![]() ![]() For that, we can think of two likely candidates: First off is VPN service Mullvad’s privacy policy, which reads clearly and has a great breakdown of what it collects and why, while another contender is TeamGantt, a project management tool that goes a step further and uses tables to illustrate what is collected and for what purpose.WARNING: Mullvad VPN no longer unblocks US Netflix reliably. However, maybe the best example of all would be a privacy policy that we think is good. It’s like a magic trick: Always look where the illusionist doesn’t want you to look. In short, no matter how much a company talks about how well its infrastructure stands up to simulated attacks or how good its encryption is, you need to focus on how well it treats your data internally. A service can have the best, most state-of-the-art security on offer, but if they’re selling your data to marketers, it’s still bad news for you. In short, the difference is that security is how well a company protects your data from outside threats, while privacy is all about how a company handles inside threats, or how it treats your data. However, this has nothing to do with privacy. Confusing Security and PrivacyĪnother issue that we’ve come across more than once is that some companies will equate privacy and security: When you look up how the company handles your data, they’ll overwhelm you with jargon and impressive encryption terms like AES or Blowfish. While it’s legal to transfer data to subsidiaries, when it’s explicitly mentioned, you might want to do some digging on the company in question to make sure that none of those subsidiaries are in the data-selling game. One example is Avast, which sold user data through a subsidiary named Jumpshot (It was closed soon after the story broke.). Other signals are when data is handed off to other companies under the umbrella. It should raise your eyebrows when you see exotic locales like this in company information. If you need secrecy so much that you’re based there, what are you hiding? For example, many VPNs will headquarter in such locales in a bid to avoid warrants for their customers’ data, but there are plenty of companies that don’t have the same need for secrecy also moving out there. Examples include the Cayman Islands, the Seychelles, and Gibraltar. One example is when one of the companies in these chains of ownership is based in a jurisdiction known for secrecy. Although in this day and age, it’s normal for corporations to own other corporations, which in turn own yet more corporations like some kind of Russian nesting dolls, there are some signs that things have taken a turn for the truly weird. ![]() Suspicious Corporate StructureĪnother thing to look out for is a weird corporate structure. If a piece of software or a service that you’re purchasing is trying to overwhelm you with legalese, then they’re probably trying to get the better of you. ![]() You see tactics like this all the time in rental agreements, employment contracts, and plenty of other day-to-day legal documents, and they exist only to confuse you. There are also opposite, ridiculously convoluted privacy policies that are just filled to the brim with legalese. Either the company does not care about you, or it doesn’t care enough to put a decent document together. In either case, there’s a chance that you might be dealing with a fly-by-night outfit, and you should back out. If there are a lot of errors, that means that little care was used in putting it together, and you should be worried. This includes outright errors in spelling and grammar as well as purposely obtuse phrasing.Īs a semi-legal document, a privacy policy should be clear. One of the most telling signs that you should look out for with a service is if the privacy policy contains poor use of language. However, the above only counts when companies are being honest about what they’re doing. If they’re not, there are a few other ways to figure out that something fishy is going on. Then there’s a host of other examples: Most smartphone apps, for instance, don’t need access to your contacts list. Another big one is your location, which is necessary for map-based apps and nothing else. Also known as device fingerprinting, it’s only necessary for specific software. Another is information about your device that can be used to track it. A lot of data doesn’t really need to be collected. Your phone number, for example: There’s really no reason for anybody to have this besides professional or governmental services.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |