How are the results presented? Our analysis focuses on the following aspects: whether tracking services are used ("NoTrack" category), whether selected attacks are prevented, the quality of encryption during data transmission to the website (EncWeb), and the quality when sending e-mails to an existing e-mail server (EncMail).
What exactly is checked and what do the results mean? We check the internet addresses with several techniques, which we have described in detail in a research paper.
What is the purpose of PrivacyScore? With PrivacyScore we make websites publicly comparable in terms of selected properties. As scientists, we are interested in how users and operators deal with this form of transparency. Among other things, this raises the question of whether website operators have an additional incentive to improve their websites.
What can be concluded from the results, what not?
No statement on necessity. The fact that a web page fails at a specific does not automatically mean that sensitive pieces data are at risk. Some security mechanisms are only necessary to protect against strong attacks (e.g., by governments).
Limited expressiveness. The results cover only security mechanisms that can be observed from outside when visiting the specified internet addresses. It is quite possible that an operator uses additional internal protection mechanisms and therefore has decided to leave out some externally visible mechanisms. Furthermore, it is possible that additional security mechanisms are used on individual pages (e.g., for the transmission of passwords). However, such variations are not taken into account in the analysis. Therefore, one cannot conclude from the failure of individual checks that a provider does not handle personal data with sufficient care. On the other hand, however, it is also possible that a website has serious security holes, although it achieves a good result on this page.