Categories: distractionvisualizeuser-interfaceinformexplain

Privacy Color Coding

Contents

Context

The numerous policies and settings around privacy for each service (or product) used by a user would be quite complex and time consuming if such a user endeavored to investigate them. Policies are written for legal compliance and settings are often configured for best experience rather than privacy. Even in the instances where privacy friendly defaults are used, they may cripple the usability of the system, or otherwise disable desirable features. Some settings can also be difficult to consider due to overly brief and vague descriptions.

Problem

Users do not investigate policies and preferences due to the effort required, and cannot inherently comprehend the consequences of settings otherwise. The poor understanding of these can lead to undesirable disclosures.

Forces and Concerns

  • Users want to be able to quickly investigate how much or little information they can comfortably provide while still enjoying the service
  • Users want to be guided as to what preferences achieve better privacy
  • Controllers want users to configure preferences in ways they actually intend, therefore not processing data without informed consent
  • Controllers also want users to understand the limits of the settings through understanding the policies

Solution

Present the user with standardized color visual cues to help guide them in selecting privacy friendly settings, and in understanding the policies around those settings.

[Implementation]

The results of privacy settings such as visibility are divided into different levels. A distinct color is assigned to each of these levels. Every time the user is performing an action where privacy settings come into play, the color is used as an indication of the privacy settings currently in effect. The choice of colors should take into account prevalent color meanings, like usage of the color red for warning situations. If privacy settings cannot be grouped into distinct levels, a gradient between different colors could also be used.

The same treatment may be applied to policies, or explanations of settings. User rights and affordances may be presented differently from what the controller may do with their data. Aspects which could be perceived to have the greatest impact on privacy should stand out most. Explanations of who has responsibility or accountability, contact details, etc. can also be given a distinct color. Finally purposes and means for processing should be clearly visible.

Consequences

Users receive direct visual cues on the consequences of their privacy settings currently in effect. In order to be more clear about their privacy settings.

The danger of unwanted actions is decreased, as users will [regularly perceive] visual cues. On the other hand a reduction of complex settings to a few colors may lead to an oversimplification which would render the whole pattern useless. Visual cues must be integrated into the [service] design but must still be placed prominently enough to be noticeable. Cultural aspects for the different meanings of colors should be taken into account. The same color may not be recognized as a warning label in different cultures.

Examples

Alice uses a social network and shares personal stories only with her friends while she shares mundane content publicly. Hence she always has to change the privacy settings of her posts in order to adjust the visibility of the posts. One day she forgets to change the setting and does not realize that she actually shared a precarious story with her boss.

[Known Uses]

A color coding similar to traffic lights is implemented in many modern web browsers for HTTPS connections. A green background indicates a valid certificate while a red background and a warning label shows that there are problems when validating a certificate. Facebook Privacy Watcher enhances the Facebook website by color-coding shared content and indicating its visibility. Posts with green background are public, yellow indicates visibility for friends only and red content is only visible to the user. Blue background is used for custom audiences such as groups.

This pattern complements Impactful Information and Feedback, Informed Secure Passwords, Layered Policy Design, Privacy Aware Wording, Privacy-Aware Network Client, Awareness Feed, and Icons for Privacy Policies. It also implicitly complements Trust Evaluation of Services Sides through Awareness Feed.

As a visual cue, this pattern aids in providing Impactful Information and Feedback by augmenting it with quickly interpreted information. These visual cues additionally help towards Informed Secure Passwords, as they may indicate password strength and policy.

Visual cues like this pattern also aid in providing accessible policies, and thus complement Layered Policy Design, Privacy Aware Wording, and Privacy-Aware Network Client.

Like many patterns which inform users, elements of Awareness Feed and its methods for establishing awareness also go well with visual cues like this pattern. It also implicitly aids Trust Evaluation of Services Sides, which provides visual representation to highlight trust levels to the user.

Like this pattern, Icons for Privacy Policies provides its own way to tackle an overlapping and quite similar problem. This features the understanding of the privacy policy in both cases, as well as privacy settings in this pattern. These patterns may work together to integrate a solution illustrating with both color and imagery.

[Sources]

Christoph Boesch, Frank Kargl, Henning Kopp, and Patrick Mosby, “privacypatterns.eu - collecting patterns for better privacy,” 2017. [Online]. Available: https://privacypatterns.eu/. [Accessed: 18-Jul-2017].