Privacy policy

First, let's get one thing straight: we loathe spam. Whether it comes in paper or electronic form, or worst of all on the phone, we do our best to squash it in our own life. So we aren't going to turn around and do it to you :-). you'll only hear from us if you want to.

But let's be realistic here, this is only a promise, and even if you know us personally you shouldn't believe any such promises from any site. If you aren't sure what we're talking about, or are pretty new to online life, please read all about preserving your privacy online at the Electronic Frontier Foundation, one of the best and longest-lived Good Guys in these wars. They also have lots of references to other reliable sources.

There are a few simple methods we recommend which will go a long way toward minimizing snooping as you surf the web and go about your business:

The most obvious is to invest in an ISP that doesn't sell your name. We've had to ditch yahoo ourselves as they brutally switched policies, but years of spam-free mail there illustrate that it's possible to find relatively inexpensive services that respect your identity.
You must be careful not to let Microsoft link your browser to your identity via Outlook. It means you have to cut and paste any e-mail addresses you want to write to, but on the other hand web servers can't casually skim your address just because you're looking at a page. The less info your browser knows about you, the less shows in public. For that matter, Outlook is the #1 target of mail viruses, do yourself and your friends a favor and spring for one of the old reliables like Eudora, or read your mail on the web
Turn off cookies in your browser. It's easy to maintain a list of trusted sites, the ones where you do really want to shop or whatever. You can keep a list of evil sites you never want to know anything about you, like doubleclick.net for an infamous example. But most importantly your general 'unknown internet site' should be set never to leave any cookies on your disk, and to notify you when they want to use a temporary cookie for a specific session. EFF explains in great detail why cookies are very useful but are a tool that lends itself to gross misuse in terms of keeping track of everything you look at. You don't have to be a child pornographer running a side business from your day job to object to that.
When you're pressed to register for a site and you really want to look at what they have, lie. This is an old trick from people who were being harrassed by the FBI in the 70s for things like running school lunch programs - you can't always keep them from collecting data, but you can make sure that they have copious amounts of completely useless and contradictory information. I can't tell you how many sites I'm registered at as Donald Duck, Bozo Clown etc. If you do want to shop and need to use your own name, at least don't fill out any of those extra surveys correctly, be extra creative about your marital status, income, education level, whatever isn't anybody's business.
If you're about to use a credit card, make sure the connection to the page where you enter it is secure (ie encrypted, URL is https://..., icon is a closed lock). Try to do business with sites that don't store your card number forever. Most of all never send any confidential info in e-mail, especially not any financial info.

We tell you all this because privacy policies are a mere bandaid on the problem of what companies do with your personal info, and so far we're not aware of them being held to be legally binding. We've had experiences ourselves where perfectly nice and respectful sites get sold (or crash) and their lists of customers get passed on to less scrupulous operators, if only because the creditors consider your name as an asset. That's only the tip of the iceberg, as far as we can tell legally a company can just post a change to their privacy policy and start selling all the info they've collected on you without even notifying you, never mind getting your consent. It's bad business practice, in our opinion, but it happens frequently enough that you should be taking steps to cover yourself.

We think one of the problems is that companies collect info for the sake of doing it, just because it's very easy with computers doing the work, and you can just accumulate oodles of it with nothing more than a small investment in disk space. Then you're vulnerable to someone coming around and deciding to use that info arbitrarily (never mind stealing it, which does occur more often than we ever know). Recently, the problem of widespread use of contractors (in and out of the country of origin) has compounded the problem, giving access to intensely personal data to people who are only tenuously connected to the companies that hand it over. On a practical level, most companies we have worked for are afflicted with marketing sharks who are much more interested in trying to mind-read the customers than in preserving their privacy. We don't quite get why providing customers with a good product isn't enough, but then we don't have MBAs.

The bottom line is that data that isn't collected can't be misused. So we aren't going to collect any info from your browser, we aren't going to drop any cookies on your disk to snoop on what else you're looking at, and we're just going to have to guess at what you're interested in. You won't get as Personalized an Experience on this site as you might otherwise, you're going to have to look for the stuff you want to see, and you're going to have to tell us explicitly what you like or what gets on your nerves. Tough :-).

If you buy anything from us, that's a little more delicate, we have to collect some info, if only so we can ship the stuff to you :-)! But we don't have to abuse that process, and we won't. If you want to receive an occasional announcement of what new stuff we have available or such items of interest, please do send us your e-mail. But if you don't specifically ask for it, you aren't going to get on the list. And if you get on it by accident or change your mind, we'll be happy to take you off right away.

We know some people like the convenience of entering their credit card info once and having it on hand, like with the Microsoft Passport boondoggle (don't get us started on that one!!). But we completely disapprove of the principle. We are engineers, we know from experience how easy it is to break into a site, how hard it is to defend it, how it takes a full-time very smart person to even detect break-ins much less do anything about them. We try to protect your info to some extent by using large providers with good reputations (pair, paypal) who don't run their servers on Microsoft systems, and who have a better chance of detecting attacks and nipping them in the bud. But basically we try to protect you by not collecting much info for anyone to swipe, and that's the best defense anyone can offer. In addition, any info we do collect is stored only on non-networked computers, so it's not as vulnerable. We do our best to keep current with security issues, and will update this as new concepts develop.