Privacy Policies - A Review

In general, the services I have so far reviewed seem consistent on several points of privacy policy. Firstly, it is a widespread business practice that non-identifying information may be shared without permission. The idea behind this is that it does not actually infringe upon your privacy, as such data is given in large sets and should not reveal anything about any specific person. This is a major way for social networks make money, so it seems understandable.

Secondly, there is a consensus that it is unfeasible to constantly be removing content from caches and backups. This means that your information may linger long after it has been removed. However, this concern is present in any case, as anyone with access to it might conceivably store it for their own use.

Thirdly, as any webserver will log details such as IP address and browser details from users, these services do so as well. Most of the services use these for maintenance/troubleshooting issues, though they are also some of the more relevant information for law enforcement, should they request it from the site. A few of the sites used this for commercial ends, but most did not.

Similarly, you may expect that a website will do anything in its power to try to trace out your exact journey through their service, ostensibly to improve the product.

I would submit that in general a service’s privacy policy makes a very good representation of its activities, mostly because they are obliged to disclose them in some form. For instance, facebook (who, incidentally, had to split its policy across several pages to make it remotely comprehensible) includes in its privacy policy detailed descriptions of how advertisers and partner companies interact with their site. These kinds of details tend to be hidden from the user in normal activity, but play an important role in a user’s assessment of the benefits and risks of using a service.

0 notes

Facebook

[original here. It’s quite a read]

Facebook collects this information from you:

  • details collected at registration: name, birthday, gender, e-mail address
  • everything you post, as well as all groups you join, friends you accept, pages you follow, etc.
  • Information your friends give about you - adding you to a group, tagging you in a photo, etc.
  • What you do on facebook - which profiles you view, what searches you make, what links you click on, what advertisements you click
  • metadata from things you post - e.g. time and date a photo was taken, model of the camera, etc.
  • browser information, IP address, OS, internet history, referrer site, location
  • from advertising companies to better target advertisements to you

What constitutes public information:

  • your name, profile picture, username, user ID, and networks are always treated as public information
  • any post marked as public or whose visibility cannot be change is public
  • anything on a “page” is public

The collected data can be shared:

  • with advertisers, stripped of personally identifying information
  • with everyone (if public). Notably, by default they can access personal information (age range, general location, gender) through facebook’s Graph API. [To disable this, you must disable all platform apps - that is, all apps on facebook]
  • with your permission
  • if they’ve told you about it, including through the privacy policy
  • if stripped of personally identifying data.
  • with applications, subject to your approval
  • with sites using facebook’s “instant personalization” - these sites receive public information as well as your friend list. These sites are obliged to abide by some unspecified privacy agreement with facebook. This can be permanently disabled at the sites themselves (individually) or for all sites through facebook. Once disabled, the site will delete your data and facebook will prevent the site from accessing your data again.
  • for legal or safety reasons

Moreover, unless you opt out, facebook will pair your likes with advertisements to produce a “sponsored story” shown to your friends.

Your account can be deactivated or deleted. If you deactivate your account, the data will still be there, but invisible to users. If you delete your account, it will be invisible but undeleted for a month, and may remain in backups for 90 days.

0 notes

Google

[original here]

Note: this privacy policy applies in general across all of google’s services (e.g. google plus, gmail, etc.), since they’re linked under the google account. A few services (Chrome/Chrome OS, Google Books, and Google Wallet) have their own special policies.

Google collects this information:

  • Anything you explicitly give them - for example, your name when you sign up.
  • Information about devices used to access their site (hardware model, OS, phone number, etc.)
  • information gained from your server requests - IP address, browser information, searches made, time of use, browser language, referrer site, device events (system activity/crashes, hardware settings)
  • cookies
  • location (if using a location-enabled service)

The information may be shared:

  • if you agree - this includes public information. some of google’s services require a google profile that makes information public (specifically your name and photo).
  • with your “domain administrator" - if you got a google account through some group, there is probably a domain administrator (essentially the IT person who handles the details of how your group’s accounts work). If you signed up through google itself, you don’t have one. 
  • with service providers, only for the services provided to google.
  • for legal or safety reasons

Google also provides a number of ways to customize how your information is handled, best accessed through the privacy policy page.

Any information may exist on backups indefinitely.

The policy can be updated at any time, but your rights won’t be restricted further without explicitly agreeing to the new policy. If google deems the change “major”, they’ll try to notify you (including through e-mail).

0 notes

Pinterest

[original here]

Pinterest collects this information:

  • name, gender, profile photo, bio, location, website, e-mail address (provided by you)
  • any information made available by an account linked to your Pinterest account 
  • browser details, OS, IP address, access time/date, pages (that are part of Pinterest) visited and how long you viewed them, the page you were on before accessing Pinterest, and anything else a server might log about page requests. (This data is called “log data”)
  • browser cookies

This information can be shared:

  • with other users: this applies to personal data you choose to contribute: name, photo, bio, location, website, etc.
  • non-identifying data (individually or as a large data set)
  • with organizations that provide a service to Pinterest. These organizations are obliged not to use this information for any purpose other than to support Pinterest
  • with other sites linked to your pinterest account
  • if legal or safety concerns arise
  • if Pinterest sells it

At any time you can unlink your Pinterest account from other accounts. This will prevent further sharing of information, but not erase data already shared.

You can edit your personal data or delete it. If you delete all of it, Pinterest can deactivate your account. Any information deleted might still exist on a back-up. Any content posted on your board might remain indefinitely.

The policy can be changed at any time.

0 notes

Wikimedia

[original here]

This policy encompasses all of the wikimedia projects, the most famous of which is wikipedia.

Wikimedia collects this information:

  • IP address, browser information, OS, etc. This information is retained in logs, but not published (with exceptions, explained below), nor is it used to track “legitimate” users.
  • cookies
  • User-provided content: these are your edits.
The logged data can be released:
  • with permission
  • for legal or safety reasons
  • to investigate complaints of abuse
  • to resolve technical issues with bots
  • if the user persistently vandalizes pages or is otherwise disruptive.

Additionally, if you edit a wikimedia project without an account, your IP address is associated with the edit and will be accessible essentially forever.

Your edits exist on Wikimedia indefinitely, unless Wikimedia is ordered by legal process to delete them. They may be invisible to the general public, but they are still there.

If you associate an e-mail account with your wikimedia account, it will not be revealed to other users. You may remove it at any time.

This privacy policy can be changed at any point.

0 notes

Reddit

[original here]

Reddit collects information:

  • with your knowledge - e.g., when you provide a name, email address, etc. to them
  • from your use of the site - browser information, OS, IP address, referrer page, and other information provided by making server requests
  • from cookies

This information may be shared:

  • with organizations providing a service to Reddit, but only to enable them to perform that service
  • to advertisers, to better target advertisements you see
  • if Reddit sells it

No information is shared on how to delete your account, except that the site administrators may do so at their discretion.

The policy can be updated at any time, you will not necessarily be notified unless you check the privacy policy.

0 notes

Twitter

Information collected:

  • your username, tweets, time of tweets, who you follow, tweets that you retweet or mark as a favorite - all of these are public and may be viewed by anyone or shared in any fashion
  • additionally, your bio, photo, and general location are public if you use those features
  • if tweeting with location is enabled, the exact co-ordinates are stored as well (though not publicly visible)
  •  browser details, IP address, cookies, browsing history, search terms, links clicked, mobile carrier/device/application (if applicable), interactions with Twitter or advertising - this is collectively known as “log data”

The last group (“log data”) will be deleted or stripped of identifying information within 18 months (1.5 years) of collection.

The above information can be shared:

  • if you agree (all public information can be shared under this criterion)
  • with Twitter’s service providers (as much as they need to do their job). However, transferred data is still bound by the privacy policy.
  • if Twitter sells it, goes bankrupt, is bought by some other corporation, etc. The new owner of the information is obliged to abide by the privacy policy.
  • if mandated by law or to protect someone’s safety
  • if stripped of “personally identifying” information (e.g. with IP and e-mail addresses removed)
If you cancel your account, your account will be made invisible for 30 days (ostensibly so you can change your mind) and then Twitter will begin to delete your data. That process can take a week.

This policy can be updated at any time. If they think the change is important, they’ll e-mail you, or send a tweet at you.

0 notes

Tumblr

[Original here]

Individual blogs are not bound by the privacy policy. They may attempt to collect any and all information possible.

Tumblr will store your data for an indefinite amount of time, as back-ups and copies may exist. This includes:

  • The IP address your posts originate from and the associated real-world locations.
  • Information about camera model and settings contained within photos.
  • The topics you search for
  • The help pages you visit
  • Characteristics of your web browser and computer
  • Any content you post, especially anything reblogged
  • Any information shared by a linked account (e.g. gender, age, “friends”)
  • Usage frequency, sites visited, time of access
  • Personal characteristics inferred from any data collected

This information can be shared without your permission if you were informed beforehand (for instance, in the privacy policy) or if it is shared as a part of a collection of data and thus not “personally identifying”.

Conditions for sharing data:

  • all data posted, including descriptions, titles, and information in posts is considered public unless otherwise designated.
  • data may be shared among Tumblr’s properties concerning which services you use and how.
  • data may be transferred to other things that either provide services to or consult for Tumblr
  • This data might be sold. Any purchaser will use it according to the privacy policy.
  • information may be shared if safety, security, legal, or technical issues necessitate it

These terms may be revised at any time without warning.

0 notes