<meta charset="utf-8">
<meta name=viewport content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="/css/main.css" type="text/css">
+ <link rel=apple-touch-icon sizes=256x256 href=favicon_256.png>
+ <link rel=icon sizes="16x16 32x32 48x48" href=favicon.ico>
+ <link rel=icon sizes=128x128 href=favicon_128.png>
+ <link rel=icon sizes=192x192 href=favicon_192.png>
+ <link rel=icon sizes=256x256 href=favicon_256.png>
<title>Privacy Policy ~ Yukkuri Games</title>
</head>
<body>
<h2>Our Site</h2>
<p>
Rather than a policy about how we're going to protect the data
- we gather about you, we've got a simpler plan: Our privacy
- policy is that personal privacy is mostly good, so we'll try
- as hard as we can to <em>not</em> gather data about you.
+ we gather about you, we've got a simpler plan: We'll try as
+ hard as we can to <em>not</em> gather data about you.
We'd also like to help you defuse and poison other tracking
services.
</p>
<h3>Log Data</h3>
<p>
- We do basic logging of HTTP requests in order to help maintain
- our site - fix broken links, block spammers, and so on. These
- logs look like
+ We log HTTP requests in order to help maintain our site - fix
+ broken links, block spammers, and so on. These logs look like
</p>
<pre>78.55.123.218 - - [03/Sep/2014:13:45:06 +0000] "GET /heroik/heroik.html HTTP/1.1" 200 1616 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:32.0) Gecko/20100101 Firefox/32.0"</pre>
<p>
They contain your IP, the URL you visited, when you visited
it, what browser you were using, and (sometimes) where you
- came from. This is stuff your browser sends to every site you
- visit, always. If you think it's too much information, most
- browsers have some way to stop sending so much - for example,
- in Firefox you can set <code>network.http.sendRefererHeader</code> to
+ came from. Your browser sends this to every site you visit. If
+ you think it's too much information, most browsers have some
+ way to send less - for example, in Firefox you can
+ set <code>network.http.sendRefererHeader</code> to
<code>false</code> and install <a href="https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/">User Agent Switcher</a>.
</p>
<h3>Mail</h3>
<p>
- We host our own email service. Email sent to yuu at
- yukkurigames.com
+ We host our own email service. Email sent to yukkurigames.com
<a href="http://mako.cc/copyrighteous/google-has-most-of-my-email-because-it-has-all-of-yours">does not go through GMail on our end</a>.
</p>
We don't use cookies or anything like cookies to track you.
</p>
<p>
- We use <em>extremely</em> short-lived cookies to prevent
- request forgery. These don't contain any identifying
- information and they self-destruct after a few seconds.
+ We use cookies to prevent request forgery. These don't contain
+ any identifying information. These <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookies">double-submit cookies</a>,
+ are random cookies that reset each time you visit the page.
+ This prevents another site from tricking you into submitting
+ data to our site, because they can't read the random value in
+ the cookie.
</p>
<p>
- For long-term data we use HTML5
+ For long-term data storage we use HTML5
<a href="http://diveintohtml5.info/storage.html">localStorage</a>
and other similar <em>client-side storage</em>. This gives you
- the benefits of cookies, plus your data is never sent to the
+ the benefits of cookies, but your data is never sent to the
server, so there's nothing to secure.
</p>
<h3>Security</h3>
<p>
- We don't track any user data via this site, so we have no
+ We don't track any personal data via this site, so we have no
special databases to secure.
</p>
<p>
- If you are concerned about your connection being intercepted
- by someone else, <a href="https://yukkurigames.com/">we offer
- HTTPS for our main domain</a>. We would like to offer it
- for more, but the CA racket means we can't afford it.
- In the future we hope CAs are replaced by something like
+ Our primary site, which you are reading now, is served
+ exclusively via HTTPS. We would like to offer HTTPS for all
+ our subdomains, but the CA racket means we can't afford it. In
+ the future we hope CAs are replaced by something like
<a href="http://convergence.io/">Convergence</a> so cheap
security is available for everyone, but right now it doesn't
work reliably.
We think it's awful, too. Sorry.
</p>
<p>
- To protect yourself on these sites, we recommend you use
- tools to help you browse the web safely and securely. One
- straightforward and reliable one is
+ To protect yourself on these sites, we recommend you use tools
+ to help you browse the web safely and securely. One easy and
+ reliable one is
<a href="https://disconnect.me/">Disconnect</a>.
<a href="https://prism-break.org/">PRISM Break has more suggestions</a>,
though it's unfortunately-named because this problem <a href="http://www.hiddendriver.com/projects/the-peoples-platform">neither
begins nor ends with the PRISM program or state surveillance</a>.
</p>
- <h2>Other Stuff We Don't Do That You Should Push Other Sites To Also Not Do</h2>
+ <h2>
+ Other Stuff We Don't Do That You Should Push Other Sites To
+ Also Not Do
+ </h2>
<ul>
<li>
We don't run Google Analytics or Cloudfront Analytics or
corporate databases.
</li>
<li>
- We don't use Google's fonts; we host them ourselves. <a href="http://blog.milandinic.com/wordpress/plugins/disable-google-fonts/">Most Wordpress blogs are helping Google track their readers and they don't even know it.</a> At
+ We don't use Google's fonts; we host them ourselves. <a href="http://blog.milandinic.com/wordpress/plugins/disable-google-fonts/">Most
+ Wordpress sites are helping Google track their readers and
+ they don't even know it.</a> At
the very least, demand a cut of Google's revenue if you're
going to work for them.
</li>
<h2>Changes</h2>
<p>
We may update this Privacy Policy from time to time. Since
- this document is <a href="http://git.yukkurigames.com/yukkurigames.com.git">stored in our site's Git repository</a>, you can easily track these changes.
+ this document is <a href="http://git.yukkurigames.com/?p=yukkurigames.com.git;a=history;f=privacy.html">stored in our site's Git repository</a>, you can easily track these changes.
</p>
</main>
</body>