Name: Tremplin Numérique
Price range: $$$

People reading paper documents. — Africa Studio / Shutterstock.com

When you sign up for a new digital service, you should always read the privacy policy. However, unless you know what you are looking for, it can be very easy to miss the forest for the trees. After years of spitting on these documents, however, we have become quite good at spotting problems. Here are some things you should be aware of when reading a privacy policy.

In this section:

Collection and sale of shady data

The first things to look for are the simplest: If a privacy policy says that the company shares or sells data to third parties, then you know the data is not safe. It is, of course, quite rare for this to be admitted so boldly, and there are many legitimate reasons for sharing some of your data, like sharing your location with their website host, for example, it is therefore not a miracle solution. Think of it instead of the first rung of a ladder.

The next step is to see what information is being collected. If it's just the simple things like your name and email address, that's usually okay - it's information the service needs to create an account, and there's little or no money in this data. However, as a rule of thumb, the more news sites expect from you - and the more exotic that data is - the greater the chance that it will be sold.

A lot of data doesn't really need to be collected. Your phone number, for example: there really is no reason for anyone to have this outside of professional or government services. Another is the information about your device which can be used to track it. Also known as the device fingerprint, it is only needed for specific software. Another important item is your location, which is needed for map based apps and nothing else. Then there are a host of other examples: most smartphone apps, for example, don't need to access your contact list.

However, the above only matters when companies are honest about what they are doing. If it doesn't, there are other ways you can find out that something fishy is going on.

Typos and delicate language

One of the most telling signs you need to watch out for with a service is if the privacy policy contains misuse of language. This includes spelling and grammatical errors as well as intentionally obtuse wording.

As a semi-legal document, a privacy policy should be clear. If there are a lot of errors, it means that little care was taken in the assembly, and you should be worried. Either the company doesn't care about you or they don't care enough about writing a decent document. Either way, it's possible that you're dealing with a nightgown, and you should opt out.

There are also opposing and ridiculously convoluted privacy policies that are filled to the brim with legal jargon. You see such tactics all the time in rental contracts, employment contracts, and many other everyday legal documents, and they exist only to confuse you. If any software or service you buy tries to overwhelm you with legal jargon, then they're probably trying to get the better of you. Don't let them.

Suspicious corporate structure

Another thing to watch out for is a strange business structure. Although in our time it is normal for companies to own other companies, which in turn own even more companies like some kind of Russian nesting dolls, there are signs that things have taken a turn. really strange.

An example is when one of the companies in these ownership chains is based in a jurisdiction known to be in secrecy. Examples include the Cayman Islands, Seychelles, and Gibraltar. If you need the secret that you are based there so badly, what are you hiding? For example, many VPNs will have their headquarters in such locations in an attempt to avoid warrants for their customer's data, but many companies that don't have the same need for secrecy are also setting up shop there. It should raise your eyebrows when you see exotic places like this in company news.

Other signals arise when data is passed on to other companies under the umbrella. One example is Avast, which sold user data through an affiliate named Jumpshot (it was shut down shortly after the story ended.). While it is legal to transfer data to affiliates, when explicitly mentioned, you may want to do some research on the company in question to make sure none of those affiliates are in the game. selling data.

Confusing security and confidentiality

Another problem we've run into more than once is that some companies will equate privacy and security: When you look at how the company handles your data, they will inundate you with jargon and awesome encryption terms like AES or Blowfish. However, it has nothing to do with privacy.

In short, the difference is that security is how well a business protects your data from outside threats, while privacy is an issue how to a business manages insider threats or the way it handles your data. A service may offer the best and most advanced security, but if they sell your data to marketers, that's always bad news for you.

In short, no matter how much a business talks about the resistance of their infrastructure to simulated attacks or how well their encryption is, you need to focus on how they treat your data internally. It's like a magic trick: always look where the illusionist doesn't want you to look.

What a good privacy policy looks like

However, perhaps the best example would be a privacy policy that we think is good. For this we can think of two likely candidates: First, the privacy policy of the Mullvad VPN service, which reads clearly and has a great breakdown of what it collects and why, while another competitor is TeamGantt, a project management tool that goes a step further. and uses tables to illustrate what is collected and for what purpose.

Ultimately, however, the best tool you have is your common sense: if a site looks like cowboy outfit and it hasn't been recommended to you by someone you trust, don't sign up. . Discretion is the best part of bravery, after all.