The Offshore Voyaging Reference Site

Not Boring Privacy Policy—Cookies

With all the recent hullabaloo about internet privacy, not to speak of the European privacy act, and a similar piece of legislation here in Canada, Phyllis and I thought it was time to update our Privacy Policy, particularly since our old one was simply a bit of boiler plate, that we, like most internet companies, copied from someplace else.

But rather than just copy one again, or hire a lawyer (can’t afford that anyway) to write some complicated smoke screen of blather and cover-our-ass clauses, we have decided to tell you in plain old English what information we store about you (not much), how we use that information (not much), and the steps we take to protect it from misuse by others (a lot).

Reduce Boredom

At this point I can hear you say:

“Fine, John, but how are you going to make this interesting?”

Yeah, I know, a tall order. That said, as part of running this site for 15 years and constantly improving our defences against hackers, as well as investigating the myriad of tools available to market our membership and using some of them, I have learned quite a bit about what goes on in the internet world.

Some of it is perfectly innocent business practice, some of it a bit grey, and a lot of it is downright nasty.

And much of the stuff I have learned is pretty interesting, so maybe I can make this less boring by sharing some of that. And, in so doing, maybe help some of you, in just the same way we try to help with articles about things like docking and anchoring.

That said, if you are only interested in exactly what we are and are not doing, just read the parts that look like this paragraph and skip the rest.


Let’s start off with the cookies—a silly name for short text files—that we store on your computer, tablet or phone (from now on I will just write “your device”) when you visit us.

What? You store stuff on my device?

Yup, and pretty much every site you visit does the same. And some of those sites use those little pieces of information in some pretty creepy ways: Ever wonder how sites know to show you ads about say sails after you do a search on “best sailmaker in….”? Or how companies know that you nearly bought a product from their site, and then decided against it? Well cookies are a lot of how that’s done.

What We Do

 So here’s what we do with cookies at AAC:

  • Monitor traffic to our site to determine stuff like what articles are most popular and the path that readers take to become members. We use a service from Google called Analytics to do that.
  • If you are a member, we write a cookie to your device when you log in so that we don’t have to bug you to log in again when you next visit.
  • When you actually join as a paying member we store the pages you looked at on our site only on the way to joining, in your membership record.
    • We do this to optimize the joining process.
  • We track user shares of our posts on social media.
  • Also, while not a cookie, we execute a small piece of Javascript in your browser to monitor how quickly our pages load—maintaining decent performance on a site this complicated is a huge challenge and this helps us make sure something has not slowed our site down.

That’s it.

What We Don’t Do

Perhaps, more importantly, here’s what we don’t do:

  • Other than tracking the pages you looked at before paying for membership (detailed above), we don’t track you personally, even on our site.
  • We don’t show you anything on our site driven by what you have already looked at—everyone sees the same stuff, although of course logged-in members see more…and less: no membership promotion.
  • We don’t use the cookie code to read anything off your device. In fact, as far as I know, that’s not even technically possible.
  • We don’t share any information about you with anyone.
  • We don’t share what you do at AAC with any other company or individual.

How Tracking Works

Let’s expand a bit on all of that, and in the process arm you with information about what to look out for on other sites.

Google identifies each of you with a number any time you visit any site that runs Analytics, and that’s the vast majority of the internet.

So we can see the following about any visitor:

  1. How they found our site: search, referral (link), etc.
  2. The pages they visited.
  3. The course they followed to become a member (we hope).

All of this information is anonymous: We know what visitor number say 12530269484.15884993018 did on our site, but we don’t know their name or anything personal about them, unless they actually join (see above).

We have also instructed Google to delete even that information 14 months after the user’s last visit—the shortest retention time they offer.

To me this is the core of the whole privacy issue and the thing that every internet user should zero in on when deciding whether or not they are comfortable with how they are being treated by a particular site: Are they tracking you personally across the internet?

Phyllis and I decided over five years ago that personal tracking of the pages people view all over the internet was way too creepy.

History of Internet Spying

By the way, here’s a bit of interesting history about how all this came about.

All Was Good

Up until a few years ago companies like Google, that live by selling advertising, rigorously maintained user anonymity—remember Google’s old and now long gone motto, “Don’t Be Evil”?

The Start of Something Bad

But then along came a Harvard University dropout who had built one of the most popular sites in the world and was trying to figure out how to make money from it. And he realized that the way to do that was to sell all the information he had accumulated about us…yup, that’s Facebook’s business model:

  • They convince us to share our most personal information.
  • They use deep psychology to addict us and our children to their “services”.
  • They use our creative work (photos, video, and writing), without payment, to entice others to join.
  • And they then auction (yup, to the highest bidder) information about us and our friends and family to pretty much anyone who will pay, so they can target us with creepy personalized advertising and even creepier propaganda masquerading as content.

This is the foundation of how they make money—if a service is free, you are the product being sold.

(The right thing for Facebook to do is change to a membership model so their loyalty would be to their users, not advertisers, but that will never happen, unless forced by law, since that model would only make them filthy rich, not obscenely rich.)

And the sad fact is that this model worked so well that Facebook started eating Google’s lunch, so Google jumped into the cess pit of personally-targeted marketing too. And don’t get me started on what a certain shaven-headed bookseller knows about us…and he charges us a membership as well. Hint: It’s called Prime.

No Third Party Personal Tracking

OK, enough ranting—hey, it wasn’t boring—back to what we don’t do at AAC…and this is a big one.

If a site uses Facebook to reach readers, as we do, they are always on at us to install something called the “Facebook Pixel”. A cute name for a piece of code that lets Facebook spy on you personally…even when you are not on Facebook.

I’m ashamed to admit that before we understood what they were doing we had the Facebook Pixel on this site for about six months, while we were figuring out how much Facebook contributed to our site (almost nothing). While not illegal, definitely a mistake, for which I apologize.

Anyway, the Facebook Pixel is gone now, and we won’t ever knowingly install it, or anything like it, ever again.

Sorry about the “knowingly” qualification, but another thing I have learned is that these companies are constantly figuring out new ways to get little sites like us to co-operate, often unknowingly, in their world domination plans, so while we can promise to be diligent in our efforts to thwart that, we can’t guarantee they will never fool us again.

For example, I’m pretty sure, based on their latest user agreements, that Google does not cross-reference your personal identity with activity at sites like ours that don’t share that, but they probably could if they wanted to, at least if you have a Google account, and we might never know.

Opting Out of Cookies

All that said, if you decide that you don’t want our cookies, there are several ways to do that.

Total Opt Out

You can simply tell pretty much any modern browser not to allow cookies, from all sites, or just this site. Here’s how to do that.

The problem with this approach is that if you are a member it will screw things up, since we will have no way to know you are a member when you visit again, or even just load a page so you will keep getting asked to log on again.

Opting Out of Google Analytics Tracking

So if you decide you don’t want us to (anonymously) track you, which helps us figure out how to make the site better and keep it financially viable, you can do that here.
Assuming you believe Google—and I actually do on this one—this will stop them tracking you right across the internet, but still leave our membership site working properly.

A Promise

Well, now you know everything about what we intentionally do with cookies. Once again, sorry for the “intentional” qualification. As above, we just can’t guarantee that some company won’t figure a way to smuggle tracking code onto AAC.

That said, we do promise to be diligent about checking for and removing anything that tracks you, other than the stuff we have disclosed above. We are getting pretty good at sniffing out bad stuff and we have hired some really smart people to help us—more on that in Part 2.

One More Thing

Oh, yeah, nearly forgot the whole point of this:

By continuing to use this site, you have agreed to the above policy.

If You Care

There are also two other issues here of interest to readers concerned about AAC’s longterm survival. If that’s not you, you can stop reading now.

Still here? Thanks for caring.

Why We Track

An obvious question in all of this is why we don’t just delete Google Analytics and not track reader behaviour at all.

The answer is that AAC is only just financially sustainable, and getting here and staying here was the result of constantly tweaking the way our site looks and works, in order to best convince readers to join.

The point being that just providing the best content we can possibly create is not enough; marketing is vital too. And there is no way to get our marketing right without analyzing what users do and want.


Now let’s look at some practical stuff.

Trying to comply with every detail of every regulation that every country that we might have a member in, never mind a reader, is becoming a potential risk to this site’s survival.

What the lawmakers and bureaucrats have totally missed, or don’t care about, is that the administrative burden is pretty much the same for a company like ours with a tiny revenue, and even smaller profit, as for a huge multi-national with limitless compliance resources.

Phyllis and I are already spending more than half our business-related time on administration. And compliance (tax and privacy) is a big part of that, along with accounting, website maintenance, and customer support.

Bottomline, increasing our admin burden from what it is now will put us out of business.

For example: Providing specific opt-in for each cookie, as some have suggested is required by some countries, on the off chance that the requirement applies to us, would require coding that would need to be maintained every time our core software and plugins updated (several times a month). Just not practical.

The other problem is that many of these regulations are ambiguous, and who they apply to even more so. The advice we see most often is to…take legal advice. But hiring a lawyer competent to opine on international compliance would cost more than our entire profit…for multiple years. Just not practical.

So I have spent hours diligently reading about many of these regulations, and we are going forward in the sincere belief that we have complied. We are making our best effort here.


If you have any questions, please leave a comment.

Inline Feedbacks
View all comments
Marc Dacey

Even though I take “care” of my own end through the usual blockers and script-refusers, as I’ve done for many years now, I appreciate the full-frontal aspect of your operation here. So you get a rare cookie from me, because I know it saves me logging in. Most places are far more “monetized” than this one, and I’m glad to hear you are (finally) in the black. Will many of your readers and patrons read this, or even appreciate it? Maybe not, but it’s important to go on record with this sort of thing now and again.

James Dylewski

Thanks John I found it informative not boring
keep up the good work
sv Windigo

Rod Morris

Thank you for a very readable and interesting article. The extra effort to write this in an educational and entertaining way is not insignificant. I have noted this same effort in all your articles and that is what makes AAC such a great site.


Hi John,
I have recently received an offer from my internet security provider for a vpn access. Would that create a problem at your end?


Thanks for your reply and advice. I guess I was getting sold something I don’t need, through lack of knowledge…

Marc Dacey

That depends a bit, I think, John. I would route banking transactions, for instance, through a VPN were we just tenuously hooked into some random YC’s guest wifi. Of course, I’m still also a fan of PGP and other similar measures. Half the battle is to make your presence more trouble than it’s worth, so the maleficent move on to the easier targets.

Mike McCollough

This is a very nice explanation, thank you. One of the better ones I have read. It would be informative to distribute to a wider audience, not only as a site advertisement, but also to inform them about what free means.

Stephen Lewinton

Would like to echo comments and thanks for the efforts made to make everything readable and interesting. Also congrats that you are in the black.

As someone struggling with EU GDPR I think you view is a sensible pragmatic response to the increasing regulatory complexity.

John Armitage

Excellent, John, thanks.

Carole Lockhart

I found this article very informative. Thanks for explaining in non-lawyerese.

Andrew Donald

Thank you for your honesty and wit. It’s good to feel you can trust at least some people to do the right thing, and to be transparent and open about it too. You’ve earned a large chunk of credibility through the approach you’ve taken. You’re on the right tack!