Users of Web and mobile apps must often decide whether to give the apps access to personal information without knowing what they will do with it. We argue that users could better manage their privacy and privacy standards would rise if the operating system simply revealed to users how their apps spread personal information. However, for this strategy to be effective, the research community must go well beyond today’s low-level monitoring techniques to develop predictive, user-facing descriptions of information exposure that are grounded in measurement and analysis.