use HTTPS for remote auth
[] / privacy.html
1 <!DOCTYPE html>
2 <html>
3 <head>
4 <meta charset="utf-8">
5 <meta name=viewport content="width=device-width, initial-scale=1">
6 <link rel="stylesheet" href="/css/main.css" type="text/css">
7 <link rel=apple-touch-icon sizes=256x256 href=favicon_256.png>
8 <link rel=icon sizes="16x16 32x32 48x48" href=favicon.ico>
9 <link rel=icon sizes=128x128 href=favicon_128.png>
10 <link rel=icon sizes=192x192 href=favicon_192.png>
11 <link rel=icon sizes=256x256 href=favicon_256.png>
12 <title>Privacy Policy ~ Yukkuri Games</title>
13 </head>
14 <body>
15 <header>
16 <a href="/">
17 <img src="/logotype_horizontal_1.png" class=logo alt="(◕ ヮ ◕)">
18 <img src="/logotype_horizontal_2.png" class=optional
19 alt="Yukkuri Games">
20 </a>
21 <h1>Privacy Policy</h1>
22 </header>
23 <main>
24 <h2>Our Site</h2>
25 <p>
26 Rather than a policy about how we're going to protect the data
27 we gather about you, we've got a simpler plan: We'll try as
28 hard as we can to <em>not</em> gather data about you.
29 We'd also like to help you defuse and poison other tracking
30 services.
31 </p>
32 <h3>Log Data</h3>
33 <p>
34 We log HTTP requests in order to help maintain our site - fix
35 broken links, block spammers, and so on. These logs look like
36 </p>
37 <pre> - - [03/Sep/2014:13:45:06 +0000] "GET /heroik/heroik.html HTTP/1.1" 200 1616 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:32.0) Gecko/20100101 Firefox/32.0"</pre>
38 <p>
39 They contain your IP, the URL you visited, when you visited
40 it, what browser you were using, and (sometimes) where you
41 came from. Your browser sends this to every site you visit. If
42 you think it's too much information, most browsers have some
43 way to send less - for example, in Firefox you can
44 set <code>network.http.sendRefererHeader</code> to
45 <code>false</code> and install <a href="">User Agent Switcher</a>.
46 </p>
47 <h3>Mail</h3>
48 <p>
49 We host our own email service. Email sent to
50 <a href="">does not go through GMail on our end</a>.
52 </p>
53 <h3>Cookie Policy</h3>
54 <p>
55 We don't use cookies or anything like cookies to track you.
56 </p>
57 <p>
58 We use cookies to prevent request forgery. These don't contain
59 any identifying information. These <a href="">double-submit cookies</a>,
60 are random cookies that reset each time you visit the page.
61 This prevents another site from tricking you into submitting
62 data to our site, because they can't read the random value in
63 the cookie.
64 </p>
65 <p>
66 For long-term data storage we use HTML5
67 <a href="">localStorage</a>
68 and other similar <em>client-side storage</em>. This gives you
69 the benefits of cookies, but your data is never sent to the
70 server, so there's nothing to secure.
71 </p>
72 <h3>Security</h3>
73 <p>
74 We don't track any personal data via this site, so we have no
75 special databases to secure.
76 </p>
77 <p>
78 Our primary site, which you are reading now, is served
79 exclusively via HTTPS. We would like to offer HTTPS for all
80 our subdomains, but the CA racket means we can't afford it. In
81 the future we hope CAs are replaced by something like
82 <a href="">Convergence</a> so cheap
83 security is available for everyone, but right now it doesn't
84 work reliably.
85 </p>
86 <h2>Third-Party Links</h2>
87 <p>
88 Because this is the web, we link to other sites. Some of our
89 games are only available from other sites, because trading
90 money for games requires handling at least a little personal
91 data. We'd rather that be done by people good at doing it.
92 </p>
93 <p>
94 Most of these sites don't care about your privacy. Sometimes
95 at least they'll be providing you a useful service in exchange
96 for surveilling you, but usually they're willing to sell you
97 out to a dozen firms via Google in exchange for a pretty bar
98 graph.
99 </p>
100 <p>
101 We think it's awful, too. Sorry.
102 </p>
103 <p>
104 To protect yourself on these sites, we recommend you use tools
105 to help you browse the web safely and securely. One easy and
106 reliable one is
107 <a href="">Disconnect</a>.
108 <a href="">PRISM Break has more suggestions</a>,
109 though it's unfortunately-named because this problem <a href="">neither
110 begins nor ends with the PRISM program or state surveillance</a>.
111 </p>
112 <h2>
113 Other Stuff We Don't Do That You Should Push Other Sites To
114 Also Not Do
115 </h2>
116 <ul>
117 <li>
118 We don't run Google Analytics or Cloudfront Analytics or
119 Cloudflare Clicky or any of that garbage. Even if a site
120 needs to collect data for its own operation, these services
121 also feed that data into even larger and more troubling
122 corporate databases.
123 </li>
124 <li>
125 We don't use Google's fonts; we host them ourselves. <a href="">Most
126 Wordpress sites are helping Google track their readers and
127 they don't even know it.</a> At
128 the very least, demand a cut of Google's revenue if you're
129 going to work for them.
130 </li>
131 <li>
132 We don't put stock "share" buttons on our site. Aside from
133 being useless eyesores <a href="">these
134 buttons are used by social media companies to track you on
135 other sites</a>. Tools like <a href="">EFF's Privacy Badger</a> and <a href="">Disconnect</a> can
136 help block these on other sites.
137 </li>
138 <li>
139 We don't minify or obfuscate most files &mdash; HTML, CSS,
140 or JavaScript &mdash; we serve. This means it's easy for you
141 to check what we're doing with just your browser.
142 </li>
143 </ul>
144 <h2>Changes</h2>
145 <p>
146 We may update this Privacy Policy from time to time. Since
147 this document is <a href=";a=history;f=privacy.html">stored in our site's Git repository</a>, you can easily track these changes.
148 </p>
149 </main>
150 </body>
151 </html>