×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

20 Hours a Month Reading Privacy Policies

kdawson posted more than 5 years ago | from the half-the-bailout-every-year dept.

Privacy 161

Barence sends word of research out of Carnegie Mellon University calling for changes in the way Web sites present privacy policies. The researchers, one of whom is an EFF board member, calculated how long it would take the average user to read through the privacy policies of the sites visited in a year. The answer: 200 hours, at a hypothetical cost to the US economy of $365 billion, more than half the financial bailout package. Every year. The researchers propose that, if the industry can't make privacy policies easier to read or skim, then federal intervention may be needed. This resulted in the predictable cry of outrage from online executives. Here's the study (PDF).

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

161 comments

fp (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25327827)

20 hours? That's almost as mush time as you spend EATING MY ASSHOLE.

Re:fp (5, Funny)

ozphx (1061292) | more than 5 years ago | (#25328039)

Short, sweet and to the point. Fine use of rhetoricals and emphasis on the punchline. This well balanced piece is let down by its brevity and typos, I can't help but feel that Coward rushed this work.

Worth your time. Three and a half stars.

Re:fp (0)

Anonymous Coward | more than 5 years ago | (#25328869)

but 20 hours isn't enough for you is it, thats why you have a harem of gay boys who prefer jelly.

Solution: Standardized policies (5, Interesting)

crow (16139) | more than 5 years ago | (#25327863)

If there were a few standardized policies that most sites used, then users wouldn't need to read them. Like with software licenses, you don't bother to read the GPL for each time you install software that uses that license.

Re:Solution: Standardized policies (1)

Toad-san (64810) | more than 5 years ago | (#25327929)

I agree. A good job for the FCC or the ACLU.

"This site complies with FCC Privacy Policy #2."

and a link.

Bidda bing ...

Re:Solution: Standardized policies (3, Insightful)

electrictroy (912290) | more than 5 years ago | (#25328075)

It's not the FCC job to regulate anything other than over-the-air radio waves (public property).
Software, not being radio, is private and NONE of the government's long-nosed business.

The solution I use is to not bother reading the policies, because I know the companies don't adhere to them. They just sell your info to whoever that want, and do whatever they please (similar to how Bush is eavesdropping on overseas Americans even though he promised he wouldn't). There's no point wasting my time reading a policy that is not enforced.

Re:Solution: Standardized policies (1)

Firehed (942385) | more than 5 years ago | (#25328559)

True, but unlike when you're going against the government, there's at least the implication that by agreeing to their TOS, you're entering into some sort of nonformal contract (a shrink-wrap EULA basically) in that they have to hold up to their end of the bargain. If nothing else, you could probably sue them if you find them to be in violation of their posted privacy policy. Hell, if you go for the maximum allowed in small claims court, chances are they'll determine it not worth their time and you'll win your five grand by default.

Not much, but it's something. At least in theory. Like you, I assume the worst and hope for the best, and plan accordingly.

I do still like the idea of some rough equivalent to Creative Commons/OSI for privacy/usage polices.

Re:Solution: Standardized policies (2, Informative)

digitig (1056110) | more than 5 years ago | (#25328661)

But nobody was proposing that they regulate anything new. The proposal was that they make a set of standard licenses available, not that they enforce them.

Re:Solution: Standardized policies (3, Insightful)

DriedClexler (814907) | more than 5 years ago | (#25328837)

It's not the FCC job to regulate anything other than over-the-air radio waves (public property).
Software, not being radio, is private and NONE of the government's long-nosed business.

Good job. He said FCC (Federal Communications Commission) when he should have said FTC (Federal Trade Commission) and instead of reminding the rest of us what the relevant government agency would be, you took the opportunity to grandstand about his mistake. That really helps the discussion, doesn't it?

Anyway, I have a hard time seeing how this would be overstepping the government's bounds. It's just setting up a template people are free to use, or not, or use with modifications. Government-endorsed behavior (where it pays people to do something), is not the same thing as government-recognized behavior (where it sets a template to ease communication).

The worst that would happen is that it biases people into not trusting those who refuse to simplify their TOS into one of the common templates. Good. People should have distrusted long license agreements in the first place. It's the general tolerance of that kind of BS that has pushed people into accepting as commonplace the atrocious practice of agreeing to something you haven't read ... something that in any other context is evidence of coercion.

Re:Solution: Standardized policies (1)

a_nonamiss (743253) | more than 5 years ago | (#25328771)

Did you mean FTC? I think this would be more likely to fall under their umbrella than the FCC. Nothing to do with regulation of radio waves.

Re:Solution: Standardized policies (5, Insightful)

truthsearch (249536) | more than 5 years ago | (#25327967)

Creative Commons puts out a variety of licenses that have a simple (human readable) version and a complete (legal) version. A logo or link on a site makes it immediately clear which license is being used. The exact same formula would probably work quite well for privacy policies.

Re:Solution: Standardized policies (1)

martinw89 (1229324) | more than 5 years ago | (#25327989)

Yes but the GPL says what you can and cannot do to the source of a project, a pretty standardized action. Privacy policies say what the website can and cannot do with your info. That's going to be different on a per website basis. Google could get everything I searched for, Facebook knows what college I go to and some of my friends, Youtube knows what videos I watched, etc. Unfortunately, one boilerplate policy would not cover all of these websites.

Re:Solution: Standardized policies (1)

ozphx (1061292) | more than 5 years ago | (#25328137)

Its more like "We (US, PARTNERS, MATES) can do whatever (WITHOUT LIMITATION) with the content (EVERYTHING CONCEIVABLE)."

Well, I exaggerate, but a set of policies would be feasible. I define my trust of a site in fairly broad terms, I'm only really interested if they are going to sell my information to others, and whether I still own what I submit (regardless of content type).

Re:Solution: Standardized policies (1)

Firehed (942385) | more than 5 years ago | (#25328673)

The GPL was just an example, albeit a poor one. Think Creative Commons, which has about a dozen or so different license combination, or opensource.org which compiles a good fifty different fairly-widely-used licenses.

Coming up with some fairly simple and basic terms and wrapping a relatively generic policy around them isn't out of the question.
* Your information {may|may not|may, but only anonymously} be seen by third parties.
* Personally identifiable information {may|may not} be shared with advertisers in order to effectively target advertising.
* Content you produce on this site {may|may not} be sold, licensed, or otherwise made available to third parties.

Etc. It can't be as boilerplate as the GPL, and would require more licenses than CC has available, but it would basically amount to dropping in different paragraphs of boilerplate to a document, each of which is determined by a dropdown box addressing one of maybe a dozen or so typical privacy areas. And that could easily enough translate into the cute and easy to decode icons attached to the CC licenses too.

Re:Solution: Standardized policies (1)

martinw89 (1229324) | more than 5 years ago | (#25328875)

Ah ok, I understand what you mean now. That would indeed be quite helpful. Especially if they had icons and English (not legalese) descriptions of the different licenses like the CC.

I'm your browser and I'm here to help. (5, Interesting)

SleptThroughClass (1127287) | more than 5 years ago | (#25328097)

Even better, a tag could tell your browser which standard policy is being used. Tell your browser which policies you want to be accepted, and what action to take for sites with other policies.

Re:I'm your browser and I'm here to help. (1, Interesting)

Anonymous Coward | more than 5 years ago | (#25328411)

http://www.w3.org/P3P/
Already built inside IE and Firefox. Only problem is that very few websites use it.

Re:Solution: Standardized policies (1)

noidentity (188756) | more than 5 years ago | (#25328187)

Like with software licenses, you don't bother to read the GPL for each time you install software that uses that license.

Since when does merely installing GPL software bind the user to anything? Maybe you meant "...you don't bother to re-read the GPL each time you distribute modifications to software that uses it."

Re:Solution: Standardized policies (3, Insightful)

Stewie241 (1035724) | more than 5 years ago | (#25328233)

True, but you learn about your rights by reading the license. And, by knowing what the license is, you don't have to worry about the question of whether or not you got it legitimately or not.

Re:Solution: Standardized policies (1)

Firehed (942385) | more than 5 years ago | (#25328729)

Is that ever really an issue? I have plenty of legitimately-obtained software, and a not-unhealthy-but-more-than-zero amount of not so legitimately obtained software. However, in 100% of my software, I know which is the case.

It's safe to say that accidentally finding a piece of cracked software is quite unlikely. Maybe the distributor is in violation of a redistribution license (like the GPL), but that's not something you're likely to know by reading it on their site - they wouldn't go advertising the fact.

Re:Solution: Standardized policies (1)

pasha2891 (946976) | more than 5 years ago | (#25328333)

A trusted third party authority that gives you the gist of each policy would probably work as well if each site needs the freedom to have a customized policy.

Re:Solution: Standardized policies (0)

Anonymous Coward | more than 5 years ago | (#25328335)

from

!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"

to

!PRVTYPE gpl PUBLIC "-//W3C//GPL 1.0 Strict//EN"
        "http://www.w3.org/TR/gpll1/gpll1.prv"

But hey I am just a fuckin idiot...

Re:Solution: Standardized policies (1)

jellomizer (103300) | more than 5 years ago | (#25328585)

However that assumes that you will always have a detailed knowledge of the GPL.
I Download Ubuntu and use it as a desktop system. Chances are that I am going to be abiding by the GPL.

However say I get a GPL library that I want to incorporate into my application... Now I really need to know the GPL. As I may or may not want my application to be GPL complaint, or I could be doing something in the Gray Areas of the GPL, say in the area of integration of hardware, where my application is for business use (The unofficial IBM can do it because they support us but TiVo can't clause, because hackers want to hack the TiVo, more then a million dollar IBM server) ... however there is a slim chance it can be used for personal use so it can fall in invalid area.

However we could use a good base license that we don't need to read over and over again.

Or maybe... (5, Insightful)

Aladrin (926209) | more than 5 years ago | (#25327871)

Or maybe people shouldn't submit their data to every website they visit. If they care about their privacy, they had better well read the privacy policy.

Companies aren't going to dumb-down their policies and open themselves to lawsuits. They are precise and lengthy for a reason.

In the end it doesn't even matter, though. They all include a clause that lets them change the policy any time they like.

Re:Or maybe... (1)

tolan-b (230077) | more than 5 years ago | (#25328163)

In the UK I believe the requirement is to have up to 3 levels of privacy policy.

- A very simple summary of what might happen with your data at the point you enter it, linking to:
- A more detailed plain english explanation, linking to:
- The full privacy policy.

Most sites just have the full policy though, afaik (IANAL) that's breaking the rules.

Re:Or maybe... (1)

BenoitRen (998927) | more than 5 years ago | (#25328179)

That's assuming that people can directly control such data. Your web browser sends its user agent string and referrer in the HTTP header by default. Then there's the extra information that sites can get with JavaScript.

Re:Or maybe... (0)

Anonymous Coward | more than 5 years ago | (#25328197)

Its illegal to create contracts that are either invalid, written in a manner which fails to properly define the terms of agreement or is arbitrarily one-sided.

Do YOU read Slashdot's policies everyday? For all you know, an article stating that anyone who posts an anti-"big brother" comment with have all information about them forwarded to the NSA and no nobody has simply noticed it.

Re:Or maybe... (1)

Deathdonut (604275) | more than 5 years ago | (#25328225)

It's entirely possible to "dumb down" policies by defining symbols or words as binding. If people who visited a website could look at a set of pre-defined symbols or format (think nutritional information tabs) and know that the website would share all data with wholly owned subsidiaries but would sell aggregate or non-identifiable information to others, it might take much of the guesswork out of the process. Obviously, things could get arcane pretty quickly if you weren't carefull, but you could get alot of binding information much faster than the verbosity currently used.

No big deal. (5, Funny)

Mister Whirly (964219) | more than 5 years ago | (#25327875)

200 hours? big deal.
Average amount of hours wasted reading Slashdot at work in a year : 5,000,000

Re:No big deal. (5, Funny)

aurb (674003) | more than 5 years ago | (#25328217)

It's a good thing we don't read the articles. The number could be much much bigger...

This is a very BIG deal! (4, Funny)

tuxgeek (872962) | more than 5 years ago | (#25328249)

So, if our time, 200 hrs, is worth $350 billion
And we spend 5,000,000 hrs / year reading slashdot
That means our wasted hours reading slashdot is worth $8,750,000,000,000,000.00

Good God man! If we slashdotters collude on this we can buy the whole planet and kick everyone else off it, or at least charge them rent.

-----

Never underestimate the power of stupid people in large groups

Re:This is a very BIG deal! (5, Funny)

digitig (1056110) | more than 5 years ago | (#25328731)

So, if our time, 200 hrs, is worth $350 billion

Where do I apply for this $1.75 billion an hour job, reading privacy agreements?

Re:No big deal. (1)

Spy der Mann (805235) | more than 5 years ago | (#25328271)

Average amount of hours wasted reading Slashdot at work in a year : 5,000,000

Realizing that you've trashed your life: Priceless!

Re:No big deal. (0)

Anonymous Coward | more than 5 years ago | (#25328435)

good job.. assuming you work every day of the year, dont sleep or eat, you're wasting 570 hours on every hour you're at work.
now i knew that slashdot was an odd place, but not *that* odd.
++ c.

Re:No big deal. (3, Funny)

alexhs (877055) | more than 5 years ago | (#25328533)

By my own calculations using your helpful data, it means a slashdotter in average wastes each work hour 2500 times...

Using relativity formulae, I guess we would come close to the speed of light...

Re:No big deal. (3, Funny)

MadCow42 (243108) | more than 5 years ago | (#25328617)

Actually, the average for Slashdot editors appears to be slightly lower than the general populace... it's the only explanation I can see. :)

MadCow.

Re:No big deal. (1)

Firehed (942385) | more than 5 years ago | (#25328811)

5,000,000 hours per year per person?

I'd like to borrow your time machine, if you don't mind. Using my knowledge of the stock market could make me trillions! Or even billions! </dr.evil>

Standardization (4, Insightful)

FireStormZ (1315639) | more than 5 years ago | (#25327877)

Some group need to write a half dozen or so policies covering a range of options and publish them under a license which *does not* allow them to be used under the same name if any changes are made.

Who really reads the GPL anymore after you have went through it a few time? the MPL? BSD? If you get somewhere under a dozen options out there you can save *everybody* time..

Re:Standardization (1)

noidentity (188756) | more than 5 years ago | (#25328209)

Or at the very least, allow these to be used as a base. So example.com has a privacy policy that is the terms of standard policy A + a few additional items.

They need another study (0)

Anonymous Coward | more than 5 years ago | (#25327907)

For how much is wasted with all the current US laws. If ignorance of the law is no excuse, then how much time would it take to read and understand EVERY US law that might affect us.

That's a study I would like to see.

Re:They need another study (2, Insightful)

Hal_Porter (817932) | more than 5 years ago | (#25328145)

A man had a problem and he decided to convince the Goverment to pass a law to help him. Then he had two problems.

Re:They need another study (5, Funny)

corsec67 (627446) | more than 5 years ago | (#25328343)

Not even congress reads the laws.

Re:They need another study (1)

herring0 (1286926) | more than 5 years ago | (#25328433)

Why would they actually read them? That's why the lobbyists provide dinners and 'meetings' so that they can explain the relevant portions. Anything else just gets in the way of all the other dinners and meetings they need to attend.

Or campaigns that need to be run...

Perfect time (2, Interesting)

speroni (1258316) | more than 5 years ago | (#25327911)

to implement my low cost IT Law firm. For a nominal fee we would certify websites and software. Don't want to read the EULA, just check with our firm for verification.

We'd even specialize in defending the rights of netizens and downloaders.

Online legal service for hire.

Standards? (0, Redundant)

SirLestat (452396) | more than 5 years ago | (#25327917)

In the license world, when I see GPL, LGPL, etc most of the time I know what they are without having to read the full text. Can't they make some standard privacy policies so we can save the time reading them?

They are standardized (0)

Anonymous Coward | more than 5 years ago | (#25327923)

Pretty much every privacy policy in the known universe says "Hi! We care about your privacy here at X, so we won't share your personal information except as permitted by law!"

Occasionally they bury an opt-out provision to one of their sharing agreements on page 27.

one liner privacy policy (0)

Anonymous Coward | more than 5 years ago | (#25327939)

you should have no expectations on privacy, suck it up.

Shouts out to Aleecia (0)

Anonymous Coward | more than 5 years ago | (#25327941)

Good work! --Eeyore

robots.txt (2, Interesting)

bigattichouse (527527) | more than 5 years ago | (#25327949)

I'd like something simple and standardized: Yes you can re-use content No, it has to be attributed. No, you can't use our logo. blah blah blah etc. rights.txt Have the browser integrate it and have pretty little icons like creative commons does.

The Problems With Passing Federal Laws (2, Interesting)

mpapet (761907) | more than 5 years ago | (#25327981)

I can pretty much guarantee the Federal standard would be a nightmare.

The worst of K street will have second crack at the legislation. The Cheney administration would have first crack at it and take another opportunity to sodomize legal history and Constitutional law. Both houses of Congress have more or less abdicated their responsibility in providing checks, so it gets Fugly fast.

You are obsessed with privacy, so read them (1)

Kohath (38547) | more than 5 years ago | (#25327995)

You people who are obsessed with your privacy should be happy for the chance to spend 200 hours a month reading these policies. It's what you care about.

The rest of us don't care how long they are because we would rather live good lives rather than private lives. So we don't read them.

Re:You are obsessed with privacy, so read them (1)

Spatial (1235392) | more than 5 years ago | (#25328509)

Ha ha, what a useless argument. 'Good' and 'private' are not mutually exclusive qualities. It's a false dichotomy.

You advocate a position of ignorance and mock people who value their privacy. And apparently you think someone cannot lead a good, private life. Why is that? Do you not find that a rather foolish position? (a genuine question)

Re:You are obsessed with privacy, so read them (1)

Kohath (38547) | more than 5 years ago | (#25328747)

Obsession with yourself (your privacy, in this case) rarely leads to anything good. The privacy-obsessed might be better off coming out of the bunker and joining the rest of the world.

If not though, the original point stands. Why wouldn't they want to spend their leisure time reading privacy policies if that's what they care about?

Half the financial bailout package? (1)

conner_bw (120497) | more than 5 years ago | (#25328001)

By a nice coincidence, though, the financial rescue package of $700 billion duplicates a number that was also in the news last week - the Pentagon budget. In the fiscal year just beginning, the Defense Department will spend $607 billion on normal military costs, and an additional $100 billion on the wars in Iraq and Afghanistan. (As of June 30, 2008, Congress had appropriated $859 billion for the wars; Congressional Budget Office projections assume further costs of $400 billion to $500 billion as the wars wind down). But for the coming year, $700 billion is the Pentagon's nice round number (this includes neither Homeland Security nor intelligence costs). All of last week's hand-wringing hoopla over the emergency bailout stands in stark contrast to the utter indifference with which politicians approved an equivalent layout for the military - an approval so routine that it was ignored in the press and by the public.

[ source [boston.com] ]

Have you noticed the trend? (1)

Overzeetop (214511) | more than 5 years ago | (#25328363)

The right tends to prefer less regulation, and to let the markets work as efficiently as possible. Deregulation - generally led by the right and approved by both major political parties - occurs over the course of many years. This deregulation often leads to growth and an increase in prosperity, especially for those with substantial money to invest - i.e. those who don't work for a living. The right suspects that with the increase in private funds, fewer social programs are needed and they save money. This is, to an extent, true - as insurance companies do well with investments, their rates for covering the insured tends to drop (real insurance, not healthcare - which is more of a maintenance contract for most people)

At some point, the market finds dicier and dicier ways of making greater profits - trying to outdo the last quarter/year. This is, of course, demanded by those who invest, and is an inherent part of human nature. At some point, the wave hits it peak and crashes. The longer the overall deregulation cycle, the harder the crash.

What happens next? The left steps in and tries to "fix" things by adding back all the regulations which were removed, and new ones to patch the holes where "innovative" financial products have been created. No matter who you let clean up the mess, the economy is going to be lousy for a few years, and all the private money which helped out communities will dry up. The left sees that as an invitation to help, and the put in the social programs which weren't needed. Everybody remembers how bad it was when the left was in power, and how good it was when the right was in power, with little thought about the transition period.

What lesson can we learn? Neither side is doing their job properly. Because markets are not perfectly efficient, and humans are programmed to hit the big score, the government really does need to keep an even hand on regulation. Have you ever seen a regulation that caused the wholesale failure of an entire industry? We've just seen a deregulation which has done it. Step back and consider that regulation - the verb, not the noun - is essential to practically every natural process. It prevents overheating and out-of-control processes from becoming dangerous. It should also prevent stagnation and the loss of momentum. If the government could learn to regulate without smothering or ignoring flare-ups _everyone_ in society would benefit. This is not some socialist rhetoric; under good regulation, everyone has a chance to succeed, and the best will indeed outstrip the common. What it will do is reduce the negative impact that the few irresponsible have on society as a whole.

Re:Have you noticed the trend? (0)

Anonymous Coward | more than 5 years ago | (#25328735)

The dangerous line you straddle is the government using regulations to prevent us from being greedy or stupid, both of which are our rights. Government is not known for regulating well or fairly. Everybody has a special interest.

Re:Half the financial bailout package? (0)

Anonymous Coward | more than 5 years ago | (#25328431)

On September 10, 2001 [youtube.com] Rumsfeld announced that the Pentagon couldn't account for $2.3 trillion. They don't really need the bailout.

Rep. Brad Sherman from California has mentioned that the bailout will be used to buy assets from foreign banks [google.com] (such as China and Saudi Arabia). Banks in the US will just keep getting absorbed by the larger banks, such as Morgan Stanley and Goldman Sachs.

CNBC is also reporting this morning [cnbc.com] that they will both be nationalized today or this weekend! They'll basically be used to launder money to foreign banks as a payoff. This is the last looting of the American people by foreigners. That's why the government stopped reporting statistics a few months ago on foreign investment inside the US.

Welcome to freedom, comrade!

There is also talk of shutting down the international markets [bloomberg.com] and creating a new Bretton Woods type deal. Don't think for a second that this new Bretton Woods deal wasn't already written and waiting for this crisis to occur.

Re:Half the financial bailout package? (0)

Anonymous Coward | more than 5 years ago | (#25328777)

I'm with you. I strongly suspect gross mismanagement and willful negligence by wallstreet is part and parcel of something else.

Doesn't anyone remember the cold war? Nuclear armageddon on the horizon for 50 years? The intellectuals on the other side of that conflict were staunchly against wallstreet and the banks. You'll forgive me if I don't believe that they forgot about this conflict to the tune of 700 billion in housing loan fuck ups.

Americans need to travel more. They'll see a world much like theirs, with institutions nothing like theirs.

Not the answer to everything! (1)

PadRacerExtreme (1006033) | more than 5 years ago | (#25328041)

The researchers propose that, if the industry can't make privacy policies easier to read or skim, then federal intervention may be needed.

Why does the government need to be involved in everything? Why can't people take a little responsibility? If you don't like the privacy policy on a site (or it is too long to read), then DON'T GO THERE. You don't need the gov for that.

Not to mention that the web is international. Nothing the EU does forces anything on Brazil, for example.

Slashdot's is nearly 3500 words (1)

hansamurai (907719) | more than 5 years ago | (#25328057)

Slashdot shares its privacy policy with SourceForge and at nearly 3500 words of legalese they're able to declare themselves "self-certified" under the Safe Harbor principles set up by the US Department of Commerce. There's even a fancy image to prove it.

I like this part of the policy:

Photographs

Users may have the opportunity to submit photographs to the Sites for product promotions, contests, and other purposes to be disclosed at the time of request. In these circumstances, the Sites are designed to allow the public to view, download, save, and otherwise access the photographs posted. By submitting a photograph, users waive any privacy expectations users have with respect to the security of such photographs, and SourceForgeâ(TM)s use or exploitation of usersâ(TM) likeness. All photographs submitted to SourceForge become the property of SourceForge and will not be returned.

Someone please let me know when Slashdot wants my picture for promotional use! I could be the face of Slashdot, or more appropriately, freshmeat.com

Plain English (1)

MikeRT (947531) | more than 5 years ago | (#25328079)

How hard would it be to write the following summary:

"We will collect your information to provide product recommendations for you while logged in at this site. We will not share your personal information with any third party without your permission as demonstrated by going to your user profile and opting in for information sharing. We promise to take every reasonable measure to ensure that your personal information, while stored by us, is inaccessible to hackers and other potential identity thieves."

Then, attach the version for lawyers.

What about television (3, Funny)

iteyoidar (972700) | more than 5 years ago | (#25328087)

I would imagine every American loses like, a bujillion hours a month watching TV. That probably costs a lot too.

200hours 20 per Month (0, Redundant)

wjsteele (255130) | more than 5 years ago | (#25328091)

Not to nitpick, but 200 hours per year is actually 40 hours less than 20 hours per month by my rough estimate or roughly 16 hours and 40 minutes per month. Not that I am a math major or anything, but I am pretty good with basic arithmetic. Someone, please check my work.

Bill

Re:200hours 20 per Month (0)

Anonymous Coward | more than 5 years ago | (#25328671)

Interesting, this get's flagged redundant when it was posted 10 minutes before the other post. It's also funnier!!!

Nobody reads them (1)

HalAtWork (926717) | more than 5 years ago | (#25328109)

But nobody reads them, just like EULAs. Users just have the expectation of privacy, just as they do in real life. Even if a few companies and marketing experts think it's unrealistic or impossible, people just have that expectation anyway. Nobody is automatically suspicious of nefarious activities, people are generally unsuspecting.

Irony (1)

Puls4r (724907) | more than 5 years ago | (#25328111)

So we're proposing the Federal government enact a law to make privacy policies easier to read?

Has anyone read the entire tax law recently, much less ALL the laws we're supposed to know?

Ignorance is no defense, after all.

Re:Irony (1)

dlsmith (993896) | more than 5 years ago | (#25328551)

Has anyone read the entire tax law recently, much less ALL the laws we're supposed to know?

Good point. The response cited in the summary ("predictable cry of outrage") makes a similar point. The benefit of privacy policies is that there's a published policy that the companies can be held accountable for. You don't preemptively read the entire body of law in your jurisdiction -- instead, you consult the law when problems arise.

So how do you know before the fact about things you won't like? Rely on the community. The press and other organizations routinely point out problems in the law. Similarly, if a business is going to risk their reputation on a shady contract, privacy policy, EULA, etc., you're probably going to hear about it.

OT: Eulas are worse (0)

Anonymous Coward | more than 5 years ago | (#25328169)

Every time Apple releases a new ITunes* a "new" EULA pops up. (I've been trying to force myself to read these damned things lately.) Hey Apple, how about a 'diff' of the old & new EULAs so I don't have to read the same text every time you tweak the UI?!?!?!

Standardization on EULAs would be a great help. Or are you guys trying to force me into only using GPLd software?

* It's not just Apple, either- device drivers, web toolbars, you name it...

Creative Commons (1)

Arkhan (240130) | more than 5 years ago | (#25328171)

This sounds like an area ripe for the Creative Commons treatment.

Produce a small suite of precise privacy practices, as detailed as you like, each with an approved "plain English" summary, just as the CC licenses do.

After a short adjustment period, one would no longer have to even skim the summary of the license, just as many surfers know by now what the "Share Alike" CC license is.

Call them CPPs: Common Privacy Practices. You could have CPP: Share Internal, CPP: Share With Partners, CPP: Sell To Anyone, CPP: Eat Your Baby and Kick Your Dog, etc.

Policies are useless anyways (1)

Gothmolly (148874) | more than 5 years ago | (#25328181)

Either they violate them and sell your info to everyone with limited to no reprisal, or some idiot "loses" (eBays) a laptop with all the data.

Don't lie to me and tell me when I know you don't care about my private info.

200 / 12 != 20 (1)

kbrasee (1379057) | more than 5 years ago | (#25328223)

Slashdot must be using the New Math.

Re:200 / 12 != 20 (1)

Colonel Korn (1258968) | more than 5 years ago | (#25328277)

The annual total had 1 significant digit. The monthly total in the summary has 1 significant digit. You computer-people don't have to deal with error and such like we engineers, but imo 200/12 ~= 20 isn't really a problem.

Re:200 / 12 != 20 (0)

Anonymous Coward | more than 5 years ago | (#25328461)

200 = 3 significant digits
20 = 2 significant digits

Just because they're zeroes doesn't mean they can be tossed aside.

They didn't write 2.10^2 BUT (1)

Nicolas MONNET (4727) | more than 5 years ago | (#25328707)

They didn't write 2.10^2 because most people wouldn't get it, but that's probably what they meant and what Col. Korn assumed they meant.
Had they written "201", "199", or "EXACTLY 200 hours," which they haven't, then that would have been, indeed, 3 significant digits.

Who cares? (0)

Anonymous Coward | more than 5 years ago | (#25328269)

Really, who puts their real name?

I've registered with lots of sites using the name Art Vandelay, architect, or Art Vandelay, importer-exporter, and a throwaway email address.

You don't need to worry about the privacy policy of a website if they don't have your info.

Federal intervention may be needed? (1)

Yvan256 (722131) | more than 5 years ago | (#25328303)

Federal intervention may be needed to control privacy policies on teh intarweb? That global, international thingy?

Good luck forcing a (pick your country) federal anything on other countries.

I'm not against the general idea, however it should come from a standard web group (not sure if it would fall within the W3C domain, the IETF, etc).

Why change the policies, just toss them out. (1)

s6plit4 (1344065) | more than 5 years ago | (#25328337)

Why should we ask for the privacy polices to be easier to read? Wouldn't everyone here prefer that there was no need for a policy at all? No online tracking, no sharing of your email address or purchasing habits. Of course there are a few people, my wife included, that would prefer to be tracked all day long so they can spend less time looking for crap they don't need but buy anyway.

New monetary comparison value? (2, Funny)

cabjf (710106) | more than 5 years ago | (#25328347)

So we're going to measure the cost of things in FBP's now?

Wrong (0)

Anonymous Coward | more than 5 years ago | (#25328439)

How fast does the average person take to read a policy according these statistics?
I am one of the very rare people who reads the Terms of Service and Privacy Policy of *every* website (if available) and most of them are fairly standardised anyway, it might take 1 to 2 minutes to read through if that. Once you have read it all you have to do is check for updates afterwards, not keep reading them every time you visit but maybe it's because I visit the same sites over and over? I don't know but frankly I doubt this number.

Simple Privacy Policy (1)

Ukab the Great (87152) | more than 5 years ago | (#25328453)

How about a one-line privacy policy that states "We will most likely sell your credit card information to Al-Qaeda for a box of doughnuts."

Brick-and-mortar (2, Insightful)

S77IM (1371931) | more than 5 years ago | (#25328529)

I went to a supermarket this morning.

I didn't need to license the right to walk around and view the "product label prices" content, nor did I need to agree not to sue them for being out of Diet Coke Lime, nor did I need to consent to be monitored by security cameras and have my image stored on tapes.

Why can't visiting a web site on-line be that simple?

Advertisers hated self-regulation, too. (1)

Animats (122034) | more than 5 years ago | (#25328557)

TrustE, in their early days, used to have several seals that indicated the level of privacy policy in use. So the TrustE seal actually meant something.

Then, in response to advertiser pressure, TrustE caved in. All a TrustE means now is that the site agrees to abide by its own privacy policy. It doesn't matter how intrusive the policy is; the site can still get a TrustE seal.

TrustE enforcement has been very weak. Here's a study of TrustE enforcement actions. [galexia.com] "Their privacy standards are low to begin with, but even these rules are simply not enforced against large, paying members." In the entire history of TrustE, they have terminated only one paying seal-holder: Gratis Internet, the "free iPod" scammer.

common criteria (1)

fade (4063) | more than 5 years ago | (#25328569)

It seems to me that the obvious answer to this problem is to establish a 'parts bin' of privacy policy components that are guaranteed to be compatible with each other, and use a publishing mechanism similar to the creative commons licensing site, so the most common ones become known quantities for average users.

Logicless Leap (4, Interesting)

Hercules Peanut (540188) | more than 5 years ago | (#25328631)

The researchers propose that, if the industry can't make privacy policies easier to read or skim, then federal intervention may be needed.

Why? Why should I need the federal government to get involved? At what point did I lose the power to choose to simply not use the service. If I don't have time to read the policy, then I can simply say no. It is only at the point that I no longer have a choice and that my rights are threatened that I need the federal government to step in and protect my rights.

How did we become a society of people who believe that the only ones who can solve our problems are the government, worse, the federal government? Have we no self reliance anymore?

Re:Logicless Leap (0, Redundant)

MindlessAutomata (1282944) | more than 5 years ago | (#25328789)

Welcome to our brave new world!

Anyway, a lot of the reasons these privacy policies are so long is to cover their asses legally in the first place! Jesus fucking christ, what can the federal government do?

Creative Commons/Geek Code/Google Earth Mashup (1)

Hambone_dot_exe (963408) | more than 5 years ago | (#25328675)

If we focus on the real problem presented here (readability and awareness of stated intention, and possibly client-side enforcement - not compliance, that's a separate issue), the problem's really not that big to solve.

Some of the comments here point to some techniques and practices that could actually be cobbled together very cleanly.

We've got the Creative Commons generator for human-readable deeds, lawyer-spew, and machine-readable code. Not that hard to adapt a version with "We Don't Keep Your Credit Cards" or "All Your Identity Are Belong To Gator." More options, sure, but probably easy to extrapolate in a form.

Making it machine readable (or, hell, even Geek Code-formatted; SSL-128+, 419--, Spam^3) means you can extend P3P-savvy user agents to watch for the framing of the policy, alert you to behavior you're not comfortable with, and automatically flag you with a Firefox-style notification when it sees a diff.

Hell, even if we can't get that kind of progressive behavior from a vendor, there's other tools out there that can be adapted, right? I haven't tried AT&T's PrivacyBird yet (referenced in the P3P article on WikiPedia), but between that and other tools like EULAlyzer, how hard can it be to drop in a browser-level tool that either queries a third-party database for privacy analysis and warnings, or examines the policy directly and gives you some breakdown of potential bad behavior?

Let's go even further -- supposing your site's targeting North America and Western Europe, but either you, or the hosted content or partner links, are in nations with known, uh, *default privacy behavior* that overrides the vendor's. Why not have a "Holy Dammit You're Trying To Hit A Blog Site From China" or "AT Your World Delivered To The NSA" alert?

(Okay, maybe not an alert for that one, but at least a visual cue somewhere in the browser status bar. Maybe an All-Seeing Eye, or a Boot Stamping On The Face Of Humanity, Forever. Something unobtrustive like that.)

Look, honestly -- I don't see how a legally-mandated expression of a readable, understandable privacy policy should be any different from the Surgeon General's warning on a pack of smokes or the list of ingredients and nutritional value on the side of a cereal box. The goods or services you're looking to work with have an impact on YOU and you should have some way to find out about it, quickly.

PRIVACY (1)

MindlessAutomata (1282944) | more than 5 years ago | (#25328821)

Privacy Statement

SOURCEFORGE, INC. UNITED STATES/EUROPEAN UNION SAFE HARBOR PRIVACY STATEMENT (âoePRIVACY STATEMENTâ)

(Last Updated May 23, 2008)

(Effective Date May 24, 2008)

SourceForge, Inc. (âoeSourceForgeâ), comprised of the Internet sites SourceForge.com, SourceForge.net, Slashdot.org, freshmeat.net, ITmanagersJournal.com, Linux.com, ThinkGeek.com (the âoeSitesâ), is committed to protecting the privacy of users of the Sites. SourceForge intends to give users as much control as possible over userâ(TM)s personally identifiable information, including registration data. This Privacy Statement applies to each of the Sites and describes the information SourceForge collects about users and how that information may be used.

SourceForge reserves the right to update and change this Privacy Statement from time to time. If SourceForge makes material changes to its privacy practices, a prominent notice will be posted on this web page. Each time a user uses the Sites, the current version of the Privacy Statement applies. Accordingly, a user should check the date of this Privacy Statement (which appears at the top) and review for any changes since the last version. If a user does not agree to the Privacy Statement, the user should not use the Sites.

SourceForge complies with the United States (âoeUSâ)/European Union (âoeEUâ) Safe Harbor framework as set forth by the US Department of Commerce regarding the collection, use, and retention of data from the EU. Individuals who wish to file a complaint or who take issue with SourceForge's EU Safe Harbor policies should direct such communication to SourceForge Legal Services - Privacy via written communication at the contact information provided below. Filing a complaint in English will expedite the process. SourceForge will investigate and attempt to resolve complaints regarding use and disclosure of personal information in accordance with the principles contained in this Privacy Statement. For complaints that cannot be resolved between SourceForge and the complainant, SourceForge participates in the dispute resolution procedures of the panel established by the EU data protection authorities to resolve disputes pursuant to the Safe Harbor framework.

SourceForge agrees to notify users of the following privacy principles: Notice, Choice, Onward Transfer, Security, Data Integrity, Access, and Enforcement.

NOTICE

SourceForge provides this Privacy Statement to make users aware of SourceForge privacy practices, and of the choices a user may make about the way the userâ(TM)s information is collected and used.

Children

Users represent they are of legal age to create binding and financial obligations for any liability users may incur as a result of their use of the Sites. The Sites are not directed to children under the age of 13, and SourceForge will never request personally identifiable information from anyone whom it knows to be under the age of 13 without verifiable parental or guardian consent. SourceForge does not knowingly collect, or wish to obtain, personally identifiable information from children. If SourceForge becomes aware that a user is under the age of 13 and has provided personally identifiable information without prior verifiable parental or guardian consent, it will remove userâ(TM)s personally identifiable information from its files.

What information SourceForge collects

SourceForge may collect two types of information from users of Sites: "personally identifiable information" (such as name, email address, postal address, telephone, birth date) and "aggregate information" (such as frequency of visits to Sites, IP address, Site pages most frequently accessed, browser type). Personally identifiable information is any piece of information which can potentially be used to uniquely identify, contact, or locate a user of the Sites. Aggregate information is non-personally identifiable/anonymous information about users of the Sites. Aggregate information is used in a collective manner and no single person can be identified by that compiled information.

On the Sites, users may order products or services, and register to receive materials. Personally identifiable information collected on the Sites includes community forum content, diaries, profiles, photographs, name, unique identifiers (e.g., passwords), contact and billing information (e.g., email address, postal address, telephone, fax), and transaction information.

In order to tailor SourceForgeâ(TM)s subsequent communications to users and continuously improve the Sitesâ(TM) products and services, SourceForge may also ask users to provide information regarding their interests, demographics, experience with its products, and detailed contact preferences.

Web beacons

SourceForge uses web beacons from time to time. Such web beacons may be provided by SourceForgeâ(TM)s third party advertising companies to help manage and optimize SourceForgeâ(TM)s online advertising. To opt out of targeted advertising delivered by Network Advertising Initiative members, click here: http://www.networkadvertising.org/consumer/opt_out.asp [networkadvertising.org] . A web beacon is a string of code that provides a method for delivering a graphic image on a web page or in an email message for the purpose of transferring data, or determining how many times a specific web page has been viewed. Web beacons enable SourceForge to recognize a browserâ(TM)s cookie when a browser visits a Site, and to learn which banner ads bring users to each Site. For example, when a user visits a web page, the code for the page may include instructions to go to another server to gather a single pixel graphic image. Web beacons are not placed on a userâ(TM)s computer, and users remain anonymous.

Cookies

SourceForge uses cookies on the Sites. A cookie is a unique text file that may be used for data analysis, and enables a web site to tailor information presented to a user based on a userâ(TM)s browsing program. SourceForge may use cookies to personalize a userâ(TM)s pages at a Site, to remember a user when the user registers for products or services, or to track visits to a Site. If a user does not want SourceForge to deploy cookies in the userâ(TM)s browser, the user may set the browser to reject cookies or to notify the user when a web site tries to place cookies in the browser program. Rejecting cookies may affect a userâ(TM)s ability to use some of the products, features, functions, or services on a Site. Cookies do not contain personally identifiable information.

The ads appearing on the Sites are delivered to visitors by DoubleClick, Inc. (âoeDoubleClickâ), SourceForgeâ(TM)s current third party web advertising partner. The third party advertising technology that SourceForge uses on the Sites uses information derived from a userâ(TM)s visits to the Sites to target advertising within the Sites. In addition, SourceForgeâ(TM)s advertisers may use other third party advertising technology to target advertising on the Sites. In the course of serving advertisements to the Sites, DoubleClick may place or recognize a unique cookie on a userâ(TM)s browser. Information about usersâ(TM) visits to the Sites, such as the number of times users have viewed an ad (but not usersâ(TM) names, addresses, or other personally identifiable information), are used to serve ads to visitors. As with other cookies, and consistent with SourceForgeâ(TM)s policy on cookies stated above, the user may block or delete such cookies from the user's drive or memory. For more information about DoubleClick, DoubleClickâ(TM)s use of cookies, and how to "opt out" of DoubleClickâ(TM)s email/information lists, please click here: http://www.doubleclick.net/us/corporate/privacy [doubleclick.net]. SourceForge has no access or control over third party cookies.

Log files

SourceForge web servers may automatically log aggregate information, such as a userâ(TM)s IP address, domain name, browser type, date and time of access, and other log file data. This information may be used to analyze trends or administer the Sites. Log files do not contain personally identifiable information.

With respect to SourceForge.net, SourceForge contracts with third party mirror providers, who deliver integrated communications services, including Internet access services, to deploy mirrors of downloads in order to make file downloading via SourceForge.net faster and more convenient. SourceForge has no control over the privacy or logging policies of mirror providers, or the implementation thereof, and such policies may differ from this Privacy Statement.

How SourceForge uses the information collected

SourceForge may use the personally identifiable information a user submits for any purposes related to SourceForgeâ(TM)s business, including, but not limited to:

      1. To understand a userâ(TM)s needs and create content that is relevant to the user;
      2. To generate statistical studies;
      3. To conduct market research and planning by sending user surveys;
      4. To notify user referrals of SourceForge services, information, or products when a user requests that SourceForge send such information to referrals;
      5. To improve services, information, and products;
      6. To help a user complete a transaction, or provide services or customer support;
      7. To communicate back to the user;
      8. To update the user on services, information, and products;
      9. To personalize a Site for the user;
    10. To notify the user of any changes with a Site which may affect the user;
    11. To enforce terms of use on a Site; and
    12. To allow the user to purchase products, access services, or otherwise engage in activities the user selects.

User names, identifications (âoeIDsâ), and email addresses (as well as any additional information that a user may choose to post) may be publicly available on a Site when users voluntarily and publicly disclose personally identifiable information, such as when a user posts personally identifiable information in conjunction with content subject to an Open Source license, or as part of a message posted to a public forum or a publicly-released software application. Users may not be able to change or remove public postings once posted. Such personally identifiable information may be used by visitors of these pages to send unsolicited messages. SourceForge is not responsible for any consequences which may occur from the use of personally identifiable information that a user chooses to submit to public pages.

With respect to surveys, in the event that responses are publicly disclosed, users will be notified at the time they take the survey. SourceForge will disclose only aggregate information regarding its users, which as stated earlier is anonymous information that does not identify any specific individual. Circumstances under which SourceForge would publicly disclose such aggregate information include, but are not limited to, sharing survey results with the site population, providing data to SourceForge advertisers on user preferences and/or demographics, and publicizing overall usage data in press communications.

Where surveys allow users to submit written comments, and where SourceForge advises users of the possibility of such disclosure at the time they take the survey, SourceForge reserves the right to disclose any information provided by users, provided that no personal information identifying a specific user is disclosed. Participation in surveys is at a user's option; SourceForge does not conduct mandatory surveys.

CHOICE/OPT OUT

A user makes the decision whether to proceed with any activity that requests personally identifiable information. If a user does not provide requested information, the user may not be able to complete certain transactions.

Users who use the personally identifiable information of other users agree to use such information only for:

      1. Using services offered through a Site;
      2. Site transaction-related purposes and not for unsolicited commercial messages; or
      3. Other purposes that the other user expressly chooses.

Users are not licensed to add other users to a Site, even users who entered into transactions with them, or to their mail lists without consent.

SourceForge encourages users to evaluate privacy and security policies of any of the Sitesâ(TM) transaction partners before entering into transactions or choosing to disclose personally identifiable information.

Emails

SourceForge will not use or share the personally identifiable information provided to it online in ways unrelated to the items described above without first letting a user know and offering the user a choice. If a user no longer wishes to receive direct marketing materials, SourceForge will provide instructions in each of its emails on how to be removed from any lists. SourceForge will make commercially reasonable efforts to honor such requests.

Profile or User ID Display

A userâ(TM)s personally identifiable information may be publicly available through a user's profile or user ID display. In such cases, users have the option and discretion to opt out of publicly displaying their real names at any time by changing their display name under the Sitesâ(TM) user preferences. Profile or user ID display may allow other users to see a userâ(TM)s activities, including purchase and sales content, ratings, and comments.

Email Display

Users may have the opportunity to use a service to send electronic mail to another user or email list. In such cases, a user's valid email address and real name will be included with such messages. In order to prevent abuse, users may not opt out of such a display, but may choose to refrain from using such service to transmit an email message.

SourceForge.net offers an email alias service that allows a user to create an email alias that forwards to the userâ(TM)s personal email account. SourceForge does not publish a userâ(TM)s personal email address, but does publicize email aliases which may allow an individual to identify or contact a user. A user who obtains an email alias may not opt out of such publication of the email alias.

Photographs

Users may have the opportunity to submit photographs to the Sites for product promotions, contests, and other purposes to be disclosed at the time of request. In these circumstances, the Sites are designed to allow the public to view, download, save, and otherwise access the photographs posted. By submitting a photograph, users waive any privacy expectations users have with respect to the security of such photographs, and SourceForgeâ(TM)s use or exploitation of usersâ(TM) likeness. All photographs submitted to SourceForge become the property of SourceForge and will not be returned.

ONWARD TRANSFER

With whom may SourceForge share information?

SourceForge will not sell, rent, or lease a userâ(TM)s personally identifiable information to others, except as described in this Privacy Statement. Unless SourceForge has a userâ(TM)s permission or as required by law, SourceForge will only share the personally identifiable information a user provides online with other entities that are part of the SourceForge corporate family and/or outside service providers who may be used to ship products, process credit cards, provide technical support, handle order processing, or otherwise act on SourceForgeâ(TM)s behalf. These third parties are prohibited from using usersâ(TM) information for any other purpose, including their own marketing.

When SourceForge uses third parties to assist in processing a Siteâ(TM)s user personally identifiable information, SourceForge requests that they comply with SourceForge privacy practices, and other appropriate confidentiality and security measures.

Please be advised that in certain instances, it may be necessary for SourceForge to disclose a userâ(TM)s personally identifiable information without a userâ(TM)s permission to government officials or otherwise as required by legal obligations. SourceForge may disclose such personally identifiable information when responding to subpoenas, court orders, or legal process, or to establish or exercise legal rights or defend against claims, including fraud or infringement investigations.

Data collected online may be combined with information a user provides through other means of communication, such as postal mail or third parties to further carry out the purposes described above under the heading âoeNOTICE, How SourceForge uses the information collected regarding usersâ.

When users choose to provide SourceForge with personally identifiable information, users consent to the transfer and storage of such information by SourceForge servers in the United States.

In addition, SourceForge reserves the right to share aggregate information collected from users of the Sites, without prior notice, with entities that are part of the SourceForge corporate family and unrelated third parties. As stated earlier, aggregate information is used in a collective manner and no single person can be identified by such compiled information.

SourceForge shares certain SourceForge.net data with the University of Notre Dame for the sole purpose of supporting academic and scholarly research on free and/or open source software. SourceForge has given the University of Notre Dame permission to share this data with other academic researchers studying free and/or open source software. When such SourceForge.net data is transmitted to the University of Notre Dame, SourceForge makes reasonable efforts to remove any personally identifiable information, but does not guarantee the complete removal of all information that may identify a user, such as user names or other publicly displayed information.

Service Orders

To purchase services, users may be asked to be directed to a third party site, like PayPal, to pay for their purchases. If applicable, the third party site may collect payment information directly to facilitate a transaction. None of this information will be captured or stored by SourceForge.

Links to third party web sites

Links to third party web sites on the Sites are provided solely as a convenience to the user. When a user uses these links, the user leaves the Sites. SourceForge has not reviewed all of these third party sites, does not control, and is not responsible for, any of the third party sites, their content or privacy practices. SourceForge does not endorse or make any representations about the third party sites, or any information, services, or products found on the sites. If a user decides to access any of the linked sites, SourceForge encourages the user to read their privacy statements. The user accesses such sites at userâ(TM)s own risk.

Project Web

SourceForge.net offers project web services that permit project teams to share information among developers and end users. The project web services include a pool of web servers which serve project related web content and support common scripting language. SourceForge hosts these web servers, but does not review or control any of the web content, which is created by project teams. Web content created by project teams may contain codes or other technology that collect personally identifiable information. Before linking to, accessing or otherwise using the project web services, a user should take those steps necessary, in such userâ(TM)s discretion, to protect its privacy.

Bankruptcy or Sale of business

SourceForge reserves the right to share or transfer personally identifiable information and aggregate information to a third party should SourceForge ever file for bankruptcy or in the event of a sale, merger or acquisition of SourceForge, provided such third party agrees to adhere to the terms of this Privacy Statement.

DATA INTEGRITY AND ACCESS

Should a user find inaccuracies in such userâ(TM)s information, or desire to close an account or view the personally identifiable information SourceForge may have regarding the user, the user may contact SourceForge through the communication methods described below, or when technically feasible, directly on a Site. SourceForge will make commercially reasonable efforts to respond to requests for access within thirty (30) days of receiving requests. SourceForge may decline to process usersâ(TM) access or update requests to their personally identifiable information if the requests require disproportionate technical effort, jeopardize the privacy of other users, or are impractical (for instance, requests concerning information residing on backup tapes).

SECURITY

To prevent unauthorized access or disclosure, maintain data accuracy, and ensure the appropriate use of information, SourceForge implements physical, electronic, and managerial procedures to safeguard and secure the information SourceForge collects. SourceForge uses encryption when collecting or transferring sensitive personally identifiable information. However, SourceForge does not guarantee that unauthorized third parties will never defeat measures taken to prevent improper use of personally identifiable information.

Internal SourceForge access to usersâ(TM) nonpublic personally identifiable information is restricted to SourceForgeâ(TM)s administrators and individuals on a need-to-know basis. These individuals are bound by confidentiality agreements.

User passwords are keys to accounts. Use unique numbers, letters, and special characters for passwords and do not disclose passwords to other people in order to prevent loss of account control. Users are responsible for all actions taken in their accounts. Notify SourceForge of any password compromises, and change passwords periodically to maintain account protection. In addition to passwords, SourceForge.net users also obtain encryption keys for the release of files for download, development of web content, and other services. Users are responsible for all actions taken with encryption keys, and must promptly notify SourceForge of any security compromises involving such encryption keys.

ENFORCEMENT

In the event SourceForge becomes aware that the security of a Site has been compromised or userâ(TM)s personally identifiable information has been disclosed to unrelated third parties as a result of external activity, including but not limited to security attacks or fraud, SourceForge reserves the right to take reasonable appropriate measures, including but not limited to, investigation and reporting, and notification to and cooperation with law enforcement authorities.

If SourceForge becomes aware that a user's personally identifiable information has been disclosed in a manner not permitted by this Privacy Statement, SourceForge will make reasonable efforts to notify the affected user, as soon as reasonably possible and as permitted by law, of what information has been disclosed, to the extent that SourceForge knows this information.

If a user has comments or questions about SourceForge.net's privacy statement, please contact:

Email: legal@corp.sourceforge.com
Telephone: (650) 694-2100
Fax: (650) 288-1579

Postal Mail:
Attn: SourceForge, Inc. Legal Services - Privacy
SourceForge, Inc.
650 Castro Street, Suite 450
Mountain View, CA 94041

legal terms and conditions (1)

Benjamin_Wright (1168679) | more than 5 years ago | (#25328867)

Imagine all the time businesses would spend if they read (and took the effort to digest) all the legal terms and conditions written on routine documents, like invoices, purchase orders, and bills of lading, from trading partners. Under a legal phenomenon called the "battle of the forms," businesses learned that the best approach was not to read all the terms communicated to them. Instead, they learned to transmit their own terms to their trading partners, using their own documents. By so doing, they sorta blunted or neutralized or adjusted the blizzard of terms coming from trading partners. (The process was never perfect, but if done intelligently it had an effect.) I argue the same phenomenon can occur in the privacy space. I argue people can publish their own terms of privacy [blogspot.com]. (It's a complex topic, and I'm not giving anyone legal advice here. Topic for more discussion.) --Ben http://hack-igations.blogspot.com/2008/05/google-privacy-policy-terms-of-service.html [blogspot.com]
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...