Agreed - in fact, if you already use browser plugins like Netcraft, you're exercising that principle. As you point out, the right technology has to be in place, if a resource like datalossdb is to be converted into a practical risk mitigation tool for the average user (or their app or browser). 
 
The non-technical risk mitigation comes into play too: for instance, if I launch a service based on an app which includes a built-in check against datalossdb, do I perhaps satisfy some regulatory requirement or make my business insurer feel more comfortable...?
 
Yrs.,
Robin
 
On Mon, 17 Jan 2011 12:01 -0800, "Turner, Greg" <GregTurner@SierraSystems.com> wrote:

I quote:

 

- Realistically, a privacy architecture would have to consist, then, of a combination of technical and non-technical measures... In other words, part of your privacy protection will come from factors such as contractual provisions and legal recourse.

 

A non-technical measure could also include a user sourced vendor reputation system.  Could leverage existing orgs, http://datalossdb.org/, into a technical framework.  Analogous to consumer reports for privacy policies.

 

 

Robin Wilton
+44 (0)705 005 2931