We don't use cookies or anything like cookies to track you.
</p>
<p>
- We use <em>extremely</em> short-lived cookies to prevent
- request forgery. These don't contain any identifying
- information and they self-destruct after a few seconds.
+ We use cookies to prevent request forgery. These don't contain
+ any identifying information. These <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookies">double-submit cookies</a>,
+ are random cookies that reset each time you visit the page.
+ This prevents another site from tricking you into submitting
+ data to our site, because they can't read the random value in
+ the cookie.
</p>
<p>
- For long-term data we use HTML5
+ For long-term data storage we use HTML5
<a href="http://diveintohtml5.info/storage.html">localStorage</a>
and other similar <em>client-side storage</em>. This gives you
- the benefits of cookies, plus your data is never sent to the
+ the benefits of cookies, but your data is never sent to the
server, so there's nothing to secure.
</p>
<h3>Security</h3>
<p>
- We don't track any user data via this site, so we have no
+ We don't track any personal data via this site, so we have no
special databases to secure.
</p>
<p>
- If you are concerned about your connection being intercepted
- by someone else, <a href="https://yukkurigames.com/">we offer
- HTTPS for our main domain</a>. We would like to offer it
- for more, but the CA racket means we can't afford it.
- In the future we hope CAs are replaced by something like
+ Our primary site, which you are reading now, is served
+ exclusively via HTTPS. We would like to offer HTTPS for all
+ our subdomains, but the CA racket means we can't afford it. In
+ the future we hope CAs are replaced by something like
<a href="http://convergence.io/">Convergence</a> so cheap
security is available for everyone, but right now it doesn't
work reliably.
projects / yukkurigames.com.git / blobdiff