Privacy Policy

[goprog]

Yada, yada, yada - but...

Thinking about it, I see no privacy policy posted here.

While I am 100% confident no information is given to marketeers,
etc, I wonder how much information is kept/stored about browsing
habits, etc, that could be subpoened/discovered by authorities.

I cannot protest anything that is publicly posted or available,
but I am concerned about surfing and IP addresses being retained.
(If you look at the source of any post, it contains your IP
address.) And my understanding is websites can see where you
go to or where you've been (even through multiple sites.)

Perhaps I should have first asked Robert what his policy is
and what is retained, but it seems to be something everyone
should have some input on and awareness.

While noone could probably care less about appliance posts,
etc, when we go off-topic and discuss political issues, etc,
this becomes more relevant.

Or am I just seeing boogeymen everywhere? (Halloween IS
approaching.)

 

[DADoES]

Web server logs can capture some information, such as a "referral site" URL, which would be the site one was on before getting here. That information is not (far as I know) accessible except via the server logs, and would require some analysis to tie it to individual visitors. What info Robert my pull and retain in his own security logs, only he can say.

IPs per se don't usually mean much for identifying a user by real name, physical address, etc. To do that would require cooperation from the individual's ISP, research into *their* logs for who is assigned the IP. Dial-up IPs in particular may change on every connection, so the ISP would have to know the exact time-frame in question and assign a tech to research it. I've done that for tracing abuse complaints and and advising customers with virus infections and such, it's an @ss-pain. The majority of ISPs would have their own privacy policy regarding revealing that information to 3rd parties. The ONLY time I ever did that was under subpoena from law enforcement, which happened ONE time in eight years.

E-mail address included in member profiles can be harvested by spambots ... so it's a good idea to obfuscate in some way if one wishes to defend against that.

 

[washertalk]

So what brought this up?

Is it those national guard jets that hover over your house subtly up in the clouds, hoping you won't notice?

We know that republicans have done all kinds of sleazy illegal things like listen in and abuse privacy laws in the last 7 years. Thats a given.
I mean you can't commit voter fraud without listening in on telephone calls.

I won't be talking in fear. If some trash wants to follow my footsteps, go ahead. Does one have nothing better to do?

I have nothing to hide. Damn proud of what I stand for. I'm not republican and do not want anything to do with that sick lifestyle.

Your not suggesting that our Robert is, no... A CIA operative with a washing machine fetish. That's his cover anyway....
It's possible.

 

[petek]

I go by the policy that everything I post, every transaction, is recorded somewhere regardless of policies. That's why I used to be hesitant about posting my pic knowing once it's out there it's out there forever. I don't worry about it anymore. I don't buy things over the internet anymore other than Ebaying and there's only a smal amount of money in there no ones gonna get rich hacking into that account which is solely for ebaying.

 

[goprog]

I agree with the posts so far. I am not going to retract
anything I have posted here, but still. I think what brought
it up was having the locations of posters highlighted on the
home page. Perhaps if it was conglomerated over a month it
wouldn't be such a big deal. But having the IP address on
every post can be a concern. Until I complained to my ISP
last year, it was plainly accessible what my street address
was since I have a static IP address. But it still took them
months to resolve "the problem" and hide the street address.

It's just one of those little things that builds upon other
little things until a monster has been created. I could really
expound way too much for anyone to want to read. Just think
of the government's data mining programs - TALON, ADVISE,
others and the result once they were made public. We can say
it is only a problem with this administration, but privacy
invasion is not something to ignore.

Perhaps I'm just paranoid tonight - they really are out to
get me. The point is not to make it any simpler than
necessary for data-mining/profiling to occur by publishing
or retaining information that is really unnecessary for other
than curiousity or "maybe it will be useful" sake. Don't like
using the word, but it's like a "preemptive" precaution...

I'll stop now.

 

[goprog]

Well, almost

Don't remember if it was here or another forum, but Google
"reads" your gmail so they can generate "appropriate"
advertising to your screen. Do you like the idea? After
advertising, what will be next?

 

[dalangdon]

Privacy policies pertain only to what the operator of the website does with the information collected. Robert asks very little information of us, and I trust him to do the right thing.

And that, in my humble opinion, is (or should be) the AW.org privacy policy.

 

[petek]

I run a couple of Spyware programs regularly. It's amazing how many tracking cookies etc get planted everyday on your computer. Everyone should use them. Actually at least two of them in case one misses something.. Spyware Terminator is my main one and I got it free on Tucows I think

 

[goprog]

I've got no problem with Robert. My problem is what happens
when some government agency (yes, slimmest of chances we think)
shows up at his door and confiscates all his computer equipment
(and heaven-forbid the PC driven Super Unimatic - who knows what
is hiding in those interfaces). If the data is not kept, however
benign the original purpose, then it can't be retrieved later.

And referring to DADoES post. I've sort of been through it.
Last year some *&%*&%^(*& hacker got into my email account and
deleted years worth of email with financial, tax, legal, and
other records I had no place else. (Yes, I was dumb to believe
it was safe there, but thought it was safer there than on a
harddrive at home.) I was able to get the IP address of the
perpetrator, but was unable to get any cooperation whatsoever
from the provider. Everyone wanted subpoenas from the court
or simply completely ignored me and provided no reply at all.
Now if it had been me, they could have simply looked up my
street address and name from the IP address.

I talked to the FBI since it is against the law, but didn't
matter. Since I was not a corporation or some other bigwig,
they weren't interested other than for making a tic mark on
a chart. I no longer use that email provider for anything
important (Yahoo) and use one (free) that will restore lost
mail for a fee which is entirely reasonable.

 

[dalangdon]

Goprog, in your scenario a privacy policy wouldn't matter, as the information is being confiscated by the government as part of some sort of investigation or crackdown.

But I really think your fear is unfounded. Not only is this site not at all controversial, most of the posts are cached all over the internet. There would be no need to "raid" anyone. What would you find if you did? No addresses, mostly no real names, nothing other than (sometimes) locations, birthdays and preferences in vintage appliances.

 

[DADoES]

NEVER keep mail on a server. Use a POP client and download it for storing on YOUR OWN computer. True, the mail service may have backups, but unless they have an unlimited budget for storage space, archive time is limited. When I ran the ISP, I did a monthly full backup of the mail server, and a daily backup (that was overwritten every day) of just the user mailboxes for recovery in case of a server crash (which did happen a few times and majority of the users were never aware of it).

 

[goprog]

It's amazing how many tracking cookies etc get planted e

I find a lot of times when using google, the site associated
with the top search item sets numerous cookies without even
clicking on the link.

 

[Unimatic1140]

But having the IP address on every post can be a concern.

Acutally not having an IP address on every post would be much more of a concern for this site or any other. I was thinking of changing to code to visibly show the IP address of every post anyway. I think that these fears are a bit unfounded. If I find a poster is using trying to hide their true IP address I will not allow that user to continue posting for the saftey of the site.

 

[whirlcool]

It's So Easy...

to see the IP addresses for people posting on this website.
Just go to View-Page Source and then look at each messages "Value". There you have it!

 

[DADoES]

Has there ever been confirmation that cookies can be dangerous or the source of a security breach, or is it more an unfounded fear? I rarely bother to delete cookies. Some web sites won't work without cookies. Online shopping carts, for example, typically use cookies to maintain the content of the cart until checkout.

 

[goprog]

IP addresses and cookies

I think it is valid for Robert to keep IP addresses to be able
to associate them with individual posts - if he wants to - but:

1) I don't see the usefulness of having it available for just
anyone to see. Other than some possibly idle curiousity (so
be curious about something else), the only reason someone
might want to use it is for nefarious purposes.

2) Perhaps there should still be a privacy policy that states
such things.

Yes, I've read where cookies (shopping cookies) were visible
to other sites. I think it was a year or two ago. This was
a bug in a browser (as I remember). Do we think there will
never be another bug or everyone always has an upgraded
(fixed) browser? My policy has always been to deny cookies
unless I absolutely need them and when done at a site (bank,
401k, credit card, shopping, whatever) I immediately delete
them. I only allow cookies to remain from about 4 sites
- a total of 9 cookies, and AWO is 4 of those 9.

I have stopped using various sites that change their cookie
policies or change to requiring Javascript (another possible
security risk - and too frequently results in a browser crash
or system lockup for me). I have made banking decisions based
on this and intend to change my 401k provider because of their
cookie/javascript policies. It made me quite happy to stop
using ebay and paypal because of their cookie policies.

 

[Unimatic1140]

I don't see the usefulness of having it available for just
anyone to see. Other than some possibly idle curiousity (so
be curious about something else), the only reason someone
might want to use it is for nefarious purposes.

But I have a good reason Dale, because on occassion we have had posts that have caused trouble in one way or another. So many people care about this site that they have helped me research the origination of the posts and previous ones that I didn't catch and have tipped me off to trouble sometimes before it even happens. The safety and security of this site is more important the anyone’s desired need to be anonymous. In my six years of being a webmaster the only reason I find people need to be anonymous is to cause undue trouble to our site.

I see no need to create a privacy policy here.

 

[goprog]

Robert,

Note I said:

"I think it is valid for Robert to keep IP addresses to be able
to associate them with individual posts - if he wants to - but:"

This does not interfere with your well-intentioned/good
intentions regarding the site and protecting it from "trouble".

My issue is with making the IP addresses available to anyone.

As an extreme example, suppose someone knowing my home address
from the static IP address noted I was now posting from an
address that is out of state, etc. "Ah!", they say, he is
not home, let's rob his place.

Yes, it is extreme, but why make it possible to start with?

 

[goprog]

Or as another example

I don't know, I haven't been curious enough to see if you have
a static IP address or not and have no nefarious intentions, but
even it if is dynamic, it is possible to tell what part of the
country you are in from your posts. How would you feel if
someone came in and hauled off your most prized machines when
they knew you were gone simply because of the IP address being
available?

Yes, an extreme example, but I never expected someone to hack
into my email account and maliciously delete financially
important information. My dumb.