Agreed - in fact, if you already use browser plugins like Netcraft, you're exercising that principle. As you point out, the right technology has to be in place, if a resource like datalossdb is to be converted into a practical risk mitigation tool for the average user (or their app or browser). The non-technical risk mitigation comes into play too: for instance, if I launch a service based on an app which includes a built-in check against datalossdb, do I perhaps satisfy some regulatory requirement or make my business insurer feel more comfortable...? Yrs., Robin On Mon, 17 Jan 2011 12:01 -0800, "Turner, Greg" <GregTurner@SierraSystems.com> wrote: I quote: - Realistically, a privacy architecture would have to consist, then, of a combination of technical and non-technical measures... In other words, part of your privacy protection will come from factors such as contractual provisions and legal recourse. A non-technical measure could also include a user sourced vendor reputation system. Could leverage existing orgs, [1]http://datalossdb.org/, into a technical framework. Analogous to consumer reports for privacy policies. References 1. http://datalossdb.org/ Robin Wilton +44 (0)705 005 2931