But rather than just copy one again, or hire a lawyer (can’t afford that anyway) to write some complicated smoke screen of blather and cover-our-ass clauses, we have decided to tell you in plain old English what information we store about you (not much), how we use that information (not much), and the steps we take to protect it from misuse by others (a lot).
At this point I can hear you say:
“Fine, John, but how are you going to make this interesting?”
Yeah, I know, a tall order. That said, as part of running this site for 15 years and constantly improving our defences against hackers, as well as investigating the myriad of tools available to market our membership and using some of them, I have learned quite a bit about what goes on in the internet world.
Some of it is perfectly innocent business practice, some of it a bit grey, and some of it downright nasty.
And much of the stuff I have learned is pretty interesting, so maybe I can make this less boring by sharing some of that. And, in so doing, maybe help some of you, in just the same way we try to help with articles about things like docking and anchoring.
Let’s start off with the cookies—a silly name for short text files—that we store on your computer, tablet or phone (from now on I will just write “your device”) when you visit us.
What? You store stuff on my device?
Yup, and pretty much every site you visit does the same. And some of those sites use those little pieces of information in some pretty creepy ways: Ever wonder how sites know to show you ads about say sails after you do a search on “best sailmaker in….”? Or how companies know that you nearly bought a product from their site, and then decided against it? Well cookies are a lot of how that’s done.
What We Do
So here’s what we do with cookies at AAC:
- Monitor traffic to our site to determine stuff like what articles are most popular and the path that readers take to become members. We use a service from Google called Analytics to do that.
- If you are a member, we write a cookie to your device when you log in so that we don’t have to bug you to log in again when you next visit.
- We track user shares of our posts on social media.
What We Don’t Do
Perhaps, more importantly, here’s what we don’t do:
- We don’t track you personally in any way.
- We don’t show you anything on our site driven by what you have already looked at—everyone sees the same stuff, although of course logged-in members see more…and less: no membership promotion.
- We don’t use the cookie code to read anything off your device. In fact, as far as I know, that’s not even technically possible.
- We don’t share any information about you with our Corporate Members.
- We don’t share what you do at AAC with any other company or individual.
Not Tracking You Personally
Let’s expand a bit on all of that, and in the process arm you with information about what to look out for on other sites.
Google identifies each of you with a number any time you visit any site that runs Analytics, and that’s the vast majority of the internet.
So we can see the following about a visitor:
- How they found our site: search, referral (link), etc.
- The pages they visited.
- The course they followed to become a member (we hope).
All of this information is anonymous: We know what visitor number say 12530269484.15884993018 did on our site, but we don’t know their name or anything personal about them.
We have also instructed Google to delete even that information 14 months after the user’s last visit—the shortest retention time they offer.
But our intentional ignorance is only maintained as long as we don’t link the personal information we have on you in our mailing list and member files to Google’s tracking. Not to worry, we have never, and will never do that. Phyllis and I decided over five years ago that personal tracking was way too creepy.
History of Internet Spying
By the way, here’s a bit of interesting history about how all this came about.
All Was Good
Up until a few years ago companies like Google, that live by selling advertising, rigorously maintained user anonymity—remember Google’s old and now long gone motto, “Don’t Be Evil”?
The Start of Something Bad
But then along came a Harvard University dropout who had built one of the most popular sites in the world and was trying to figure out how to make money from it. And he realized that the way to do that was to sell all the information he had accumulated about us…yup, that’s Facebook’s business model:
- They convince us to share our most personal information.
- They use deep psychology to addict us and our children to their “services”.
- They use our creative work (photos, video, and writing), without payment, to entice others to join.
- And they then auction (yup, to the highest bidder) information about us and our friends and family to pretty much anyone who will pay, so they can target us with creepy personalized advertising and even creepier propaganda masquerading as content.
And anyone who thinks that their recent contrition about all of this will stop it going forward is sadly deluded. Not going to happen since it’s the foundation of how they make money—if a service is free, you are the product being sold.
(The right thing for Facebook to do is change to a membership model so their loyalty would be to their users, not advertisers, but that will never happen, unless forced by law, since that model would only make them filthy rich, not obscenely rich.)
And the sad fact is that this model worked so well that Facebook started eating Google’s lunch, so Google jumped into the cess pit of personally-targeted marketing too. And don’t get me started on what a certain shaven-headed bookseller knows about us…and he charges us a membership as well. Hint: It’s called Prime.
No Third Party Personal Tracking
OK, enough ranting—hey, it wasn’t boring—back to what we don’t do at AAC…and this is a big one.
I’m ashamed to admit that before we understood what they were doing we had the Facebook Pixel on this site for about six months, while we were figuring out how much Facebook contributed to our site (almost nothing). While not illegal, definitely a mistake, for which I apologize.
Sorry about the “knowingly” qualification, but another thing I have learned is that these companies are constantly figuring out new ways to get little sites like us to co-operate, often unknowingly, in their world domination plans, so while we can promise to be diligent in our efforts to thwart that, we can’t guarantee they will never fool us again.
For example, I’m pretty sure, based on their latest user agreements, that Google does not cross-reference your personal identity with activity at sites like ours that don’t share that, but they probably could if they wanted to, at least if you have a Google account, and we might never know.
Opting Out of Cookies
All that said, if you decide that you don’t want our cookies, there are several ways to do that.
Total Opt Out
Opting Out of Google Analytics Tracking
Well, now you know everything about what we intentionally do with cookies. Once again, sorry for the “intentional” qualification. As above, we just can’t guarantee that some company won’t figure a way to smuggle tracking code onto AAC.
One More Thing
Oh, yeah, nearly forgot the whole point of this:
If You Care
There are also two other issues here of interest to readers concerned about AAC’s longterm survival. If that’s not you, you can stop reading now.
Still here? Thanks for caring.
Why We Track
An obvious question in all of this is why we don’t just delete Google Analytics and not track reader behaviour at all.
The answer is that we have only just crossed the line to financial sustainability and getting there was the result of constantly tweaking the way our site looks and works, in order to best convince readers to join.
The point being that just providing the best content we can possibly create is not enough; marketing is vital too. And there is no way to get our marketing right without analyzing what users do and want.
Now let’s look at some practical stuff.
Trying to comply with every detail of every regulation that every country that we might have a member in, never mind a reader, is becoming a potential risk to this site’s survival.
What the lawmakers and bureaucrats have totally missed, or don’t care about, is that the administrative burden is pretty much the same for a company like ours with a tiny revenue, and even smaller profit, as for a huge multi-national with limitless compliance resources.
Phyllis and I are already spending more than half our business-related time on administration. And compliance (tax and privacy) is a big part of that, along with accounting, website maintenance, and customer support.
Bottomline, increasing our admin burden from what it is now will put us out of business.
For example: Providing specific opt-in for each cookie, as some have suggested is required by some countries, on the off chance that the requirement applies to us, would require coding that would need to be maintained every time our core software and plugins updated (several times a month). Just not practical.
The other problem is that many of these regulations are ambiguous, and who they apply to even more so. The advice we see most often is to…take legal advice. But hiring a lawyer competent to opine on international compliance would cost more than our entire profit…for multiple years. Just not practical.
So I have spent hours diligently reading about many of these regulations, and we are going forward in the sincere belief that we have complied. We are making our best effort here.
In Part 2 I will cover what information we store about you and the steps we have taken to keep that information safe from bad actors.
If you have any questions, please leave a comment.