I got an email from Twitter yesterday titled ‘Important updates to our Privacy Policy’. My first impulse was to delete the email ‘cuz ain’t nobody got time for that. But then, I decided to actually have a look - the first time in the history of receiving these kinds of mails. This is what I found.


git diff that shit

At the time of posting, both the old version (Effective: September 30, 2016) and the new version (Effective: June 18, 2017) of Twitter’s Privacy Policy are displayed on Twitter’s privacy page. If you want to view them comparatively, you either have to open two windows side-by-side or just scroll up and down repeatedly. Both of these seemed a lot of work, so I decided to git diff that shit.

The Output of git diff-ing Twitter's Privacy Policy

Steps I followed:

  1. Create an empty repo
  2. Copy the old version of the policy in a txt file and commit the changes
  3. Replace the old version with the new one in the txt file and commit the changes
  4. Now you can run git diff HEAD~1..HEAD to see the changes

This looks alright, but it can optimized. I decided to view the changes on my browser but I didn’t know how to output the diff to a file. After a few minutes of googling, I found these 3 StackOverflow answers (one, two & three) that helped me form this command:

git diff HEAD~1..HEAD --color-words --no-prefix -U200|./ansi2html.sh > index.html

How it works:

  1. --color-words option highlights the words that were removed in red, and the words added in green. (I knew about this already)

  2. --no-prefix -U200 option tells git to show the proper context of the changes. U200 means that I want to see upto 200 lines of context on the changes. Since my whole file was less than 200 lines, it just outputted the whole file.

  3. |./ansi2html.sh is just piping the output to the shell script ansi2html that does all the heavy lifting

  4. > index.html means to save the output from the ANSI to HTML Convertor in an HTML file called ‘index’

Pretty simple.

I also decided to add a few styles to make the diff more readable

pre {
	white-space: pre-wrap;
}
body {
	max-width: 800px;
	margin-left: auto;
	margin-right: auto;
	font-size: 16px;
	font-family: Helvetica, sans-serif;
}

The git diff out can be found here


What I learned from reading the privacy policy

Major:

  • Twitter finally gets in the game of tracking its users better. Big Brother’s younger sibling is watching your every move too.
  • Twitter no longer supports the Do Not Track browser option. You have to opt-out of personalization by changing your settings here
  • If you connect your Twitter account with another service, the service can now send Twitter any data that you’ve authorized the other service to use. Previously, the policy just mentioned registration and profile information
  • Periscope broadcasts that you engage with are also considered public information
  • Twitter can spend upto 30 days analyzing the data it receives from third-party websites before aggregating and obfuscating your personal information. The old policy stated a maximum of 10 days.
  • When Twitter shares non-personal information with its partners, the burden lies on the partners to let you know how it is linking that data to your personal identifiable information - such as birthday, name. Basically, they have to ask you for consent - not Twitter. (Haha)

Minor:

  • All mentions of the word ‘commerce’ has been removed. Funny
  • I wonder how changing the word ‘tailor’ to ‘personalize’ helps protect the company (‘We may later personalize content…’)

Was this exercise useful?

Reading the actual diff helped me understand the exact legal speak that Twitter uses. It’s also a nice reminder to not forget how much access social networks have to our data. Even though we can’t see it, they’re sharing that data and earning revenue off of it.

Praise where it’s worth: The email I got did do a good job of explaining the changes that I found on viewing the diff. The relevant article can also be found here. Sending that email a month before the changes took place and a single button to Disable all Personalization is a solid move on Twitter’s part.

P.S. Using git diff took just 5 minutes to set up and it helped me navigate through the changes pretty fast.

I believe there must be a lot of other ways we can improve the readability of Privacy Policies, and make sure that lawyers aren’t the only ones who end up looking at it. Animations of the implications could be a possible (and expensive) way. Showing side-by-side comparison should improve the number of people who end up reading it.


Known Limitations

git diff-ing Privacy Policy Changes can be useful but there are a few caveats:

  • It only works as long as the Privacy Policy isn’t completely re-written
  • It sometimes picks up white-spaces (can be fixed using the option -w)
  • When a whole paragraph is completely re-written, it can be a little hard to read [Any suggestions on how to improve this?]

The Terms of Service and the Privacy Policy are a part of the social contract we have with the website, and if we don’t understand what we’re getting into - we’re surely going to be abused.

Let me know in the comments if you liked this article, and if you know any other ways that makes reading Privacy Policies easier.