The First Truly Honest Privacy Policy 119
itwbennett writes "You want to know what really happens to your data? Dan Tynan has penned the first completely honest privacy policy — surprisingly free of legalese. We dare you to use it on your website."
From the Article: (Score:4, Informative)
"At COMPANY _______ we value your privacy a great deal. Almost as much as we value the ability to take the data you give us and slice, dice, julienne, mash, puree and serve it to our business partners, which may include third-party advertising networks, data brokers, networks of affiliate sites, parent companies, subsidiaries, and other entities, none of which we’ll bother to list here because they can change from week to week and, besides, we know you’re not really paying attention.
We’ll also share all of this information with the government. We’re just suckers for guys with crew cuts carrying subpoenas.
Remember, when you visit our Web site, our Web site is also visiting you. And we’ve brought a dozen or more friends with us, depending on how many ad networks and third-party data services we use. We’re not going to tell which ones, though you could probably figure this out by carefully watching the different URLs that flash across the bottom of your browser as each page loads or when you mouse over various bits. It’s not like you’ve got better things to do.
Each of these sites may leave behind a little gift known as a cookie -- a text file filled with inscrutable gibberish that allows various computers around the globe to identify you, including your preferences, browser settings, which parts of the site you visited, which ads you clicked on, and whether you actually purchased something.
Those same cookies may let our advertising and data broker partners track you across every other site you visit, then dump all of your information into a huge database attached to a unique ID number, which they may sell ad infinitum without ever notifying you or asking for permission.
Also: We collect your IP address, which might change every time you log on but probably doesn’t. At the very least, your IP address tells us the name of your ISP and the city where you live; with a legal court order, it can also give us your name and billing address (see guys with crew cuts and subpoenas, above).
Besides your IP, we record some specifics about your operating system and browser. Amazingly, this information (known as your user agent string) can be enough to narrow you down to one of a few hundred people on the Webbernets, all by its lonesome. Isn’t technology wonderful?
The data we collect is strictly anonymous, unless you’ve been kind enough to give us your name, email address, or other identifying information. And even if you have been that kind, we promise we won’t sell that information to anyone else, unless of course our impossibly obtuse privacy policy says otherwise and/or we change our minds tomorrow.
We store this information an indefinite amount of time for reasons even we don’t fully understand. And when we do eventually get around to deleting it, you can bet it’s still kicking around on some network backup drives in somebody’s closet. So once we have it, there’s really no getting it back. Hell, we can’t even find our keys half the time -- how do you expect us to keep track of this stuff?
Not to worry, though, because we use the very bestest security measures to protect your data against hackers and identity thieves, though no one has actually ever bothered to verify this. You’ll pretty much just have to take our word for it.
So just to recap: Your information is extremely valuable to us. Our business model would totally collapse without it. No IPO, no stock options; all those 80-hour weeks and bupkis to show for it. So we’ll do our very best to use it in as many potentially profitable ways as we can conjure, over and over, while attempting to convince you there’s nothing to worry about.
(Hey, Did somebody hold a gun to your head and force you to visit this site? No, they did not. Did you run into a pay wall on the home page demanding y
Re:From the Article: (Score:5, Insightful)
I prefer:
Our privacy policy: We sell your data. You get our content for "free." Deal?
Re: (Score:3, Funny)
Works for me. Radio is free. TV is free.
I want my Yahoo, Hulu, and Facebook free too.
Deal.
This post sponsored by:
ADFREE MUSIC:
radiotime.com/station/s_52398/Mix_2_1065.aspx
Re:From the Article: (Score:5, Insightful)
Radio is free. TV is free.
You pay for those with your attention. You pay for internet content with your attention and your identity and a record of your online behavior and the identities of your friends and maybe some information on your hard drive and you give the internet a shot at pwning your computer or taking all the stuff you own in your name.
Radio is free. TV is free. The Internet is savage.
Re: (Score:1)
While I ripped blair one in another post, I gotta agree here.
Advertising viewership is one thing.
Collecting, organizing, cataloguing, storing and disseminating every scrap of personal information possible on your habits, schedule and just about anything else, is entirely something else.
People accept it because it is invisible and they are too complacent to disagree.
However, the government has become nearly as insidious, with mass domestic wiretapping and security schemes that do little to add to the overall
Re: (Score:3)
I prefer:
Our privacy policy: We sell your data. You get our content for "free." Deal?
But WHAT data? You can't possibly identify me on the internet. It's anonymous! I can give your partner my email address, but that doesn't mean they can charge my credit card unless I give it to them. Wait, they're charging my CC!!! I didn't say you could give THAT to them!!!
Re:From the Article: (Score:4, Insightful)
I prefer:
Our privacy policy: We sell your data. You get our content for "free." Deal?
Correction: You get access to our content for "free". We will sue you, your family, and all your friends and neighbors to the 9th level of Hell should you choose to infringe on our intellectual property.
Re:From the Article: (Score:5, Insightful)
I prefer:
Our privacy policy: We sell your data. You get our content for "free." Deal?
Correction: You get access to our content for "free". We will sue you, your family, and all your friends and neighbors to the 9th level of Hell should you choose to infringe on our intellectual property.
...which now includes your data.
Re: (Score:2)
Re:From the Article: (Score:4, Insightful)
Re: (Score:2)
Bingo.
See Google.
(For the record, I don't think it's a bad thing, just something people need to understand.)
Re: (Score:2)
Re:From the Article: (Score:5, Interesting)
Our privacy policy:
You have no expectation of privacy. We will collect any and all information you or your computer is willing to give us and do whatever we want with that information. Use of this site is entirely optional. Use at your own risk.
Re: (Score:2)
Our privacy policy:
Is that for real? As a technologically educated user of the internet, I think I would certainly appreciate a privacy policy worded exactly like that.
I might not agree with the policy, but it offers no ambiguity about the level of privacy protection your website offers.
Re: (Score:1)
Now, how the data is abused. (Score:2)
Re: (Score:2)
I would say this instead, which is probably closer to the truth: "We store this information an indefinite amount of time because, well, disk space is cheap."
Re: (Score:3)
Awww, someone's been watching Mad Men.
Re: (Score:1)
It's brilliant. My only complaint is the cringe-inducing comment in TFA where he says that he's "open sourcing" this privacy policy. Really? So, where do I download the source code?
Re: (Score:2, Funny)
It's brilliant. My only complaint is the cringe-inducing comment in TFA where he says that he's "open sourcing" this privacy policy. Really? So, where do I download the source code?
Right Click -> View Source
Re: (Score:1)
"At COMPANY _______ we value your privacy a great deal." and we are happy to have you trade it to us for free services
That's why we are taking it from you. By visiting our website, you agree to share complete accurate information on all signup, profile, comments, and other forms on our web site. And you agree we can store all data collected forever, and share, license, or sell it to anyone we want.
Legally Binding? (Score:2)
Re: (Score:3)
Does anyone ever actually read a privacy policy?
It depends. Generally if something has a check box that says "I have agreed to the Terms and Conditions listed here" or "I have read and confirm the privacy policy located here" then I usually go and read them to make sure I know what I'm dealing with. I have actually re-read the Steam User Agreement like 5 times now keeping an eye out for any changes, because while I trust Valve to play nice, I don't want to be one of the naive guys who just assumed the policy stayed the same week after week and ended up a
Re: (Score:3)
Meh checkboxes aren't binding in a lot of places. And are on par with shrink-wrap EULA's, in Canada the privacy act states that anything that's personally identifiable that a company collects, the customer or consumer must be clearly informed, that the company is collecting it and for what purposes. And if their policy is changing, the company must get written permission explicitly stating what they're changing and why.
Even a business relationship with a customer is not enough of a reason to violate a cust
Re: (Score:1)
Some sites do things like put terms and conditions or privacy policies in a frame, so it is easy to block the content. Then when the site says do you agree to this empty space you can honestly say "yes", rather than "I'm no lawyer, there's no way I can grasp that shit. I just want to use this site, so I'll say yes when I know I mean no".
I actually had a conversation with a contract law barrister about the kind of BS sites pull when it comes to making sure they win every time. When I said that there is basic
Re: (Score:2)
They are legally binding so long as what is being promised is legally enforceable. One clause being unenforceable does not negate the whole agreement.
Think of it as a verbal contract with proof.
Verbal contracts are legally binding, but don't carry quite the same weight as a formally written and signed contract.
Re: (Score:2)
But if I have any legal problems, they're required to come to Canada in order for any disputes, according to the law of my land. Especially if they want to keep doing business here.
That might hold water if they chose to raise a dispute with you. The problem there is if *you* have something you want to dispute with *them* (like them selling your info when their own contract said they wouldn't) they would most likely say they aren't coming and offer you a venue in their land instead. Whether you are in the right or not won't make much difference across borders unless you can afford some pretty hot legal support or have available avenues of political influence.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Contracts are legally binding.
Re: (Score:1)
For example is it possible to have someone sign a contract telling them that if they don't make a house payment they lose their citizenship, would that hold up in a court of law?
Everyone treats the contract as this magical piece of paper that makes any action legal as long as it's signed properly, but I don't think that's so.
Re: (Score:2)
No.
Last I recall my contract law class, the elements of a contract are
Offer
Acceptance
Consideration
Capacity (mental) to enter a contract
and - Legality of the Contract.
You can't enter a "Valid" contract for something illegal.
That's why you see the clause that says if somehow one clause winds up illegal it doesn't squash the entire rest of the terms.
Re: (Score:2)
Absolutely not. There are lots of things that you are unable to agree to in contracts. For starters, you are extremely limited in your ability to sign away fundamental rights. On top of that, laws apply lots of additional, more situational, restrictions on particular sorts of contracts. For example, my state places a lot of restrictions on the contract between the landlord of a residential property and the tenant. (It also asserts that there are certain terms to a rental agreement, even if they're not state
Re: (Score:2)
Re: (Score:2)
By that unconstructive measure, laws aren't legally binding, either. The only thing that's legally binding is what the executive chooses to enforce.
Also, in common law countries, there are not actually laws that make contracts legally binding.
Re: (Score:1)
Generally, policies end up being legally binding. Companies that have had certain non-discrimination policies (say, on the basis of sexual orientation) but ended up violating them have been successfully sued. Basically, if you end up doing anything in reliance on a company policy, it's legally binding.
That, of course, is why most privacy policies are extremely vague and one-sided.
Re: (Score:2)
Policies that are legally binding are generally backed up by laws that are legally binding, making the policy really mean "we are following the applicable laws". That's it.
For example, if a company were to have a policy that states they will never, ever hire homosexuals and every employee was required to sign a statement that they accepted and would follow that policy - it wouldn't stand up in court for 30 seconds no matter what happened. Violating that policy would have zero impact.
Having a privacy polic
Re: (Score:2)
Google Adsense requires them; therefore their primary purpose it to fulfill that requirement.
Finally a good find here... (Score:2)
Re: (Score:1)
That means that nobody really bothers about privacy policies enough to tweet about, even this one...
Scott McNealy said it best (Score:2)
What could be more honest than, "You have zero privacy anyway. Get over it."?
Sun CEO Scott McNealy [wired.com]
Scott McNealy said it most greedily and ignorantly (Score:3)
Re: (Score:1)
What about Zuckerberg's and McNealy's rights to tell people the things you freely told them? I don't think "freedom from gossip" is in our constitution.
I never implied what you wrongly inferred (Score:2)
Right; you post as AC and *I'M * a coward - ROTFL (Score:1)
Of course I will. I'll exercise my freedom of speech to tell them to their face what I think of them in no uncertain terms, in a way that will make them embarrassed. It is your immaturity that caused you to infer that I was making a physical threat.
Great reading comprehension skills to go with your incredible courage. I stated: "I still ha
tl; dr simplified version (Score:3)
Counterexample (Score:1)
For example, this one. [imo.im]
Re: (Score:2)
Re: (Score:2)
We don't share your information with anyone
I applaud your intentions, but what do you do if a court orders you to disclose information about one of your users? IANAL, but it seems you have a choice between violating the law and violating your own privacy policy -- you've got a big problem either way. All of those clauses and conditions in those long privacy policies serve a purpose, and they need to be there even when the company operating the website does respect the privacy of the site's users.
Re: (Score:2)
One could argue that by legally entering a privacy contract with the end user, that they are legally unable to comply with the subpoena. Kinda like a catholic priest refusing to give testimony over a confession he has heard.
The government is unlikely to want to play nice with that arrangement, but that is where the PR machine initiates retaliatory strikes.
Re: (Score:2)
Sorry, it won't fly.
The most basic point is a contract cannot circumvent law. So you can have a contract that says you don't have to comply with a subpoena but the contract is unenforcible and has no applicabily on your relationship with law enforcement, only with your customer. Law enforcement isn't a party to the contract either, so they don't care.
The relationship between a priest and confessor is legally recognized. While it might be nice to have that sort of relationship recognized between web site
Re: (Score:1)
One could argue that by legally entering a privacy contract with the end user, that they are legally unable to comply with the subpoena. Kinda like a catholic priest refusing to give testimony over a confession he has heard.
No, one could not say that. One would be in violation of contempt of court and possibly an accessory to the crime.
The law states that a subpoena overrules ALL other private agreements. The ONLY exception is medical, legal (lawyers) and religious privacy, and those can often be stretched pretty thin by an aggressive prosecutor.
Re: (Score:2)
Re: (Score:2)
couldn't reasonably be considered a violation of a privacy policy
But, could it legally be considered a violation (i.e., could your user successfully sue you for disclosing the info)? You can argue in court that a contract cannot force you to do something illegal (ignore court order to disclose info), but can you convince the court that you shouldn't be liable for the damages to the user caused by that disclosure? Essentially, your privacy policy is false advertising, and the user can claim that he wouldn't have used your site (and hence become damaged by the disclosure
Re: (Score:3)
I feel like this is way outside the realm of what normal privacy concerns for normal users i
Re: (Score:2)
My website's privacy policy (Score:2)
"Look, I haven't even updated my resume in five years; you think I'm going to bother doing anything with your data?"
Yep, that's going on my site. (Score:2)
I love it.
the language needs a little cleaning up, but I'll be putting it on my site later on.
Re: (Score:2)
Me too. I need to check to make sure it fulfills the requirements for Adsense, but I suspect it does. I'll enable comments on the page, too - it might even draw some hits.
Pretty funny stuff. (Score:2)
We’ll also share all of this information with the government. We’re just suckers for guys with crew cuts carrying subpoenas.
Um, if any company is going to refuse a government subpoena, then they'd better have a very damned good legal reason to do so. Few companies are interested in going to court themselves and spending boatloads to protect a user.
A privacy Policy! Daah! (Score:1)
A nice little idea. If actually put to use.
How about a no-privacy-policy world?
It then should be obvious and/or taken for granted that "We will do whatever the dickens we feel like with your data."
Sites that decide to stick to some rules with regard to protecting privacy can sit down and spend some time drawing up a sketch of a privacy policy. "We will never do such-and-such with your data." etc.
Problem solved. facebook will have no policy while slashdot would have at least a couple of lines. Wikileaks
My proposed privacy policy (Score:4, Insightful)
All your data are belong to us!
Just as accurate, easier to understand, and shorter.
Re: (Score:1)
What you say!
The First Truly Honest Post (Score:5, Funny)
I didn't bother reading the article. I'm simply posting an emotional response based solely on the probably inaccurate summary. I don't really care about privacy policies because I'm use to getting tracked all the time. Security cameras watch me drive to work, my badge records when I enter the door, cameras watch me inside the building, my credit card leaves a trail everywhere I buy something... and I don't really care. So go ahead and track what you want and sell the data to whoever. The hundreds of spam messages I get a day proves that there is no hope of ever retrieving any of my privacy. If you start asking for money to visit this site I'll probably pay for it because I tend to develop habits that make me comfortable. I don't like those habits being interrupted.
I'm now going to hit submit without doing a preview because I could really care less about the quality of this post.
Re: (Score:2)
I'm now going to hit submit without doing a preview because I could really care less about the quality of this post.
It lets you do that? I -have- no submit button, just a preview... I WANT my submit button back.... what's the option I need to use to get this to work...
Re: (Score:2)
That's because you are using the quick edit feature. You can change your preferences to switch to the full edit style, which has both a submit and a preview button. The disadvantage, of course, is that it takes you to a separate page for your comment.
You can't do nearly the volume of inane posts on a slow connection with the full edit as you can with the quick edit.
Re: (Score:2)
Reply, not edit.
My bad.
Preview couldn't help me with that little brain fart!
Re: (Score:2)
Thanks for the assist.
I couldn't find a preference for "quick edit", but I did futz around with the preferences for a while, and hurrah, I did change something or other to "classic" and its working like it used to! It wasn't in the posting preferences where I had looked previously for an option on multiple occasions... it was somewhere in the layout prefs or something.
You can't do nearly the volume of inane posts on a slow connection with the full edit as you can with the quick edit.
I have a fast connection
Re: (Score:2)
It's really simple:
1. Click preview.
2. Click submit without reviewing your text.
3. Profit.
Re: (Score:2)
"Couldn't care less" is actually the correct phrasing of the "Could care less" error you linked to. Good try though.
Re: (Score:2)
Ignore my post, I'm a moron who replied too quickly, doesn't read, and doesn't take my own advice.
Re: (Score:2)
Wiktionary refers to a book classifying could care less [wiktionary.org] as one of the Common Errors of English Usage
That depends entirely upon whether or not you actually can care less. Using "could care less" is a clever way of hiding the fact that you actually care a great deal about something, if you were to use it intentionally.
And, along those lines, one of my all-time favorite Dillberts:
http://dilbert.com/strips/comic/2007-09-29/ [dilbert.com]
I like it in conjunction with the previous day's entry.
Cute (Score:4, Insightful)
Re: (Score:2)
Define "legitimate"?
I have a web business that is currently drawing about 1,000 visitors / day across all my sites, and I plan to adopt it. Is that "legitimate"?
Don't need no stinking warrants (Score:2)
hmm... a bit evasive (Score:2)
Re: (Score:2)
One Question (Score:2)
Is it legally binding?
Oh for pities sake (Score:1)
Whine Whine Whine Bitch Bitch Bitch.
Or, alternatively, toggle off cookies by default, install noscript and https-everywhere. Look at what Google lets you opt out of and, y'know, opt out. If you're feeling *really* paranoid, set up an alternate profile for any online persona that you don't want tracked backwards to you.
If you have a genuine concern about some evercookie tracking you unethically after you've done that, I'll grant that it's legit. Tracking via IP addresses should of course be limited to things
Re: (Score:1)
"pities sake" ... "for the love of Pete"?
lemme guess, you're over 35 and live in the midwest of the US. Probably Minnesota or Wisconsin, likely not in a large city (or you recently moved from one of those places).
You certainly grew up there.
No, I didn't steal this information from your cookies. :-P
Re: (Score:2)
OHMIGODOHMIGODOHMIGODOHMIGOD
You mean people can figure out things about me based on . . . stuff I *DO*!?!?!?!?!
YOU'RE FROM THE NSA AREN'T YOU!!!!!!!!!
AUGH!!!
Oh - wait - if they have that much wrong, I'm probably okay . . . unless . . . it's a double bluff?!?!!?!
AAAAAUUUUUGGGGGHHHHH!!!!!!!
{G} - Pug
What's so hard? (Score:4, Interesting)
Here's my privacy policy [aardvark.co.nz].
(to save you clicking the link)...
"The Aardvark Privacy Policy
To put it bluntly -- any information you submit through this site
is held in total confidence unless otherwise stated.
Aardvark has built a strong reputation for protecting the information submitted
and collected. I have a total anti-spam, anti UCE policy -- never, never, never
will your email address be made available to any third party without your
expressed permission and never, never, never will I send you unsolicited
email.
That's it ... plain and simple -- Your secrets are safe with me!
What's more -- Aardvark doesn't routinely collect information from its
users. Apart from the Google Ads, this site is a cookie-free zone --
I probably know nothing at all about you anyway!
Here's a whole bunch of stuff about Google's cookie and privacy policy that
You might find interesting and which I'm supposed to include in this
privacy statement as part of my position as an AdSense user
If you've got a problem or a query about this then contact me, you can even do it
anonymously but in that case don't expect a reply (how could I?). "
It's short, to the point and covers all the bases, doesn't it?
What's so hard about coming up with a concise, no-nonsense privacy policy?
Re: (Score:1)
Getting sued for violating the policy.
If someone breaks into your site and distributes subscriber email addresses you will be liable.
Again, if you fail to protect the subscribers' secrets you could be held liable.
Re: (Score:1)
I went to your site and Firefox prompted me to accept the following cookie:
name: font_size
content: 0
path: /
domain: aardvark.co.nz
Expires: End Of Session
Not a big deal, really, but it doesn't match up with your policy.
Re: (Score:2)
It actually amuses me (Score:1)
I know that a lot of people don't ever read the privacy policies though, or EULAs and etc.
I remember an article at Humorix (linux-related joke site) with a EULA that resembles this privacy policy. it had a clause in it that said something like:
By accepting this agreement you hereby agree to forfeit your firstborn son and/or soul to us..
Seriously though. Perhaps an honest privacy policy like this will let people realize just what they're getting themselves into every time they visit a random
Compare to this, in the real world ... (Score:1)
http://www.rsync.net/resources/notices/tos.html [rsync.net]
I especially like:
"No form of data or meta-data concerning the behavior of our customers or the contents of their filesystems, or
even the customer data that we hold in our records for billing, will ever be divulged to any law enforcement
officer or agency without order served directly by a US court having jurisdiction. "
and:
"No consumer or personal information about our customers of any kind will be divulged to any party for any reason."
There are other and older honest ones (Score:3)
There are other, and much older, honest privacy policies out there.
For instance, here's my privacy policy, which I believe is entirely hones, adopted by several others, and has been on my website for well more than a decade:
http://www.cavebear.com/privacy-policy.html
This is an REAL privacy policy. (Score:1)
I prefer this old disclaimer. (Score:2)
"This product is meant for educational purposes only. Any resemblance to real persons living or dead is purely coincidental. Void where prohibited. Some assembly required. List each check separately by bank number. Batteries not included. Contents may settle during shipment. Use only as directed. No other warranty expressed or implied. Do not use while operating a motor vehicle or heavy equipment. Postage will be paid by addressee. Subject to CAB approval. This is not an offer to sell securities. Apply only
Open sourced plain text? WTF?! (Score:1)
"I am hereby open sourcing this privacy policy."
How can anyone "open source" plain text? There is no source and no compiled result. There is nothing you can "close", so it can be "opened" neither.
BTW Why people always say about "open sourcing" and not "opening source"? It really confuses me as non-native English speaker.
Duck Duck Go (Score:2)
Even better is a privacy policy that goes beyond honesty and understandability to:
- Actually value and promote privacy as a central goal of the service provided by the site
- Detail potential caveats with different options or approaches
- Specifically detail what information is shared with whom and for what purpose
- Link to "competing" services with similar policies
http://duckduckgo.com/privacy.html [duckduckgo.com]
Re: (Score:2)
Oh and, they detail what has changed and when. Can't forget that.