Wikipedia wins, Craigslist loses in Clickwrapped's assessment of who respects your rights online

Filed Under: Facebook, Featured, Google, Privacy, Social networks

Do privacy policies make your eyeballs bleed?

Probably not, because if you're like most of us, you don't actually read them. They're just too long, too onerous and too hard to decipher.

In fact, it would take the average person about 250 hours yearly - that's about 30 full working days - to read the privacy policies of the websites they visit in a year, according to a study [PDF] published by researchers Aleecia M. McDonald and Lorrie Faith Cranor.

That's why Andrew Nicol, a lawyer based in New York City, launched two weeks ago, a site dedicated to unwrapping the tangled spaghetti of privacy policy legalese for 15 of the most popular sites, including Wikipedia, Dropbox, Google, Amazon, Facebook, LinkedIn and Netflix. Here's the summary of results:

Summary of results from Clickwrapped

Clickwrapped uses a scale of 100 points to rate each of the site's privacy policies and practices by evaluating four categories: how the site collects and uses our data, under what circumstances the site discloses our personal data, our rights when the site wants to change its terms or terminate our accounts, and a "miscellaneous" category for sneaky moves.

What's a sneaky move? Clickwrapped gives these examples:

"...did you know that if you wrongly post something in the wrong category on Craigslist, you could owe that company $25? Or that you violate the Facebook terms of service every time you tag a friend in a photo without their prior consent?"

Such non-standard provisions that raise users' concerns prompt Clickwrapped to adjust a site's score.

CraigslistClickwrapped deems Craigslist's terms of use "among the most draconian of those surveyed", and placed it dead last in ranking.

Its summary of the site's policy:

Craigslist’s terms of use are among the most draconian of those surveyed. It is also not afraid to enforce them to try to stamp out spam and to maintain its market position in the face of competition. Although the company earns deserved praise from the EFF for being a “good digital citizen”, it should give some serious thought to making its terms of use more balanced.

On the flip side, Wikipedia/Wikimedia earned Clickwrapped's top rating, thanks to its streamlined user agreements and careful approach to collecting user data:

Wikimedia, the nonprofit that operates Wikipedia and various other collaboratively edited 'wikis', has a single set of user agreements that apply to all of its projects. These agreements are the highest scoring in our survey by some margin. Wikimedia is committed to collecting and retaining the 'least amount of personally identifiable information needed' to operate its projects. This objective has produced a sensible and eminently fair privacy policy that should be a model for any company that is serious about its users' rights.

Even the privacy-respecting Wikimedia has to be handled with caution, of course. As Clickwrapped points out, the site will disclose your personal information under certain circumstances.

WikipediaThat includes when the site's forced to respond to a subpoena, when it investigates abuse, or to "protect the rights, property or safety of the Wikimedia Foundation, its users or the public".

Wikimedia promises to notify a registered user within three business days (if the user has associated an email address with his or her account) of receiving a government request for information about that user. Note that this is the only policy Clickwrapped found that promises to notify a user of a government request within a defined timeframe.

Of course, the big-data guzzlers Facebook and Google are what really tilt people's privacy meters into the red zone.

However, it might come as a surprise that Clickwrapped rated them both quite high.

Google, rated No. 3 - behind Dropbox at No. 2 and Wikimedia at No. 1 - gets a pat on the back for its response to government requests for user data, and for being a bit more friendly than most of its peers around amendment and termination. For example, Google promises to allow users to download their data before shutting down a Google service.

Some nice things Clickwrapped had to say about Google regarding government requests for data:

Google’s record of responding to government data requests … is commendable. The volume is large: in 2011, it received over 12,000 requests for user data from U.S. authorities alone. Google attempts to notify affected users about government data requests—although as the EFF notes, it has not yet made this commitment in a formal policy. It also has a good record of properly considering each claim rather than just handing over everything the government asks for without question. 

Facebook, ranked at No. 4, defies its bad privacy reputation by having a "Statement of Rights and Responsibilities" that's one of the most pro-user agreements in Clickwrapped's survey.

Unlike other social networks, Facebook’s rights to use our content are limited by our privacy settings, Clickwrapped says.

More nice things plus a few caveats about Facebook's policy:

Whereas most websites can terminate your account at any time and for any reason, Facebook can only do so if you violate the "letter or spirit" of the Statement of Rights and Responsibilities. Nevertheless, there is still scope for improvement. Facebook’s privacy practices have been lax in a few important ways. We have concerns about its ability to track your activity on sites other than that use Facebook plugins. And the Statement of Rights and Responsibilities contains some unnecessarily broad provisions.

What a relief, to have such succinct, easy to understand, plain English summaries of the biggest sites' privacy policies.

Road sign, courtesy of ShutterstockClickwrapped drills down into caveats and details about each site and how its rating was determined, making these evaluations definitely worth a read.

Which puts us all right back on the hook when it comes to our responsibility to actually understand what we're signing away.

As Nicol told Time, not understanding just isn't a good enough reason not to read them.

And that's particularly true given how much companies are profiting off our privacy, he said:

A lot of these sites are definitely setting themselves up to make money from big data.

So kudos and thank you to a smart lawyer for deciphering those money-making privacy policies for us.

Gold medal and road sign images, courtesy of Shutterstock

, , , , , , , ,

You might like

6 Responses to Wikipedia wins, Craigslist loses in Clickwrapped's assessment of who respects your rights online

  1. Tom Henderson · 1079 days ago

    Of course, this is what they say, not what they're audited to have done. It defines their stated terms, rather than actual behavior. No one actually monitors this, only reacts when a violation has been found.

  2. Hans Schlotter · 1079 days ago

    I think Lisa's name (Vaas = vase) deserves flowers for presenting us this insight story, writen in such understandable language. But what can consumer/slaves do about it? Imagine you buy a bread, and are being told how to cut it, what to eat it with, how long to keep it, to whom we may present it..........etc. When will IT-products be like bread. If the product is good you pay an honest price, no strings attached.

    • Lisa Vaas · 1078 days ago

      Awww, thanks for the flowers, Hans! I don't think we consumer/slaves can do anything except what we've always been able to do: vote with our feet, which in this case amounts to patronage. Unfortunately, who (of us in the 99%, that is) can avoid, for one example, Craigslist? It's monopolized the classified advertising space, so we have nowhere else to turn. Craigslist has other flaws, as well. One I've come across is that it's easy to victimize somebody by taking out false, malicious ads in their name, listing their phone number (done to a friend of mine). Craiglist doesn't reply to inquiries at all whatsoever, in my experience.

      Still mad about that.

      But anyway, I can't imagine IT products ever being like bread. At least Andrew Nicol, with this Clickwrapped site, is one person who's trying to simplify them to be a bit more transparent, so again I say kudos and thank you to him for the effort.

  3. Anonymous · 1078 days ago

    Why is it a sneaky move "that you violate the Facebook terms of service every time you tag a friend in a photo without their prior consent."

    Isn't that a good thing? It makes it easier for FB to chuck you out if you keep tagging someone and they complain. I don't know if they would but this means they could. Isn't that good not sneaky?

    • Andrew Nicol · 1078 days ago

      The problem is that this gives Facebook a pretext to close someone's account even if they haven't been engaging in the kind of abuse that you describe. If the mischief that Facebook is trying to address is someone repeatedly tagging people even after they've complained, they should draft that concept into their terms instead of relying on an unnecessarily broad provision that everyone breaches all the time.

      -- Andrew Nicol

      • Nihiltres · 1076 days ago

        For that matter, they could just change the tagging system so that users must confirm tags of themselves, and bypass the problem of unsolicited tags entirely. There is absolutely no need even for terms of use prohibiting unsolicited tagging; "code is law".

        The Facebook staff responsible for those terms are either a) stupid/incompetent or b) using those terms as an excuse not to change the system in ways they don't want to change it.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.