How does the PRIVA SCORE work an how is it calculated?
tl;dr: The PRIVA SCORE helps users make informed decisions about the privacy of apps and services. It uses a three-value traffic light system to give green, amber and red ratings. Green apps have a higher level of data protection than amber and red apps, which should be avoided. The calculation of the PRIVA SCORE is transparent and easy to understand.
The PRIVA SCORE is designed to enable "Jane/John Average User" to make an informed decision about which apps and services she should use. The basis for this decision is that she wants to protect her data. She therefore wants to use apps and services that have a higher level of data protection than others.
To make the decision as quickly as possible, the PRIVA SCORE uses a three-level traffic light system , similar to the Nutri-Score in the supermarket. This classifies food into "more healthy" and "less healthy" on a five-point scale.
Green apps and services are therefore recommended in terms of their level of data protection, yellow ones are less recommendable and red ones should be avoided - if the user is concerned about data protection - which he or she should do as a matter of urgency.
For many people, the classification of apps and services into these three colors should already be sufficient as a recommendation. To make the decision as transparent as possible, the simple calculation of the PRIVA SCORE is explained in each case so that the decision can be understood.
Calculation of the PRIVA SCORE: example messenger apps
tl;dr: The PRIVA SCORE is a rating system for apps and services based on data protection guidelines. Various criteria are evaluated, such as end-to-end encryption for messenger services, and these are weighted according to their importance. The overall score then results in a recommendation for the respective app/service. In this example, messengers with a score above 200 are recommended, while those with a score below 100 have serious shortcomings and are not recommended. The PRIVA SCORE enables simple and transparent decision-making.
The basis for calculating the PRIVA SCORE is always a ranking of data protection functions. This ranking makes a statement about the importance of the data protection functions. The ranking is based on how often these functions are mentioned in literature and other sources. Which data protection functions are used to calculate the PRIVA SCORE depends on the respective category of the apps or services examined.
Here in the Messenger example, the data protection function of the server location is part of the ranking. However, if browsers are subjected to the PRIVA SCORE, this function is not on the list. This is because a browser has the task of displaying websites on the Internet. Where these pages are hosted - i.e. where the server on which the web pages "reside" is located - is not relevant in terms of data protection.
A total of 15 sources were used to compile the ranking of data protection functions of messengers. These included articles from specialist magazines such as c’t, publications from the consumer advice center, but also two qualitative interviews with experts from the Chaos Computer Club.
This results in the following ranking:
The calculation method: Messenger example
The Nutri-Score model is calculated by offsetting the good properties of a food (e.g. low fat content) against the bad properties (e.g. high salt content). This procedure is not useful for the PRIVA SCORE. For example, if a messenger lacks the most important function - end-to-end encryption - this is a knock-out criterion. The lack of this function cannot be compensated for by other functions.
A linearly decreasing weighting was therefore applied on the basis of the ranking.
The privacy policies of the messengers were then used to examine whether and to what extent the functions mentioned are available in Discord, Signal, Telegram, Threema and WhatsApp. The implementation of the functions was evaluated in three stages, after which the privacy policies of the messengers were used to examine whether and to what extent the functions mentioned are available in Discord, Signal, Telegram, Threema and WhatsApp. The implementation of the functions was evaluated in three stages.
1 point for a complete absence of a criterion e.g. E2E encryption for Discord;
3 points for partial fulfillment of a criterion e.g. the possibility of anonymous use is not fully ensured with Telegram: It is necessary to provide a phone number for registration, but after that the phone number is no longer visible to other users;
6 points for a completely fulfilled criterion, e.g. with WhatsApp, messages can be deleted in the chat history of the sender and recipient.
For each messenger to be evaluated, this score is multiplied by the weighting of the ranking, resulting in the respective total score.
The calculation method as a term:
The result of the PRIVA SCORE for the Messenger example provides the following findings:
Messengers that offer a particularly high level of data protection and are recommended achieve a score of over 200.
A score between 100 and 200 is achieved by messengers that leave a lot to be desired in terms of data protection for various functions and are therefore not recommended.
Below 100 are messengers that have serious shortcomings. The lack of E2E encryption is a knock-out criterion, which is why it is immediately clear that Discord is definitely not recommended.
The PRIVA SCORE is therefore based on simple, transparent reasoning and calculation. PRIVA SCORE makes it possible to make an informed decision at a glance.