An Honest Privacy Policy

Funny:

The data we collect is strictly anonymous, unless you've been kind enough to give us your name, email address, or other identifying information. And even if you have been that kind, we promise we won't sell that information to anyone else, unless of course our impossibly obtuse privacy policy says otherwise and/or we change our minds tomorrow.

There's a lot more.

Posted on December 27, 2010 at 1:04 PM • 13 Comments

Comments

MNDecember 27, 2010 2:35 PM

Please delete confidential data. Respect privacy. Do not save those words. Those words were for some good cause and reasons. Saving someone's word without giving them advance notice before commenting is against freedom and law. Your website do not have privacy policy and it is without terms and condition. Someone can sue you if his/her words will be used in a wrong way. Keep them private...

Dr. I. Needtob AtheDecember 27, 2010 5:02 PM

What really bugs me is the idea of a "No Tracking List." It's like a law that says it's okay to slap anyone who hasn't put their name on the "No Slap List."

IDecember 27, 2010 6:40 PM

Your website is worthless to a new visitor because it lacks context, could you please give us some?
Also could summarise all your talks or have what you consider to be your most relevant essays on a list?

Dirk PraetDecember 27, 2010 6:56 PM

Still way too long. In it's shortest incarnation, it could just say "We really don't care about your privacy concerns and we'll use all data collected in any way we see fit, unless explicitly forbidden by law and our lawyers can't find any loopholes. If you don't like it, go away."

Van DonnerDecember 27, 2010 8:03 PM

The best privacy policy I have seen is on a security web site :

We have created this privacy policy because we value the trust that our viewership has placed on our web sites and we recognize that our viewers have an absolute right to keep their personal information private. This statement discloses our information gathering and dissemination practices for the World Wide Web site located at www.SecurityChatX.com, www.SecurityForumX.com, www.InfoSysSec.com and www.SecurityNewsPortal.com (the "InfoSysSec.com and SecurityNewsPortal.com Sites").


The Philosophy Behind Our Privacy Policy

First and foremost our Privacy Policy is quite simple to state :

We don't care who you are
We don't want to know anything about you
We don't want to store information about you
We don't sell information about you to Third Parties
It just doesn't get any simpler then that....

http://www.securitynewsportal.com/privacypolicy.html

bob (the original bob)December 28, 2010 6:55 AM

Some federal law will get passed which prohibits websites from keeping track of anything, including IP addresses (without which of course nothing can be sent to a browser). It wont be enforced, but will stay on the books and be used to attack people that are undesired but arent breaking any "real" laws.

kingsnakeDecember 28, 2010 9:57 AM

@bob

Rather the opposite. I expect increasing government requirements for sites to track visitor behavior. All, of course, in the name of "security" ...

Davi OttenheimerDecember 29, 2010 3:03 AM

@ bob

There's already a battle over it based on enforcement of privacy laws in Europe. It's being used to protect individuals from corporations.

http://www.eff.org/deeplinks/2010/06/european-officials-google-yahoo-microsoft-breaking-law

"WP29 told Yahoo that "a partial deletion of the personal data contained in search logs does not constitute true anonymization," and told Google that "deleting the last octet of the IP-addresses is insufficient to guarantee adequate anonymisation.""

Google has been openly patronizing and arrogant in response to the privacy advocates; it's a wonder anyone trusts them with anything:

http://googlepublicpolicy.blogspot.com/2008/02/are-ip-addresses-personal.html

"it’s important to have a firm grasp of the technical realities of the debate in order to reach conclusions that make sense"

Seems to me that kingsnake's assessment is most accurate. The US federal government made it clear under Bush 2.0 it would pay companies to track and collect visitor behavior (not least of all because Ashcroft was putting money in his own pocket by spending it on ChoicePoint http://www.nationalcorruptionindex.org/pages/profile.php?profile_id=220). A law to this effect would help bring the cost down and Google would not have to be so smug about their reasons.

context?December 29, 2010 1:46 PM

@I:

"Your website is worthless to a new visitor because it lacks context, could you please give us some?
Also could summarise all your talks or have what you consider to be your most relevant essays on a list?"


I can't figure out the purpose of your post. Maybe it was sarcasm, but just in case it wasn't...

Bruce is a respected security expert who posts about things that interest him, usually things related to some security field (computer, airport, physical, etc). All of his hundreds of previous blog postings going back many years, are easily accessible for you to read, just click on the links at the top or left of this page. If you click the "Essays and Op Eds" link, you get exactly the kind of list of relevant essays that you appear to be asking for.

What more context could you possibly want?

A ReaderDecember 31, 2010 2:01 AM

A possible addition to the "Honest 'Privacy' Policy:"

"In summary, the purpose of this privacy policy is to emphasize the seriousness with which we value and protect your privacy...just kidding!... The actual purpose of this privacy policy is protect us from liability in the even that you try to claim that we weren't sufficiently protective of your privacy and/or that we weren't specifically clear about our policy regarding privacy. Also, a privacy policy is an important tool for a Web site to maximize the amount of traffic from sucke...pardon us, customers who visit."

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..