With all the recent hullabaloo about internet privacy, not to speak of the European privacy act, and a similar piece of legislation here in Canada, Phyllis and I thought it was time to update our Privacy Policy, particularly since our old one was simply a bit of boiler plate, that we, like most internet companies, copied from someplace else.
But rather than just copy one again, or hire a lawyer (can’t afford that anyway) to write some complicated smoke screen of blather and cover-our-ass clauses, we have decided to tell you in plain old English what information we store about you (not much), how we use that information (not much), and the steps we take to protect it from misuse by others (a lot).
Reduce Boredom
At this point I can hear you say:
“Fine, John, but how are you going to make this interesting?”
Yeah, I know, a tall order. That said, as part of running this site for 15 years and constantly improving our defences against hackers, as well as investigating the myriad of tools available to market our membership and using some of them, I have learned quite a bit about what goes on in the internet world.
Some of it is perfectly innocent business practice, some of it a bit grey, and a lot of it is downright nasty.
And much of the stuff I have learned is pretty interesting, so maybe I can make this less boring by sharing some of that. And, in so doing, maybe help some of you, in just the same way we try to help with articles about things like docking and anchoring.
That said, if you are only interested in exactly what we are and are not doing, just read the parts that look like this paragraph and skip the rest.
Cookies
Let’s start off with the cookies—a silly name for short text files—that we store on your computer, tablet or phone (from now on I will just write “your device”) when you visit us.
What? You store stuff on my device?
Yup, and pretty much every site you visit does the same. And some of those sites use those little pieces of information in some pretty creepy ways: Ever wonder how sites know to show you ads about say sails after you do a search on “best sailmaker in….”? Or how companies know that you nearly bought a product from their site, and then decided against it? Well cookies are a lot of how that’s done.
What We Do
So here’s what we do with cookies at AAC:
- Monitor traffic to our site to determine stuff like what articles are most popular and the path that readers take to become members. We use a service from Google called Analytics to do that.
- If you are a member, we write a cookie to your device when you log in so that we don’t have to bug you to log in again when you next visit.
- When you actually join as a paying member we store the pages you looked at on our site only on the way to joining, in your membership record.
- We do this to optimize the joining process.
- We track user shares of our posts on social media.
- Also, while not a cookie, we execute a small piece of Javascript in your browser to monitor how quickly our pages load—maintaining decent performance on a site this complicated is a huge challenge and this helps us make sure something has not slowed our site down.
That’s it.
What We Don’t Do
Perhaps, more importantly, here’s what we don’t do:
- Other than tracking the pages you looked at before paying for membership (detailed above), we don’t track you personally, even on our site.
- We don’t show you anything on our site driven by what you have already looked at—everyone sees the same stuff, although of course logged-in members see more…and less: no membership promotion.
- We don’t use the cookie code to read anything off your device. In fact, as far as I know, that’s not even technically possible.
- We don’t share any information about you with anyone.
- We don’t share what you do at AAC with any other company or individual.
How Tracking Works
Let’s expand a bit on all of that, and in the process arm you with information about what to look out for on other sites.
Google identifies each of you with a number any time you visit any site that runs Analytics, and that’s the vast majority of the internet.
So we can see the following about any visitor:
- How they found our site: search, referral (link), etc.
- The pages they visited.
- The course they followed to become a member (we hope).
All of this information is anonymous: We know what visitor number say 12530269484.15884993018 did on our site, but we don’t know their name or anything personal about them, unless they actually join (see above).
We have also instructed Google to delete even that information 14 months after the user’s last visit—the shortest retention time they offer.
To me this is the core of the whole privacy issue and the thing that every internet user should zero in on when deciding whether or not they are comfortable with how they are being treated by a particular site: Are they tracking you personally across the internet?
Phyllis and I decided over five years ago that personal tracking of the pages people view all over the internet was way too creepy.
History of Internet Spying
By the way, here’s a bit of interesting history about how all this came about.
All Was Good
Up until a few years ago companies like Google, that live by selling advertising, rigorously maintained user anonymity—remember Google’s old and now long gone motto, “Don’t Be Evil”?
The Start of Something Bad
But then along came a Harvard University dropout who had built one of the most popular sites in the world and was trying to figure out how to make money from it. And he realized that the way to do that was to sell all the information he had accumulated about us…yup, that’s Facebook’s business model:
- They convince us to share our most personal information.
- They use deep psychology to addict us and our children to their “services”.
- They use our creative work (photos, video, and writing), without payment, to entice others to join.
- And they then auction (yup, to the highest bidder) information about us and our friends and family to pretty much anyone who will pay, so they can target us with creepy personalized advertising and even creepier propaganda masquerading as content.
This is the foundation of how they make money—if a service is free, you are the product being sold.
(The right thing for Facebook to do is change to a membership model so their loyalty would be to their users, not advertisers, but that will never happen, unless forced by law, since that model would only make them filthy rich, not obscenely rich.)
And the sad fact is that this model worked so well that Facebook started eating Google’s lunch, so Google jumped into the cess pit of personally-targeted marketing too. And don’t get me started on what a certain shaven-headed bookseller knows about us…and he charges us a membership as well. Hint: It’s called Prime.
No Third Party Personal Tracking
OK, enough ranting—hey, it wasn’t boring—back to what we don’t do at AAC…and this is a big one.
I’m ashamed to admit that before we understood what they were doing we had the Facebook Pixel on this site for about six months, while we were figuring out how much Facebook contributed to our site (almost nothing). While not illegal, definitely a mistake, for which I apologize.
Sorry about the “knowingly” qualification, but another thing I have learned is that these companies are constantly figuring out new ways to get little sites like us to co-operate, often unknowingly, in their world domination plans, so while we can promise to be diligent in our efforts to thwart that, we can’t guarantee they will never fool us again.
For example, I’m pretty sure, based on their latest user agreements, that Google does not cross-reference your personal identity with activity at sites like ours that don’t share that, but they probably could if they wanted to, at least if you have a Google account, and we might never know.
Opting Out of Cookies
All that said, if you decide that you don’t want our cookies, there are several ways to do that.
Total Opt Out
The problem with this approach is that if you are a member it will screw things up, since we will have no way to know you are a member when you visit again, or even just load a page so you will keep getting asked to log on again.
Opting Out of Google Analytics Tracking
A Promise
Well, now you know everything about what we intentionally do with cookies. Once again, sorry for the “intentional” qualification. As above, we just can’t guarantee that some company won’t figure a way to smuggle tracking code onto AAC.
One More Thing
Oh, yeah, nearly forgot the whole point of this:
If You Care
There are also two other issues here of interest to readers concerned about AAC’s longterm survival. If that’s not you, you can stop reading now.
Still here? Thanks for caring.
Why We Track
An obvious question in all of this is why we don’t just delete Google Analytics and not track reader behaviour at all.
The answer is that AAC is only just financially sustainable, and getting here and staying here was the result of constantly tweaking the way our site looks and works, in order to best convince readers to join.
The point being that just providing the best content we can possibly create is not enough; marketing is vital too. And there is no way to get our marketing right without analyzing what users do and want.
Practicality
Now let’s look at some practical stuff.
Trying to comply with every detail of every regulation that every country that we might have a member in, never mind a reader, is becoming a potential risk to this site’s survival.
What the lawmakers and bureaucrats have totally missed, or don’t care about, is that the administrative burden is pretty much the same for a company like ours with a tiny revenue, and even smaller profit, as for a huge multi-national with limitless compliance resources.
Phyllis and I are already spending more than half our business-related time on administration. And compliance (tax and privacy) is a big part of that, along with accounting, website maintenance, and customer support.
Bottomline, increasing our admin burden from what it is now will put us out of business.
For example: Providing specific opt-in for each cookie, as some have suggested is required by some countries, on the off chance that the requirement applies to us, would require coding that would need to be maintained every time our core software and plugins updated (several times a month). Just not practical.
The other problem is that many of these regulations are ambiguous, and who they apply to even more so. The advice we see most often is to…take legal advice. But hiring a lawyer competent to opine on international compliance would cost more than our entire profit…for multiple years. Just not practical.
So I have spent hours diligently reading about many of these regulations, and we are going forward in the sincere belief that we have complied. We are making our best effort here.
Comments
If you have any questions, please leave a comment.
Even though I take “care” of my own end through the usual blockers and script-refusers, as I’ve done for many years now, I appreciate the full-frontal aspect of your operation here. So you get a rare cookie from me, because I know it saves me logging in. Most places are far more “monetized” than this one, and I’m glad to hear you are (finally) in the black. Will many of your readers and patrons read this, or even appreciate it? Maybe not, but it’s important to go on record with this sort of thing now and again.
Thanks John I found it informative not boring
keep up the good work
James
sv Windigo
Thank you for a very readable and interesting article. The extra effort to write this in an educational and entertaining way is not insignificant. I have noted this same effort in all your articles and that is what makes AAC such a great site.
Hi John,
I have recently received an offer from my internet security provider for a vpn access. Would that create a problem at your end?
Hi Marco,
No problem our end as far as I know, but I think you will take a bad speed hit with a VPN. First the VPN itself adds a lot of overhead and second it may fool our CDN, that serves all of our photos and images, into thinking you are somewhere you are not, so the images won’t be served from the closest location.
Why would you want a VPN anyway? Back before most sites were SSL compliant they made sense, but I can’t see a security benefit now.
Thanks for your reply and advice. I guess I was getting sold something I don’t need, through lack of knowledge…
Hi Marco,
Your welcome. In defence of VPNs, back before most sites were SSL a VPN was a really good idea for anyone who used public WiFi, but now I think they are probably more trouble than they are worth.
That depends a bit, I think, John. I would route banking transactions, for instance, through a VPN were we just tenuously hooked into some random YC’s guest wifi. Of course, I’m still also a fan of PGP and other similar measures. Half the battle is to make your presence more trouble than it’s worth, so the maleficent move on to the easier targets.
Hi Marc,
Sure, you can do that, but given that a bank will be using SSL, I really can’t see the point. All you would be doing is adding encryption on top of encryption.
This is a very nice explanation, thank you. One of the better ones I have read. It would be informative to distribute to a wider audience, not only as a site advertisement, but also to inform them about what free means.
Would like to echo comments and thanks for the efforts made to make everything readable and interesting. Also congrats that you are in the black.
As someone struggling with EU GDPR I think you view is a sensible pragmatic response to the increasing regulatory complexity.
Hi All,
Thanks very much for the kind comments. This sudden flurry of new regulation has been, and is still, a royal pain the neck to deal with. It’s encouragement from our members that makes Phyllis and I willing to keep dealing with this kind of stuff.
Excellent, John, thanks.
Thanks, John,
Just added it all to the NCG site too. Now back to real work.
I found this article very informative. Thanks for explaining in non-lawyerese.
Hi Carole,
You are welcome.
John,
Thank you for your honesty and wit. It’s good to feel you can trust at least some people to do the right thing, and to be transparent and open about it too. You’ve earned a large chunk of credibility through the approach you’ve taken. You’re on the right tack!
Hi Andrew,
Thanks for the kind words and encouragement.