Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The First Truly Honest Privacy Policy

CmdrTaco posted more than 3 years ago | from the honesty-is-the-best-policy dept.

Privacy 119

itwbennett writes "You want to know what really happens to your data? Dan Tynan has penned the first completely honest privacy policy — surprisingly free of legalese. We dare you to use it on your website."

Sorry! There are no comments related to the filter you selected.

From the Article: (3, Informative)

DWMorse (1816016) | more than 3 years ago | (#34503584)

(Great summary.)

"At COMPANY _______ we value your privacy a great deal. Almost as much as we value the ability to take the data you give us and slice, dice, julienne, mash, puree and serve it to our business partners, which may include third-party advertising networks, data brokers, networks of affiliate sites, parent companies, subsidiaries, and other entities, none of which we’ll bother to list here because they can change from week to week and, besides, we know you’re not really paying attention.

We’ll also share all of this information with the government. We’re just suckers for guys with crew cuts carrying subpoenas.

Remember, when you visit our Web site, our Web site is also visiting you. And we’ve brought a dozen or more friends with us, depending on how many ad networks and third-party data services we use. We’re not going to tell which ones, though you could probably figure this out by carefully watching the different URLs that flash across the bottom of your browser as each page loads or when you mouse over various bits. It’s not like you’ve got better things to do.

Each of these sites may leave behind a little gift known as a cookie -- a text file filled with inscrutable gibberish that allows various computers around the globe to identify you, including your preferences, browser settings, which parts of the site you visited, which ads you clicked on, and whether you actually purchased something.

Those same cookies may let our advertising and data broker partners track you across every other site you visit, then dump all of your information into a huge database attached to a unique ID number, which they may sell ad infinitum without ever notifying you or asking for permission.

Also: We collect your IP address, which might change every time you log on but probably doesn’t. At the very least, your IP address tells us the name of your ISP and the city where you live; with a legal court order, it can also give us your name and billing address (see guys with crew cuts and subpoenas, above).

Besides your IP, we record some specifics about your operating system and browser. Amazingly, this information (known as your user agent string) can be enough to narrow you down to one of a few hundred people on the Webbernets, all by its lonesome. Isn’t technology wonderful?

The data we collect is strictly anonymous, unless you’ve been kind enough to give us your name, email address, or other identifying information. And even if you have been that kind, we promise we won’t sell that information to anyone else, unless of course our impossibly obtuse privacy policy says otherwise and/or we change our minds tomorrow.

We store this information an indefinite amount of time for reasons even we don’t fully understand. And when we do eventually get around to deleting it, you can bet it’s still kicking around on some network backup drives in somebody’s closet. So once we have it, there’s really no getting it back. Hell, we can’t even find our keys half the time -- how do you expect us to keep track of this stuff?

Not to worry, though, because we use the very bestest security measures to protect your data against hackers and identity thieves, though no one has actually ever bothered to verify this. You’ll pretty much just have to take our word for it.

So just to recap: Your information is extremely valuable to us. Our business model would totally collapse without it. No IPO, no stock options; all those 80-hour weeks and bupkis to show for it. So we’ll do our very best to use it in as many potentially profitable ways as we can conjure, over and over, while attempting to convince you there’s nothing to worry about.

(Hey, Did somebody hold a gun to your head and force you to visit this site? No, they did not. Did you run into a pay wall on the home page demanding your Visa number? No, you did not. You think we just give all this stuff away because we’re nice guys? Bet you also think every roomful of manure has a pony buried inside.)

This privacy policy may change at any time. In fact, it’s changed three times since we first started typing this. Good luck figuring out how, because we’re sure as hell not going to tell you. But then, you probably stopped reading after paragraph three."

Re:From the Article: (5, Insightful)

boristdog (133725) | more than 3 years ago | (#34503658)

I prefer:

Our privacy policy: We sell your data. You get our content for "free." Deal?

Re:From the Article: (3, Funny)

commodore64_love (1445365) | more than 3 years ago | (#34503762)

Works for me. Radio is free. TV is free.
I want my Yahoo, Hulu, and Facebook free too.
Deal.

This post sponsored by:
ADFREE MUSIC:
radiotime.com/station/s_52398/Mix_2_1065.aspx

Re:From the Article: (5, Insightful)

blair1q (305137) | more than 3 years ago | (#34504962)

Radio is free. TV is free.

You pay for those with your attention. You pay for internet content with your attention and your identity and a record of your online behavior and the identities of your friends and maybe some information on your hard drive and you give the internet a shot at pwning your computer or taking all the stuff you own in your name.

Radio is free. TV is free. The Internet is savage.

Re:From the Article: (1)

CookieForYou (1945108) | more than 3 years ago | (#34505722)

While I ripped blair one in another post, I gotta agree here.

Advertising viewership is one thing.

Collecting, organizing, cataloguing, storing and disseminating every scrap of personal information possible on your habits, schedule and just about anything else, is entirely something else.

People accept it because it is invisible and they are too complacent to disagree.

However, the government has become nearly as insidious, with mass domestic wiretapping and security schemes that do little to add to the overall safety and a lot to demean citizens and their right to privacy.

Re:From the Article: (2)

zero_out (1705074) | more than 3 years ago | (#34503784)

I prefer:

Our privacy policy: We sell your data. You get our content for "free." Deal?

But WHAT data? You can't possibly identify me on the internet. It's anonymous! I can give your partner my email address, but that doesn't mean they can charge my credit card unless I give it to them. Wait, they're charging my CC!!! I didn't say you could give THAT to them!!!

Re:From the Article: (4, Insightful)

GreatAntibob (1549139) | more than 3 years ago | (#34503834)

I prefer:

Our privacy policy: We sell your data. You get our content for "free." Deal?

Correction: You get access to our content for "free". We will sue you, your family, and all your friends and neighbors to the 9th level of Hell should you choose to infringe on our intellectual property.

Re:From the Article: (5, Insightful)

Toe, The (545098) | more than 3 years ago | (#34504166)

I prefer:

Our privacy policy: We sell your data. You get our content for "free." Deal?

Correction: You get access to our content for "free". We will sue you, your family, and all your friends and neighbors to the 9th level of Hell should you choose to infringe on our intellectual property.

...which now includes your data.

Re:From the Article: (0)

The End Of Days (1243248) | more than 3 years ago | (#34504178)

Awww you're cute when you blowhard.

Re:From the Article: (0)

Anonymous Coward | more than 3 years ago | (#34503878)

Or :

Privacy? Moohuuuhahahahaaaaaaaaaaaaa....

Re:From the Article: (1)

AmberBlackCat (829689) | more than 3 years ago | (#34503940)

The meaning of "your data" needs to be more clear. It should say something like "everything you see on our website may be sold to someone, including the things you put on our website".

Re:From the Article: (3, Insightful)

gklinger (571901) | more than 3 years ago | (#34504244)

"If you are not paying for it, you're not the customer; you're the product being sold." - blue_beetle (quotation taken from here [metafilter.com] )

Re:From the Article: (1)

Bigjeff5 (1143585) | more than 3 years ago | (#34507988)

Bingo.

See Google.

(For the record, I don't think it's a bad thing, just something people need to understand.)

Re:From the Article: (4, Interesting)

KevMar (471257) | more than 3 years ago | (#34504358)

Our privacy policy:
You have no expectation of privacy. We will collect any and all information you or your computer is willing to give us and do whatever we want with that information. Use of this site is entirely optional. Use at your own risk.

Re:From the Article: (1)

tophermeyer (1573841) | more than 3 years ago | (#34504496)

Our privacy policy:

Is that for real? As a technologically educated user of the internet, I think I would certainly appreciate a privacy policy worded exactly like that.

I might not agree with the policy, but it offers no ambiguity about the level of privacy protection your website offers.

Re:From the Article: (1)

Kunedog (1033226) | more than 3 years ago | (#34507132)

I've always been impressed with NearlyFreeSpeech.Net's (they sell hosting/domains) privacy policy: https://www.nearlyfreespeech.net/about/privacy [nearlyfreespeech.net] Check it out if you want an example of one that's serious about earning your trust, not just tricking you. It's clearly written with very little legalese or boilerplate cut&paste.

Re:From the Article: (0)

Anonymous Coward | more than 3 years ago | (#34506318)

Our privacy policy:
You have no expectation of privacy. We will collect any and all information you or your computer is willing to give us and do whatever we want with that information. Use of this site is entirely optional. Use at your own risk.

You should assume that when visiting any site.

Now, how the data is abused. (1)

h00manist (800926) | more than 3 years ago | (#34504492)

Now let's have some analysis of how many ways this data gets abused, but really abused. Like screening employees based on browsing habits, tracking opposition groups and members, what the hell can *really* be done with this stuff, and how easy/how much is it to gain access to the data you want.

Re:From the Article: (1)

exhilaration (587191) | more than 3 years ago | (#34503874)

Small change to this: We store this information an indefinite amount of time for reasons even we don’t fully understand.

I would say this instead, which is probably closer to the truth: "We store this information an indefinite amount of time because, well, disk space is cheap."

Re:From the Article: (0)

Anonymous Coward | more than 3 years ago | (#34503974)

Exactly. I think I preferred computers when they were large, expensive and hard to use. And I'm being serious. I'd like to be alive in the 1960s. You had plenty of technology and still had a home life and the women were hotter.

Re:From the Article: (2)

Americano (920576) | more than 3 years ago | (#34504582)

Awww, someone's been watching Mad Men.

Re:From the Article: (1)

Anonymous Coward | more than 3 years ago | (#34504472)

It's brilliant. My only complaint is the cringe-inducing comment in TFA where he says that he's "open sourcing" this privacy policy. Really? So, where do I download the source code?

Re:From the Article: (2, Funny)

Anonymous Coward | more than 3 years ago | (#34508108)

It's brilliant. My only complaint is the cringe-inducing comment in TFA where he says that he's "open sourcing" this privacy policy. Really? So, where do I download the source code?

Right Click -> View Source

Re:From the Article: (1)

mysidia (191772) | more than 3 years ago | (#34508028)

"At COMPANY _______ we value your privacy a great deal." and we are happy to have you trade it to us for free services

That's why we are taking it from you. By visiting our website, you agree to share complete accurate information on all signup, profile, comments, and other forms on our web site. And you agree we can store all data collected forever, and share, license, or sell it to anyone we want.

Legally Binding? (1)

quangdog (1002624) | more than 3 years ago | (#34503660)

Just how legally binding are privacy policies in the first place? I've taken the time to specifically look for privacy policies on many sites, only to discover that they either don't have one or have one that is completely inscrutable by anyone not a lawyer. What are they designed to do in the first place? Protect the user? Protect the owner of the website from legal action from a user? Does anyone ever actually read a privacy policy?

Re:Legally Binding? (2)

Monkeedude1212 (1560403) | more than 3 years ago | (#34503902)

Does anyone ever actually read a privacy policy?

It depends. Generally if something has a check box that says "I have agreed to the Terms and Conditions listed here" or "I have read and confirm the privacy policy located here" then I usually go and read them to make sure I know what I'm dealing with. I have actually re-read the Steam User Agreement like 5 times now keeping an eye out for any changes, because while I trust Valve to play nice, I don't want to be one of the naive guys who just assumed the policy stayed the same week after week and ended up agreeing to something I haven't read. I used to read the WoW Updates when I played Wow.

But yeah, for the most part, Privacy Policies for the most part tend to be optional reading material, Terms and Conditions are something else. I only bother reading them if there is some (possibly an illusion) of importance based on it. I don't know if it'll hold up in Court, but when there is a checkbox I can say with full certainty that I actually did read and agree to the Policy before hand. And even if they change it - I can say that unless they prompted me with the changes and another checkbox, I didn't agree to it.

The whole "Using our services shows that you acknowledge our policy" is possibly one of the most underhanded tricks in the books and I think it should be outlawed. No - give me some other way to show that I acknowledged the policy. At least at that point you can blame it on my ignorance of not reading up on stuff or being too impatient or whatever, but there are so many reasons why I may not be up to date on the poicy (not informed of achange, wasn't aware there was one, etc) - that simply using it should not constitute agreeing to it. It's as ridiculous as the EULA after you open the box and not being allowed to return it after its open.

Re:Legally Binding? (2)

Mashiki (184564) | more than 3 years ago | (#34504268)

Meh checkboxes aren't binding in a lot of places. And are on par with shrink-wrap EULA's, in Canada the privacy act states that anything that's personally identifiable that a company collects, the customer or consumer must be clearly informed, that the company is collecting it and for what purposes. And if their policy is changing, the company must get written permission explicitly stating what they're changing and why.

Even a business relationship with a customer is not enough of a reason to violate a customers right to their privacy. If you want that marketing data, you must get full permission first.

That's pretty much the reason why FB is trying to make nice in Canada. Because the law says: You shall not under any circumstances do anything with personal information, without a clear explanation to the customer, client, or user.

I just skip ELUA's, privacy policies(unless canuck) and their ilk, because I already know they're not binding here. But if I have any legal problems, they're required to come to Canada in order for any disputes, according to the law of my land. Especially if they want to keep doing business here.

Re:Legally Binding? (1)

Anonymous Coward | more than 3 years ago | (#34505478)

Some sites do things like put terms and conditions or privacy policies in a frame, so it is easy to block the content. Then when the site says do you agree to this empty space you can honestly say "yes", rather than "I'm no lawyer, there's no way I can grasp that shit. I just want to use this site, so I'll say yes when I know I mean no".

I actually had a conversation with a contract law barrister about the kind of BS sites pull when it comes to making sure they win every time. When I said that there is basically no way for a web site to know what has been displayed on a user's screen, so how would they ever actually enforce any agreement, he was actually stuck. Of course, if he had a case like that he'd make himself aware of what is going on and so wouldn't be stuck straight away, but it does show that there isn't some well known trick companies use to force EULAs, T&Cs, or PPs on customers.

With a paper contract you can modify things, sign it, and the other party can agree or not. This isn't possible with websites, they appear to be "take it or leave it".... or is it possible? A Greasemonkey script could mean an uneditable page of text is placed in a form's textarea. And that can be editable by the user - like I am editing now in a <textarea>. The user could make suitable changes, and then submit the form. So what if the other party doesn't check the contract that comes back? It's their problem that they agreed to pay me to use their services. When you leave a machine in charge, they will get it wrong sooner or later: remember that Simpsons where Homer gets over 300lbs, and leaves that bird-thing in charge of the computer? Having your httpd doing the contract paperwork is recipe for disaster.

It might be possible in some kind of horrible trusted computing environment for corporations to guarantee what it displayed to the user. Currently I guess a JS md5'ing of a web page could confirm if a page is being displayed as a company wants, but that would be pretty trivial to bypass - instead of submitting back to the httpd the page's real MD5, you just send what they want. Though at what point are we getting into a world of fraud?

But computers get viruses all the time, and whilst massively unlikely that malware would be modifying web site T&Cs, it isn't outside the realm of possible. Malware frequently tries to get in between users and the services they are using, so I should think it could be possible for a lawyer to convince a court that actually malware is responsible for a contract being mis-communicated. And completely blanking a computer and starting from fresh is common method for dealing with malware, so it's not like it would look like purposeful destruction of evidence if you happened to have formatted your machine right around the time some contract gripe came up.

Re:Legally Binding? (1)

Bigjeff5 (1143585) | more than 3 years ago | (#34508040)

They are legally binding so long as what is being promised is legally enforceable. One clause being unenforceable does not negate the whole agreement.

Think of it as a verbal contract with proof.

Verbal contracts are legally binding, but don't carry quite the same weight as a formally written and signed contract.

Re:Legally Binding? (2)

camperdave (969942) | more than 3 years ago | (#34503960)

Policies are never legally binding. Only laws are legally binding. Policies are in place so that, in the event of a lawsuit, a company can claim due diligence. So, they protect the company primarily. Some policies may also protect the user as a side effect, but primarily they protect the company.

Re:Legally Binding? (1)

houghi (78078) | more than 3 years ago | (#34504074)

And that will differ from country to country.

Re:Legally Binding? (1)

blueg3 (192743) | more than 3 years ago | (#34504652)

Contracts are legally binding.

Re:Legally Binding? (1)

Bucky24 (1943328) | more than 3 years ago | (#34505002)

You know, I always wondered: is that a blanket statement? If you sign a contract, is it legally binding no matter what is inside it?

For example is it possible to have someone sign a contract telling them that if they don't make a house payment they lose their citizenship, would that hold up in a court of law?

Everyone treats the contract as this magical piece of paper that makes any action legal as long as it's signed properly, but I don't think that's so.

Re:Legally Binding? (1)

TaoPhoenix (980487) | more than 3 years ago | (#34505344)

No.

Last I recall my contract law class, the elements of a contract are
Offer
Acceptance
Consideration
Capacity (mental) to enter a contract
and - Legality of the Contract.

You can't enter a "Valid" contract for something illegal.
That's why you see the clause that says if somehow one clause winds up illegal it doesn't squash the entire rest of the terms.

Re:Legally Binding? (1)

camperdave (969942) | more than 3 years ago | (#34505776)

Contracts are only legally binding because there are laws that make them so.

Re:Legally Binding? (1)

bk2204 (310841) | more than 3 years ago | (#34504736)

Generally, policies end up being legally binding. Companies that have had certain non-discrimination policies (say, on the basis of sexual orientation) but ended up violating them have been successfully sued. Basically, if you end up doing anything in reliance on a company policy, it's legally binding.

That, of course, is why most privacy policies are extremely vague and one-sided.

Re:Legally Binding? (1)

cdrguru (88047) | more than 3 years ago | (#34505258)

Policies that are legally binding are generally backed up by laws that are legally binding, making the policy really mean "we are following the applicable laws". That's it.

For example, if a company were to have a policy that states they will never, ever hire homosexuals and every employee was required to sign a statement that they accepted and would follow that policy - it wouldn't stand up in court for 30 seconds no matter what happened. Violating that policy would have zero impact.

Having a privacy policy at a medical clinic that says will not disclose your information to anyone, ever has no chance of being upheld because insurance companies require health care providers to disclose everything about a patient. Violating such a policy has no meaning. However, if they violate HIPPA rules, especially those which have the force of law, can result in jail time and huge fines.

Having a privacy policy on a web site is meaningless because there are no laws governing such privacy. You have no right to "privacy" concerning your online behavior or your credit card information. Now someone that obtains your credit card information and uses it fraudulently could be in trouble - except credit card fraud is not enforced in the US. I suspect it is the same everywhere.

So any policy which simply restates applicable laws can't be violated without legal repercussions. Violating a policy which does not have any law behind it is simply a violation of the policy which can be changed at any time.

Re:Legally Binding? (0)

Anonymous Coward | more than 3 years ago | (#34505718)

Policies are never legally binding.

The doctrine of estoppel might say otherwise.

Re:Legally Binding? (1)

lwsimon (724555) | more than 3 years ago | (#34507430)

Google Adsense requires them; therefore their primary purpose it to fulfill that requirement.

Finally a good find here... (1)

damn_registrars (1103043) | more than 3 years ago | (#34503662)

This must be pretty fresh, as it shows 0 tweets related to it so far ... oh, wait. It's already 3 days old.

Re:Finally a good find here... (1)

zoefff (61970) | more than 3 years ago | (#34504906)

That means that nobody really bothers about privacy policies enough to tweet about, even this one...

Scott McNealy said it best (1)

Eric Sharkey (1717) | more than 3 years ago | (#34503696)

What could be more honest than, "You have zero privacy anyway. Get over it."?

Sun CEO Scott McNealy [wired.com]

Scott McNealy said it most greedily and ignorantly (2)

Zero__Kelvin (151819) | more than 3 years ago | (#34504202)

What could be more ignorant? Clearly Zuckerberg and McNealy are both willing to sell out the principles upon which this country was founded, and give a middle finger to all the people who have died and will die to protect our rights, in pursuit of profits. I guess it is no big surprise that Sun tanked with him at the helm. I can only hope that Zuckerberg suffers a similar fate, but alas that seems unlikely, since people actually listen to these power hungry fools and believe they posses some kind of insight and wisdom.

News Flash: I still have privacy and 4th Amendment protections, and while I have lost some of it because it is literally impossible to defend, I plan on using knowledge of technology and the US Constitution to keep as much of it as humanly possible. McNealy and Zuckerberg can go screw themselves, and I really hope some day one of them is stupid enough to say something so stupid in my presence.

Re:Scott McNealy said it most greedily and ignoran (0)

Fwipp (1473271) | more than 3 years ago | (#34504346)

What about Zuckerberg's and McNealy's rights to tell people the things you freely told them? I don't think "freedom from gossip" is in our constitution.

Re:Scott McNealy said it most greedily and ignoran (0)

Anonymous Coward | more than 3 years ago | (#34504462)

I don't think "freedom from gossip" is in our constitution.

That's what we get for letting women vote!

I never implied what you wrongly inferred (1)

Zero__Kelvin (151819) | more than 3 years ago | (#34504526)

There is also freedom to ask ridiculous questions that have nothing to do with the parent post, as you have clearly demonstrated. Bravo!

Re:Scott McNealy said it most greedily and ignoran (0)

Anonymous Coward | more than 3 years ago | (#34504786)

Yeah sure tough guy cocksucker. You won't do shit if they say anything in your presence. Maybe your mom will, if they come into your basement. By the way, the 4th Amendment doesn't mean shit to non-government entities, so take your demand for privacy and jam it up your dad's ass while he's raping you.

Right; you post as AC and *I'M * a coward - ROTFL (0)

Zero__Kelvin (151819) | more than 3 years ago | (#34504992)

""You won't do shit if they say anything in your presence."

Of course I will. I'll exercise my freedom of speech to tell them to their face what I think of them in no uncertain terms, in a way that will make them embarrassed. It is your immaturity that caused you to infer that I was making a physical threat.

"By the way, the 4th Amendment doesn't mean shit to non-government entities, so take your demand for privacy"

Great reading comprehension skills to go with your incredible courage. I stated: "I still have privacy and 4th Amendment protections" Clearly if I thought they were one and the same I would not have enumerated them separately.

Re:Scott McNealy said it best (0)

Anonymous Coward | more than 3 years ago | (#34505760)

What could be more honest than, "You have zero privacy anyway. Get over it."?

So said the CEO of a company that made/makes high-end data systems! Sun would have been one of the companies trying to get contracts with the likes of the UK government when they wanted to bring in a national ID card system, with a full-on big-brother backend. Sun kit probably powers doubleclick, facebook, Acxiom, and any number of other data-rapists.

Yeah, privacy isn't important when you are selling computer systems to those who want to violate privacy! Are you just naive, or on the payroll of these fuckers?

I don't give a shit if you are willing to give away your privacy, just don't be willing to give away mine. And going along with that zero privacy bollocks it is exactly that.

Genius captcha: comply

tl; dr simplified version (2)

noidentity (188756) | more than 3 years ago | (#34503704)

"We exploit any and all data we can get from you while you visit our website. You have no privacy with us. Even things you didn't think we could find out, we can. Thanks for your understanding."

Counterexample (1)

Anonymous Coward | more than 3 years ago | (#34503710)

I realize this is meant as a joke, but there are some (usually quite small) companies that actually *do* have honest privacy policies.

For example, this one. [imo.im]

Re:Counterexample (1)

Quirkz (1206400) | more than 3 years ago | (#34503864)

Absolutely. I've put privacy policies on web sites that are sometimes as simple as "We don't share your information with anyone." In those cases it was honest, true, and actually acceptable. As opposed to this honest but reprehensible (albeit pretty typical) one.

Re:Counterexample (1)

Bill Dimm (463823) | more than 3 years ago | (#34504096)

We don't share your information with anyone

I applaud your intentions, but what do you do if a court orders you to disclose information about one of your users? IANAL, but it seems you have a choice between violating the law and violating your own privacy policy -- you've got a big problem either way. All of those clauses and conditions in those long privacy policies serve a purpose, and they need to be there even when the company operating the website does respect the privacy of the site's users.

Re:Counterexample (1)

wierd_w (1375923) | more than 3 years ago | (#34505036)

One could argue that by legally entering a privacy contract with the end user, that they are legally unable to comply with the subpoena. Kinda like a catholic priest refusing to give testimony over a confession he has heard.

The government is unlikely to want to play nice with that arrangement, but that is where the PR machine initiates retaliatory strikes.

Re:Counterexample (1)

cdrguru (88047) | more than 3 years ago | (#34505386)

Sorry, it won't fly.

The most basic point is a contract cannot circumvent law. So you can have a contract that says you don't have to comply with a subpoena but the contract is unenforcible and has no applicabily on your relationship with law enforcement, only with your customer. Law enforcement isn't a party to the contract either, so they don't care.

The relationship between a priest and confessor is legally recognized. While it might be nice to have that sort of relationship recognized between web site owner and browser, it isn't.

Re:Counterexample (1)

CookieForYou (1945108) | more than 3 years ago | (#34505432)

One could argue that by legally entering a privacy contract with the end user, that they are legally unable to comply with the subpoena. Kinda like a catholic priest refusing to give testimony over a confession he has heard.

No, one could not say that. One would be in violation of contempt of court and possibly an accessory to the crime.

The law states that a subpoena overrules ALL other private agreements. The ONLY exception is medical, legal (lawyers) and religious privacy, and those can often be stretched pretty thin by an aggressive prosecutor.

Re:Counterexample (1)

Quirkz (1206400) | more than 3 years ago | (#34506094)

I'm pretty sure being required to present information in court couldn't reasonably be considered a violation of a privacy policy. And that's not a tough choice, it's 100% obvious that the court wins. A majority of the clauses and conditions are in there to protect the sites that do buy/sell/trade user information. I'm not a lawyer either, but until one tells me otherwise, I still maintain you don't need anything else if you don't let that information go to anyone else.

Re:Counterexample (1)

Bill Dimm (463823) | more than 3 years ago | (#34506814)

couldn't reasonably be considered a violation of a privacy policy

But, could it legally be considered a violation (i.e., could your user successfully sue you for disclosing the info)? You can argue in court that a contract cannot force you to do something illegal (ignore court order to disclose info), but can you convince the court that you shouldn't be liable for the damages to the user caused by that disclosure? Essentially, your privacy policy is false advertising, and the user can claim that he wouldn't have used your site (and hence become damaged by the disclosure) if you hadn't promised him something you couldn't deliver (nondisclosure). Is the user in the wrong for believing that your privacy policy meant exactly what it said, without any unstated caveats, or are you in the wrong for not being explicit about situations where the information could be disclosed? Again, IANAL, but I would think that a judge would expect a higher level of legal expertise (hence, more burden of precision) from the person writing the privacy policy than from the user trying to interpret it.

Let's try a different example. Someone does a denial-of-service attack on your webserver. It seems your privacy policy prohibits you from disclosing the attacker's IP address to the police or to the attacker's ISP. There is no legal compulsion for you to disclose it in this case -- it is purely for your benefit (to pursue civil action against the attacker, which you are not legally required to do).

Re:Counterexample (2)

Quirkz (1206400) | more than 3 years ago | (#34507202)

Hell if I know. But I don't really consider government confiscation of information to be disclosure. I don't think they're on the same level at all. I also don't think an attacker is a "user" who would be covered by a policy like that. I'd like to see someone in either case try to object. In the first they'd be objecting to my complying with a court order, and in the second they'd be admitting to attacking my site.

I feel like this is way outside the realm of what normal privacy concerns for normal users is all about. You can nitpick, but my message is simple, understandable, and exactly what a normal user wants to know. It would be a complete shame to destroy that for the sake of fringe cases and legal caveats, and it puts us right back where we are now: with unreadable monstrosities of text that nobody trusts anyway because we all know they're full of loopholes and lies. I'll take my chances with your examples before I'll put out the crap that normally passes as a privacy policy on most sites.

Re:Counterexample (1)

houghi (78078) | more than 3 years ago | (#34504118)

Well, many sites tell they do not share the information and then you read that again a site is hacked and all the information was available.

Re:Counterexample (0)

Anonymous Coward | more than 3 years ago | (#34507286)

I realize this is meant as a joke, but there are some (usually quite small) companies that actually *do* have honest privacy policies.

For example, this one. [imo.im]

But even that PP has weasel words and cover-all terms that I feel is the real problem with PPs, T&Cs, EULAs, or any contract you'll enter into with a corporation, or a bastard.

Or in order to make our service better. For example, we may log your ip address...

What making the service better could mean is not explained anywhere. And from who's point of view? All it takes is for someone to decide that more income to the business will mean better service, and suddenly there's pressures to change things.

Twice the following is said, under saving and sharing your info:

* Or in order to comply with valid laws, regulations, or government requests, or to detect or prevent abuse such as spamming, harassment, fraud or security violations.

And as far as I am concerned that is far too broad. Valid laws include contract law, so if they enter in to some business arrangement they can save and share your data with the other party in a contract. How broad are government requests? Without saying so, I assume that if you are a trainee in a rubbish collection department you can ask this company for data on its users, and they will comply. Abuse is a loose term too, especially when wrapped up with the vague "security violations". Security is the word used by any little hitler these days to try and get their thing done. And if the business exists to make profit, then if it isn't making enough then some involved with the business might see it as being abused. Et voila, data rape.

And the PP is wrapped up with an irrelevant (to privacy) mention of Skype, and nothing about how Skype will have its own privacy policies.

Yep, that's going on my site. (1)

phyrexianshaw.ca (1265320) | more than 3 years ago | (#34503752)

Hell, it's honest and gives people an idea about how the world really works.

I love it.

the language needs a little cleaning up, but I'll be putting it on my site later on.

Re:Yep, that's going on my site. (1)

lwsimon (724555) | more than 3 years ago | (#34507444)

Me too. I need to check to make sure it fulfills the requirements for Adsense, but I suspect it does. I'll enable comments on the page, too - it might even draw some hits.

Re:Yep, that's going on my site. (0)

Anonymous Coward | more than 3 years ago | (#34507756)

Plan for the future. Use the Buy n Large disclaimer [buynlarge.com] .

Pretty funny stuff. (1)

DurendalMac (736637) | more than 3 years ago | (#34503778)

Most of that is pretty damned funny, but I thought that this was just silly:

We’ll also share all of this information with the government. We’re just suckers for guys with crew cuts carrying subpoenas.

Um, if any company is going to refuse a government subpoena, then they'd better have a very damned good legal reason to do so. Few companies are interested in going to court themselves and spending boatloads to protect a user.

A privacy Policy! Daah! (1)

angiasaa (758006) | more than 3 years ago | (#34503786)

A nice little idea. If actually put to use.

How about a no-privacy-policy world?
It then should be obvious and/or taken for granted that "We will do whatever the dickens we feel like with your data."

Sites that decide to stick to some rules with regard to protecting privacy can sit down and spend some time drawing up a sketch of a privacy policy. "We will never do such-and-such with your data." etc.

Problem solved. facebook will have no policy while slashdot would have at least a couple of lines. Wikileaks would probably.. oh well, who'm I kidding? :(

My proposed privacy policy (3, Insightful)

russotto (537200) | more than 3 years ago | (#34503840)

All your data are belong to us!

Just as accurate, easier to understand, and shorter.

Re:My proposed privacy policy (0)

Scarred Intellect (1648867) | more than 3 years ago | (#34504778)

Actually, as "base" is singular, the correct form would be:

All your datum are belong to us!

The First Truly Honest Post (5, Funny)

ryanisflyboy (202507) | more than 3 years ago | (#34503954)

I didn't bother reading the article. I'm simply posting an emotional response based solely on the probably inaccurate summary. I don't really care about privacy policies because I'm use to getting tracked all the time. Security cameras watch me drive to work, my badge records when I enter the door, cameras watch me inside the building, my credit card leaves a trail everywhere I buy something... and I don't really care. So go ahead and track what you want and sell the data to whoever. The hundreds of spam messages I get a day proves that there is no hope of ever retrieving any of my privacy. If you start asking for money to visit this site I'll probably pay for it because I tend to develop habits that make me comfortable. I don't like those habits being interrupted.

I'm now going to hit submit without doing a preview because I could really care less about the quality of this post.

Re:The First Truly Honest Post (-1)

Anonymous Coward | more than 3 years ago | (#34504368)

Just a comment, and some trolling ftfys

Generally, I agree. I don't know what everybody is freaking out about over "privacy". Welcome to 2010. You don't have privacy anymore, and it's really not that big of a deal imho. "Privacy is a right" is a rediculous argument. Humans only have "rights" to whatever they imagine they have "rights" to. No law of nature is going to enforce your "rights".

I'm simply posting an emotional response based solely on the probably inaccurate summary.

This is Slashdot! 99% of all summaries are inaccurate. /. is similar to most other news media, except that there's even more pressure to pump out headlines to make geeks think they *need* to read.

I don't really care about privacy policies because I'm used to getting tracked all the time.

(verb) used to [wiktionary.org]

I could'nt really care less

Wiktionary refers to a book classifying could care less [wiktionary.org] as one of the Common Errors of English Usage

Re:The First Truly Honest Post (0)

Anonymous Coward | more than 3 years ago | (#34505076)

"Privacy is a right" is a rediculous argument.

Thanks for playing...

Re:The First Truly Honest Post (1)

Unkyjar (1148699) | more than 3 years ago | (#34507670)

"Couldn't care less" is actually the correct phrasing of the "Could care less" error you linked to. Good try though.

Re:The First Truly Honest Post (1)

Unkyjar (1148699) | more than 3 years ago | (#34507702)

Ignore my post, I'm a moron who replied too quickly, doesn't read, and doesn't take my own advice.

Re:The First Truly Honest Post (0)

Anonymous Coward | more than 3 years ago | (#34504858)

Obligatory: *couldn't* care less.

Re:The First Truly Honest Post (1)

vux984 (928602) | more than 3 years ago | (#34505112)

I'm now going to hit submit without doing a preview because I could really care less about the quality of this post.

It lets you do that? I -have- no submit button, just a preview... I WANT my submit button back.... what's the option I need to use to get this to work...

Re:The First Truly Honest Post (0)

Anonymous Coward | more than 3 years ago | (#34506022)

All your submit are belong to us

Re:The First Truly Honest Post (0)

Anonymous Coward | more than 3 years ago | (#34506630)

The option is called NoScript. Or at least it is for me. Unless I turn on JS which I only tend to do when modding or metamoding.

My /. settings are set to use the new fucking awful AJAX and buzzword 2.0 compliant slashdot UI. With JS off with NoScript the UI is like the old one, but if your comment score threshold is low (I browse at -1) you get all the comments loading on 1 page - something that only happened with the old slashdot interface with very short discussions. You also don't get the in-line reply boxes with JS disabled.

If you are suffering the full JS slashdot experience, if you control-click on the "reply to this" button, you'll get the stupid in-line reply form (which you can cancel), but you'll also get a background tab with the old-school reply form. Without the enforced preview.

Re:The First Truly Honest Post (1)

Bigjeff5 (1143585) | more than 3 years ago | (#34508468)

That's because you are using the quick edit feature. You can change your preferences to switch to the full edit style, which has both a submit and a preview button. The disadvantage, of course, is that it takes you to a separate page for your comment.

You can't do nearly the volume of inane posts on a slow connection with the full edit as you can with the quick edit.

Re:The First Truly Honest Post (0)

Anonymous Coward | more than 3 years ago | (#34506098)

I'm now going to hit submit without doing a preview because I could really care less about the quality of this post.

I'm now going to hit submit without doing a preview because I couldn't really care less about the quality of this post.

Re:The First Truly Honest Post (0)

Anonymous Coward | more than 3 years ago | (#34506900)

Supposedly that Americanism of "could care less" is them saying "couldn't care less" sarcastically. Even though "I couldn't care less" is a pretty sarcy way to express not giving a shit about something, some Americans claim they are adding more sarcasm.

No, I don't believe it either. I think some people got the phrase wrong a long time ago, and then stuck with it out of some kind of stubbornness, and went as far as coming up with a reason why they needed to fuck with a phrase that made sense. And because the misuse is so widespread it has virtually become the use. We can stop that!

Here's the 7-word summary :) (0)

davidwr (791652) | more than 3 years ago | (#34504010)

"All your data are belong to us."

Cute (3, Insightful)

BJ_Covert_Action (1499847) | more than 3 years ago | (#34504036)

Well, the proposed privacy policy is funny and gives the author a nice little medium through which to rant, but it doesn't really do anything to increase privacy on the internet does it? This privacy has a snowball's chance in hell of actually being adopted by anyone with a legitimate web-business. It's a great joke, but this is hardly a YRO story. It's pretty idle.

Re:Cute (0)

Anonymous Coward | more than 3 years ago | (#34505370)

Well, maybe it indirectly helps increase privacy on the net.

If more people realized that this is going on, maybe they'll be more careful about giving away data in the first place. They can only sell the data than your computer is willing to send them. If you configure your machine to run their scripts and download their web bugs and send very trackable fingerprints in your UA string, then you WILL be tracked. People need to wake up and realize that, and start taking control of their own fate. If they don't, they will always be at the mercy of advertisers.

If it helps people see that THEY have to be responsible, not just depend on the good will of others, then it will indirectly help privacy on the net.

Re:Cute (1)

lwsimon (724555) | more than 3 years ago | (#34507448)

Define "legitimate"?

I have a web business that is currently drawing about 1,000 visitors / day across all my sites, and I plan to adopt it. Is that "legitimate"?

Don't need no stinking warrants (1)

rlseaman (1420667) | more than 3 years ago | (#34504208)

Crewcuts don't make them bad guys, and warrants don't make them good guys. Big Brother (yours, mine or ours) is "sharing" in vast amounts of data without warrants. Now is the time for your tears...

hmm... a bit evasive (1)

emagery (914122) | more than 3 years ago | (#34504242)

Sure, who wants their information sold? Who wants to be tracked? Problem is, things like cookies and recording contact information and so on is pretty critical to the operation of any site that attempts to be interactive with you as a human being. Without these, so much of the functionality people have come to expect would be either very expensive or entirely infeasible. This is why I donated to Diaspora. If you want the functionality AND the privacy, you MUST shoulder some of the expense and burden involved in making the network and the software work.

Re:hmm... a bit evasive (2)

Kocureq (1191079) | more than 3 years ago | (#34505054)

I want my information sold, as I get some service from the company selling my data in exchange. I prefer to pay with my information than with my money. I work hard to get my money. I just live by to get the information - it's being created no matter what I do. To get money, I have to do specific things in specific time, sometimes in a specific location, which doesn't have to be my preferred way of spending time. It's way easier to create information than money.

One Question (1)

ThoughtMonster (1602047) | more than 3 years ago | (#34504260)

Is it legally binding?

Oh for pities sake (0)

pugugly (152978) | more than 3 years ago | (#34504336)

Whine Whine Whine Bitch Bitch Bitch.

Or, alternatively, toggle off cookies by default, install noscript and https-everywhere. Look at what Google lets you opt out of and, y'know, opt out. If you're feeling *really* paranoid, set up an alternate profile for any online persona that you don't want tracked backwards to you.

If you have a genuine concern about some evercookie tracking you unethically after you've done that, I'll grant that it's legit. Tracking via IP addresses should of course be limited to things that genuinely require a warrant, and I don't trust our security establishment to abide by that.

But for the love of Pete ninety percent of the time it's like listening to nudists complain about tourist cameras . . . downtown.

"OH my God they got a picture of my jiggly bits!!!!"

Pug

Re:Oh for pities sake (1)

CookieForYou (1945108) | more than 3 years ago | (#34505458)

"pities sake" ... "for the love of Pete"?

lemme guess, you're over 35 and live in the midwest of the US. Probably Minnesota or Wisconsin, likely not in a large city (or you recently moved from one of those places).

You certainly grew up there.

No, I didn't steal this information from your cookies. :-P

Re:Oh for pities sake (1)

pugugly (152978) | more than 3 years ago | (#34508142)

OHMIGODOHMIGODOHMIGODOHMIGOD

You mean people can figure out things about me based on . . . stuff I *DO*!?!?!?!?!

YOU'RE FROM THE NSA AREN'T YOU!!!!!!!!!

AUGH!!!

Oh - wait - if they have that much wrong, I'm probably okay . . . unless . . . it's a double bluff?!?!!?!

AAAAAUUUUUGGGGGHHHHH!!!!!!!

{G} - Pug

The way we do it.... (0)

Anonymous Coward | more than 3 years ago | (#34504412)

..is to have privacy policies set up specifically to tell the customer what we WON'T do with their data, as well as what we will do.

e.g. "We will NEVER sell any of your data, to anyone, at any time..."
"We may use your data to contact you regarding; a contract with you, an order you have placed with us or in response to an enquiry from yourself..."

I think this is the best approach. Always look at it from the perspective of the customer. Put all the legalese stuff underneath and a simplified language version (like a summary) at the top. More people would read these things if the information was clear, concise and to the point. People are sick of having a phone book of ridiculous contract clauses thrown at them every time they want to sign up to a website / install software / purchase a product.

What's so hard? (3, Interesting)

NewtonsLaw (409638) | more than 3 years ago | (#34504476)

Here's my privacy policy [aardvark.co.nz] .

(to save you clicking the link)...
"The Aardvark Privacy Policy

To put it bluntly -- any information you submit through this site
is held in total confidence unless otherwise stated.

Aardvark has built a strong reputation for protecting the information submitted
and collected. I have a total anti-spam, anti UCE policy -- never, never, never
will your email address be made available to any third party without your
expressed permission and never, never, never will I send you unsolicited
email.

That's it ... plain and simple -- Your secrets are safe with me!

What's more -- Aardvark doesn't routinely collect information from its
users. Apart from the Google Ads, this site is a cookie-free zone --
I probably know nothing at all about you anyway!

Here's a whole bunch of stuff about Google's cookie and privacy policy that
You might find interesting and which I'm supposed to include in this
privacy statement as part of my position as an AdSense user

If you've got a problem or a query about this then contact me, you can even do it
anonymously but in that case don't expect a reply (how could I?). "

It's short, to the point and covers all the bases, doesn't it?

What's so hard about coming up with a concise, no-nonsense privacy policy?

Re:What's so hard? (0)

Anonymous Coward | more than 3 years ago | (#34508370)

Nothing hard about it. But your policy is the exact opposite of what most sites want to do... dig out every bit of information about you that they can, then stick it in the magic "???" step of that list that ends with "Profit!!!"

Their policies are so much extra wind because they're dancing around phrases that would clarify that they will do the opposite of what you'd like them to do (or rather, not do).

It actually amuses me (1)

sea4ever (1628181) | more than 3 years ago | (#34504762)

Reading this is kinda funny, even though I know it applies to a lot of sites now. Perhaps even almost all.
I know that a lot of people don't ever read the privacy policies though, or EULAs and etc.

I remember an article at Humorix (linux-related joke site) with a EULA that resembles this privacy policy. it had a clause in it that said something like:

By accepting this agreement you hereby agree to forfeit your firstborn son and/or soul to us..

Seriously though. Perhaps an honest privacy policy like this will let people realize just what they're getting themselves into every time they visit a random site and fill in some information.

Compare to this, in the real world ... (1)

enselsharon (968932) | more than 3 years ago | (#34504864)

http://www.rsync.net/resources/notices/tos.html [rsync.net]

I especially like:

"No form of data or meta-data concerning the behavior of our customers or the contents of their filesystems, or
even the customer data that we hold in our records for billing, will ever be divulged to any law enforcement
officer or agency without order served directly by a US court having jurisdiction. "

and:

"No consumer or personal information about our customers of any kind will be divulged to any party for any reason."

There are other and older honest ones (2)

karl.auerbach (157250) | more than 3 years ago | (#34505104)

There are other, and much older, honest privacy policies out there.

For instance, here's my privacy policy, which I believe is entirely hones, adopted by several others, and has been on my website for well more than a decade:
http://www.cavebear.com/privacy-policy.html

"Buy n Large" already covered this ... (0)

Anonymous Coward | more than 3 years ago | (#34506188)

With the rather more comprehensive Buy n Large disclaimer [buynlarge.com] on their website. When in doubt, I assume that it is also the standard privacy policy for any other corporate website.

I prefer this old disclaimer. (1)

antdude (79039) | more than 3 years ago | (#34506702)

"This product is meant for educational purposes only. Any resemblance to real persons living or dead is purely coincidental. Void where prohibited. Some assembly required. List each check separately by bank number. Batteries not included. Contents may settle during shipment. Use only as directed. No other warranty expressed or implied. Do not use while operating a motor vehicle or heavy equipment. Postage will be paid by addressee. Subject to CAB approval. This is not an offer to sell securities. Apply only to affected area. May be too intense for some viewers. Do not stamp. Use other side for additional listings. For recreational use only. Do not disturb. All models over 18 years of age. If condition persists, consult your physician. No user-serviceable parts inside. Freshest if eaten before date on carton. Subject to change without notice. Times approximate. Simulated picture. No postage necessary if mailed in the United States. Please remain seated until the ride has come to a complete stop. Breaking seal constitutes acceptance of agreement. For off-road use only. As seen on TV. One size fits all. Many suitcases look alike. Contains a substantial amount of non-tobacco ingredients. Colors may fade. We have sent the forms which seem right for you. Slippery when wet. For office use only. Not affiliated with the American Red Cross. Drop in any mailbox. Edited for television. Keep cool; process promptly. Post office will not deliver without postage. List was current at time of printing. Return to sender, no forwarding order on file, unable to forward. Not responsible for direct, indirect, incidental or consequential damages resulting from any defect, error or failure to perform. At participating locations only. Not the Beatles. Penalty for private use. See label for sequence. Substantial penalty for early withdrawal. Do not write below this line. Falling rock. Lost ticket pays maximum rate. Your canceled check is your receipt. Add toner. Place stamp here. Avoid contact with skin. Sanitized for your protection. Be sure each item is properly endorsed. Sign here without admitting guilt. Slightly higher west of the Mississippi. Employees and their families are not eligible. Beware of dog. Contestants have been briefed on some questions before the show. Limited time offer, call now to ensure prompt delivery. You must be present to win. No passes accepted for this engagement. No purchase necessary. Processed at location stamped in code at top of carton. Shading within a garment may occur. Use only in a well-ventilated area. Keep away from fire or flames. Replace with same type. Approved for veterans. Booths for two or more. Check here if tax deductible. Some equipment shown is optional. Price does not include taxes. No Canadian coins. Not recommended for children. Prerecorded for this time zone. Reproduction strictly prohibited. No solicitors. No alcohol, dogs or horses. No anchovies unless otherwise specified. Restaurant package, not for resale. List at least two alternate dates. First pull up, then pull down. Call toll free number before digging. Driver does not carry cash. Some of the trademarks mentioned in this product appear for identification purposes only. Objects in mirror may be closer than they appear. Record additional transactions on back of previous stub. Unix is a registered trademark of AT&T. Do not fold, spindle or mutilate. No transfers issued until the bus comes to a complete stop. Package sold by weight, not volume. Your mileage may vary. Known as Hellman's east of the Rockies. Beware of greeks bearing gifts. Beware of gifts bearing greeks. This side up. Don't take any wooden nickels. Don't take candy from strangers. Void where prohibited. Caveat Emptor (Buyer beware) Caveat Vendor (Beware of street people). Donde esta el bano. Beware of DOS. Look both ways before crossing the street. All your base are belong to us. Always wear safety belt. Always wear deodorant. Don't forget to breathe. If you park, don't drink...accidents cause people. This supersedes all previous notices.

This modified disclaimer may not be copied without the expressed written consent of whoever I stole it from."

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?