Slashdot Mirror
The First Truly Honest Privacy Policy
itwbennett writes "You want to know what really happens to your data? Dan Tynan has penned the first completely honest privacy policy — surprisingly free of legalese. We dare you to use it on your website."
← Back to Stories (view on slashdot.org)
"At COMPANY _______ we value your privacy a great deal. Almost as much as we value the ability to take the data you give us and slice, dice, julienne, mash, puree and serve it to our business partners, which may include third-party advertising networks, data brokers, networks of affiliate sites, parent companies, subsidiaries, and other entities, none of which we’ll bother to list here because they can change from week to week and, besides, we know you’re not really paying attention.
We’ll also share all of this information with the government. We’re just suckers for guys with crew cuts carrying subpoenas.
Remember, when you visit our Web site, our Web site is also visiting you. And we’ve brought a dozen or more friends with us, depending on how many ad networks and third-party data services we use. We’re not going to tell which ones, though you could probably figure this out by carefully watching the different URLs that flash across the bottom of your browser as each page loads or when you mouse over various bits. It’s not like you’ve got better things to do.
Each of these sites may leave behind a little gift known as a cookie -- a text file filled with inscrutable gibberish that allows various computers around the globe to identify you, including your preferences, browser settings, which parts of the site you visited, which ads you clicked on, and whether you actually purchased something.
Those same cookies may let our advertising and data broker partners track you across every other site you visit, then dump all of your information into a huge database attached to a unique ID number, which they may sell ad infinitum without ever notifying you or asking for permission.
Also: We collect your IP address, which might change every time you log on but probably doesn’t. At the very least, your IP address tells us the name of your ISP and the city where you live; with a legal court order, it can also give us your name and billing address (see guys with crew cuts and subpoenas, above).
Besides your IP, we record some specifics about your operating system and browser. Amazingly, this information (known as your user agent string) can be enough to narrow you down to one of a few hundred people on the Webbernets, all by its lonesome. Isn’t technology wonderful?
The data we collect is strictly anonymous, unless you’ve been kind enough to give us your name, email address, or other identifying information. And even if you have been that kind, we promise we won’t sell that information to anyone else, unless of course our impossibly obtuse privacy policy says otherwise and/or we change our minds tomorrow.
We store this information an indefinite amount of time for reasons even we don’t fully understand. And when we do eventually get around to deleting it, you can bet it’s still kicking around on some network backup drives in somebody’s closet. So once we have it, there’s really no getting it back. Hell, we can’t even find our keys half the time -- how do you expect us to keep track of this stuff?
Not to worry, though, because we use the very bestest security measures to protect your data against hackers and identity thieves, though no one has actually ever bothered to verify this. You’ll pretty much just have to take our word for it.
So just to recap: Your information is extremely valuable to us. Our business model would totally collapse without it. No IPO, no stock options; all those 80-hour weeks and bupkis to show for it. So we’ll do our very best to use it in as many potentially profitable ways as we can conjure, over and over, while attempting to convince you there’s nothing to worry about.
(Hey, Did somebody hold a gun to your head and force you to visit this site? No, they did not. Did you run into a pay wall on the home page demanding y
There's a spot in User Info for World of Warcraft account names? Really?
"We exploit any and all data we can get from you while you visit our website. You have no privacy with us. Even things you didn't think we could find out, we can. Thanks for your understanding."
All your data are belong to us!
Just as accurate, easier to understand, and shorter.
Does anyone ever actually read a privacy policy?
It depends. Generally if something has a check box that says "I have agreed to the Terms and Conditions listed here" or "I have read and confirm the privacy policy located here" then I usually go and read them to make sure I know what I'm dealing with. I have actually re-read the Steam User Agreement like 5 times now keeping an eye out for any changes, because while I trust Valve to play nice, I don't want to be one of the naive guys who just assumed the policy stayed the same week after week and ended up agreeing to something I haven't read. I used to read the WoW Updates when I played Wow.
But yeah, for the most part, Privacy Policies for the most part tend to be optional reading material, Terms and Conditions are something else. I only bother reading them if there is some (possibly an illusion) of importance based on it. I don't know if it'll hold up in Court, but when there is a checkbox I can say with full certainty that I actually did read and agree to the Policy before hand. And even if they change it - I can say that unless they prompted me with the changes and another checkbox, I didn't agree to it.
The whole "Using our services shows that you acknowledge our policy" is possibly one of the most underhanded tricks in the books and I think it should be outlawed. No - give me some other way to show that I acknowledged the policy. At least at that point you can blame it on my ignorance of not reading up on stuff or being too impatient or whatever, but there are so many reasons why I may not be up to date on the poicy (not informed of achange, wasn't aware there was one, etc) - that simply using it should not constitute agreeing to it. It's as ridiculous as the EULA after you open the box and not being allowed to return it after its open.
I didn't bother reading the article. I'm simply posting an emotional response based solely on the probably inaccurate summary. I don't really care about privacy policies because I'm use to getting tracked all the time. Security cameras watch me drive to work, my badge records when I enter the door, cameras watch me inside the building, my credit card leaves a trail everywhere I buy something... and I don't really care. So go ahead and track what you want and sell the data to whoever. The hundreds of spam messages I get a day proves that there is no hope of ever retrieving any of my privacy. If you start asking for money to visit this site I'll probably pay for it because I tend to develop habits that make me comfortable. I don't like those habits being interrupted.
I'm now going to hit submit without doing a preview because I could really care less about the quality of this post.
Policies are never legally binding. Only laws are legally binding. Policies are in place so that, in the event of a lawsuit, a company can claim due diligence. So, they protect the company primarily. Some policies may also protect the user as a side effect, but primarily they protect the company.
When our name is on the back of your car, we're behind you all the way!
Well, the proposed privacy policy is funny and gives the author a nice little medium through which to rant, but it doesn't really do anything to increase privacy on the internet does it? This privacy has a snowball's chance in hell of actually being adopted by anyone with a legitimate web-business. It's a great joke, but this is hardly a YRO story. It's pretty idle.
Motorcycles, Robots, Space Gossip and More!
What could be more ignorant? Clearly Zuckerberg and McNealy are both willing to sell out the principles upon which this country was founded, and give a middle finger to all the people who have died and will die to protect our rights, in pursuit of profits. I guess it is no big surprise that Sun tanked with him at the helm. I can only hope that Zuckerberg suffers a similar fate, but alas that seems unlikely, since people actually listen to these power hungry fools and believe they posses some kind of insight and wisdom.
News Flash: I still have privacy and 4th Amendment protections, and while I have lost some of it because it is literally impossible to defend, I plan on using knowledge of technology and the US Constitution to keep as much of it as humanly possible. McNealy and Zuckerberg can go screw themselves, and I really hope some day one of them is stupid enough to say something so stupid in my presence.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Meh checkboxes aren't binding in a lot of places. And are on par with shrink-wrap EULA's, in Canada the privacy act states that anything that's personally identifiable that a company collects, the customer or consumer must be clearly informed, that the company is collecting it and for what purposes. And if their policy is changing, the company must get written permission explicitly stating what they're changing and why.
Even a business relationship with a customer is not enough of a reason to violate a customers right to their privacy. If you want that marketing data, you must get full permission first.
That's pretty much the reason why FB is trying to make nice in Canada. Because the law says: You shall not under any circumstances do anything with personal information, without a clear explanation to the customer, client, or user.
I just skip ELUA's, privacy policies(unless canuck) and their ilk, because I already know they're not binding here. But if I have any legal problems, they're required to come to Canada in order for any disputes, according to the law of my land. Especially if they want to keep doing business here.
Om, nomnomnom...
Here's my privacy policy.
(to save you clicking the link)...
"The Aardvark Privacy Policy
To put it bluntly -- any information you submit through this site
is held in total confidence unless otherwise stated.
Aardvark has built a strong reputation for protecting the information submitted
and collected. I have a total anti-spam, anti UCE policy -- never, never, never
will your email address be made available to any third party without your
expressed permission and never, never, never will I send you unsolicited
email.
That's it ... plain and simple -- Your secrets are safe with me!
What's more -- Aardvark doesn't routinely collect information from its
users. Apart from the Google Ads, this site is a cookie-free zone --
I probably know nothing at all about you anyway!
Here's a whole bunch of stuff about Google's cookie and privacy policy that
You might find interesting and which I'm supposed to include in this
privacy statement as part of my position as an AdSense user
If you've got a problem or a query about this then contact me, you can even do it
anonymously but in that case don't expect a reply (how could I?). "
It's short, to the point and covers all the bases, doesn't it?
What's so hard about coming up with a concise, no-nonsense privacy policy?
I want my information sold, as I get some service from the company selling my data in exchange. I prefer to pay with my information than with my money. I work hard to get my money. I just live by to get the information - it's being created no matter what I do. To get money, I have to do specific things in specific time, sometimes in a specific location, which doesn't have to be my preferred way of spending time. It's way easier to create information than money.
There are other, and much older, honest privacy policies out there.
For instance, here's my privacy policy, which I believe is entirely hones, adopted by several others, and has been on my website for well more than a decade:
http://www.cavebear.com/privacy-policy.html
I feel like this is way outside the realm of what normal privacy concerns for normal users is all about. You can nitpick, but my message is simple, understandable, and exactly what a normal user wants to know. It would be a complete shame to destroy that for the sake of fringe cases and legal caveats, and it puts us right back where we are now: with unreadable monstrosities of text that nobody trusts anyway because we all know they're full of loopholes and lies. I'll take my chances with your examples before I'll put out the crap that normally passes as a privacy policy on most sites.
The Quirkz Handbook of Self-Improvement for People Who Are Already Pretty Okay