Browser add-on verifies that sites actually honor their privacy policies

It gives users a secure signal when a website's code matches its privacy policy.

eclipse_images via Getty Images

Just because a website presents a privacy policy, doesn’t mean its code is actually abiding by that policy. To make the internet a little more secure, researchers from Waterloo University in Ontario created a browser plug-in that verifies whether a website is processing data in a way that’s compliant with its privacy policy.

The software-based system, dubbed Mitigator, gives users a secure signal when they visit a website that’s complying with its own privacy policy. And if a website requires users to enter an email address, but the privacy policy does not mention that requirement, Mitigator will notify its users.

“Users of Mitigator will know whether their data is being properly protected, managed and processed, while the companies will benefit in that their customers are happier and more confident that nothing untoward is being done with their data,” said Ian Goldberg, a Waterloo professor and co-author of a paper on Mitigator.

In the past few years, we’ve seen companies like Apple, Facebook and Google attempt to simplify their privacy policies and make them more user-friendly. That’s at least partly due to Europe’s General Data Protection Regulation (GDPR) privacy laws, which require that companies provide “clear and transparent” notice about how they use data. Still, there’s clearly work to be done in order to improve privacy policies and compliance, and Mitigator might be one way to find violations.