From ced8755604641c25869df164af07c199d6818dea Mon Sep 17 00:00:00 2001
From: Joe Wreschnig
- We use extremely short-lived cookies to prevent - request forgery. These don't contain any identifying - information and they self-destruct after a few seconds. + We use cookies to prevent request forgery. These don't contain + any identifying information. These double-submit cookies, + are random cookies that reset each time you visit the page. + This prevents another site from tricking you into submitting + data to our site, because they can't read the random value in + the cookie.
- For long-term data we use HTML5 + For long-term data storage we use HTML5 localStorage and other similar client-side storage. This gives you - the benefits of cookies, plus your data is never sent to the + the benefits of cookies, but your data is never sent to the server, so there's nothing to secure.
- We don't track any user data via this site, so we have no + We don't track any personal data via this site, so we have no special databases to secure.
- If you are concerned about your connection being intercepted - by someone else, we offer - HTTPS for our main domain. We would like to offer it - for more, but the CA racket means we can't afford it. - In the future we hope CAs are replaced by something like + Our primary site, which you are reading now, is served + exclusively via HTTPS. We would like to offer HTTPS for all + our subdomains, but the CA racket means we can't afford it. In + the future we hope CAs are replaced by something like Convergence so cheap security is available for everyone, but right now it doesn't work reliably. -- 2.30.2