privacy risk to anonymous data (such as your interests and preferences) based on the privacy qualifications of the other companies who collect this kind of data across websites.

You can see Privacyscores of the sites as you visit by using the Privacyscore add-on for Firefox and Chrome.

Who runs Privacyscore?

Privacyscore is a project of PrivacyChoice, which was founded in 2009 to make privacy easier for websites, apps and their users. Jim Brock and Jason Beatty lead a team of over a dozen developers and analysts located around the world, as well as thousands of web users who contribute their data and their product feedback and suggestions.

Jim has worked in web media and technology since 1994, when he was founding counsel to Yahoo! He has been an early-stage technology investor, startup-founder and also ran one of Yahoo!'s major business divisions. He founded PrivacyChoice in 2009. (See full background.)

Our company contact information is PrivacyChoice LLC, 101 Cooper Street, Santa Cruz CA 95060, telephone 408-641-9290.

How do you compute a Privacyscore?

Click "Learn about Privacyscores" on any report page for summary of how we compute Privacyscores.

A Privacyscore reflects nine factors based on the site's privacy policy and the privacy qualifications of the other companies collecting data there.

Four site-policy factors cover how websites promise to handle your personal data. Five tracking data factors cover the privacy policies and oversight of companies that collect anonymous profile data on the site and elsewhere for things like ad selection. Each tracker contributes to the total score based on the prevalence of that company in the pages sampled for the site that have trackers.

Based on these factors, a Privacyscore of 100 would indicate:

  • The site's policies expressly limit the sharing and use of personally identifiable data in these ways:
    • Personal data (like name, phone number and email address) should not be provided to marketers without permission and should be deleted on request.
    • A user's request to delete personal data should be honored.
    • Notice should be provided in the case of disclosure of personal data pursuant to legal process or government requests, where legally allowed.
    • If service providers have access to personal data, their use of it should be restricted by contract.
  • All trackers seen on the site pledge to respect anonymity, choice and boundaries, and should be subject to industry accountability.
    • Personal data should not be collected or use, or should be separated from behavioral data.
    • Boundaries should be recognized in areas like health conditions and financial data.
    • Choice should provided as to whether data will be collected or applied for the purpose of ad targeting.
    • Accountability should be provided through both regular compliance reviews of internal processes by industry organizations (such as the Network Advertising Initiative) or independent auditors, as well as ongoing external monitoring of practices by industry organizations.

Sometimes I don't see a Privacyscore on an app permission page. Why?

Facebook has thousands of apps, and we're still building out our coverage. We try to score the most popular apps, but you will find apps and sites that we have not scored. If you click on the "ps" when you're on any app or website where we don't have a score, we count your interest in that site, which helps us prioritize. You can help us score more apps by using the add-on and checking the box to transmit tracking events from your browser.

Do you have a glossary of Privacyscore terms?

Privacy Analytics is the measurement, collection, analysis and reporting of internet data for the purposes of understanding and reducing privacy risk.

Personal data is data that can easily identify you, such as your name, email or physical address, phone number or government ID. Some people and organizations also believe personal data also includes any constant identifier that cannot be easily hidden, such as an IP address.

Privacy risk is the chance that user or website data will be used in unexpected ways. Initially, we are measuring privacy risk by examining the stated privacy practices of a site and the companies collecting data there.

Trackers are companies that compile data about individual users across different websites. Most trackers are involved in ad targeting and operations. For our purposes, “trackers” do not include website analytics companies; while they may collect data about individual computers on behalf of different websites, they do not typically compile one user’s activity across different websites into a single profile.

Tracking events are individual instances of data collection by a tracker. Typically, there is one tracking event each time a tracker has access to browser information in a web page. This information usually includes the URL of the page (which provides contextual information), the IP address of the user, the browser being used, and, any unique identifier that the tracker may previously have placed on the machine (such as in a cookie file). It can also include referring URL information, which can contain search terms when the referral is from a search engine.

Why should publishers care about Privacyscores?

For a web site or app publisher, a Privacyscore shows you how your site compares to other sites when it comes to privacy. We call this "privacy analytics," which should be part of every site's privacy framework. Site publishers can subscribe to our privacy analytics services to get deeper scanning of their site, Privacyscore change alerts and more detailed analysis of third-party data collection on their site. Contact us to learn more.

Why would a site or app's Privacyscore change?

Privacyscores reflect the most current data we have in our system about tracking activity on the site, which can change from day to day, particularly for sites that have many trackers on their site. The privacy qualifications of those trackers may change, which can affect the site's overall Privacyscore. Also we may make changes to the operation of our algorithms and the default weights assigned to different factors.

Isn't privacy too subjective for a numerical score?

People have very different expectations when it comes to online privacy, so it's difficult to capture all of those concerns in a single number. But Privacyscore factors include areas that many people find important in privacy policies, particularly typical users who provide personal information to sites they visit and who do not opt-out of or block data collection by ad companies. By weighting these factors, they provide a good rough measure of when a site's privacy practices deserve a closer look.

We also designed Privacyscores to be helpful for web publishers, who need to be concerned with the policies they establish for personal data, and the companies they allow to collect anonymous data on their site. They can use their Privacyscore to see how they measure up to other sites when it comes to privacy.

What's a "tracker"?

"Trackers" are companies that collect data about what users do across websites or apps, usually for the purpose of targeting ads. Trackers can collect data on a website because sites include special software code, called tags, on their site pages. This allows other companies to show advertising on the site's web pages, and to collect data as they do so. By placing a small file on your computer, called a "cookie," trackers can identify the same browser as you go from page to page and site to site, which allows them to infer what you're interested in or what you may be searching for, which they use to select ads that you see. Trackers may include companies who collect tracking data in the course of providing other features, like sharing buttons or using counting, even without showing an advertisement.

Some companies may collect data across different sites but don't connect what you do on one site with what you do on other sites. They may do this to provide a service to the sites, like helping them analyze how people use the site so they can improve it. We don't consider these companies "trackers" for the purpose of Privacyscores.

Why don't you list other companies on webpages, even if they aren't trackers?

We have catalogued these companies and are tracking them in our database. We will be exposing this data in a new release soon. While privacy concerns are greatest with trackers that combine data from across different sites, a complete privacy report should include all companies with access to user data.

What other factors can be added to Privacyscores?

The Privacyscore algorithm will continue to change as we add different factors and approaches to weighting. Here are a few on deck right now:

  • Tracker depth. Tracking companies that have a broader reach across websites are in a position to gather a more extensive user profile. Tracker factors for these companies could be given additional weight in the Privacyscore.
  • Tracker frequency. Some users may associate a greater number of trackers on a site with higher privacy risk, even with all other factors equal. Sites with more trackers would have a lower Privacyscore, regardless of those companies' privacy qualifications.
  • Choice quality. A tracking Privacyscore can reflect the quality of the tracker's choice method. Persistent and verifiable choice methods would be required for full Privacyscore credit. More credit would be given if the tracker confirms that an opt-out terminates data collection (as opposed to use for targeting), or if the the tracker affirms that they honor a Do-Not-Track header.
  • Joining data. Sites that import additional data about users -- such as through social network APIs or email matching -- may increase privacy risk by aggregating data in unexpected ways. A Privacyscore can reflect the site's published promises about handling joined data.

Should I trust companies to comply with their privacy policies?

A Privacyscore reflects the published privacy policies of a website and qualifications of the tracking companies we find there. We cannot directly verify compliance, but Privacyscores can reward submission to oversight, such as through industry associations or independent privacy auditors. Also non-compliance with published policies carries legal and business risk. The Federal Trade Commission and many states have the power to bring actions against companies who do not comply with published privacy policies.

How do you tell which tracking companies collect data on a website?

We continuously scan websites for tracking activity in two ways:

  • Our spiders regularly cycle through popular pages on the websites that we score, seeing which tracking companies serve content on those pages, which allows them to collect user data.
  • Tens of thousands of real users using our browser add-ons have opted-in to send tracking data to our database as they use the web normally. "Learn more.

By analyzing these interactions, we maintain a current map between the websites and the tracking companies, as well as the frequency with which those tracking companies collect data.

When I click on the Privacyscore in my browser, why don't I see the blue summary bubble?

If you are running other add-ons, such as No-Script, this may interfere with the operation of the Privacyscore add-on. Try whitelisting "privacyscore.com" and see if that fixes the problem.

Why do I see trackers listed for a site that doesn't seem to have any ads?

Tracking companies may collect data through a web page, even if they are not actually serving ads on the page. A good example is the technique of "retargeting," which means that a tracking company sets or reads a cookie when you visit a website in order to show you ads after you leave the site. The retargeting company may not show you an ad on the first site, but we will record them as collecting data.

Also widgets that are used for functions like sharing or embedding video may also collect data that is used for cross-site tracking, even though they may or may not serve an ad with the widget.

If you believe you have seen an error in our listing of trackers for any site, please let us know.

What if I don't want any anonymous data collected from across sites?

There are many good browser add-ons that limit tracking, such as TrackerBlock, a sister project from PrivacyChoice, or Ghostery. Internet Explorer 9 has tracking protection built in, which you can enable with a PrivacyChoice Tracking Protection List. If you decide to block tracking, then you can customize your Privacyscore to un-weight the tracking privacy factors.

How can I find out more about this project?

Check out the privacychoice blog for more, Like us on Facebook, or follow @privacychoice on Twitter.