Rather than a policy about how we're going to protect the data - we gather about you, we've got a simpler plan: Our privacy - policy is that personal privacy is mostly good, so we'll try - as hard as we can to not gather data about you. + we gather about you, we've got a simpler plan: We'll try as + hard as we can to not gather data about you. We'd also like to help you defuse and poison other tracking services.
- We do basic logging of HTTP requests in order to help maintain - our site - fix broken links, block spammers, and so on. These - logs look like + We log HTTP requests in order to help maintain our site - fix + broken links, block spammers, and so on. These logs look like
78.55.123.218 - - [03/Sep/2014:13:45:06 +0000] "GET /heroik/heroik.html HTTP/1.1" 200 1616 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:32.0) Gecko/20100101 Firefox/32.0"
They contain your IP, the URL you visited, when you visited
it, what browser you were using, and (sometimes) where you
- came from. This is stuff your browser sends to every site you
- visit, always. If you think it's too much information, most
- browsers have some way to stop sending so much - for example,
- in Firefox you can set network.http.sendRefererHeader to
+ came from. Your browser sends this to every site you visit. If
+ you think it's too much information, most browsers have some
+ way to send less - for example, in Firefox you can
+ set network.http.sendRefererHeader to
false and install User Agent Switcher.
- We host our own email service. Email sent to yuu at - yukkurigames.com + We host our own email service. Email sent to yukkurigames.com does not go through GMail on our end.
@@ -53,28 +55,30 @@ We don't use cookies or anything like cookies to track you.- We use extremely short-lived cookies to prevent - request forgery. These don't contain any identifying - information and they self-destruct after a few seconds. + We use cookies to prevent request forgery. These don't contain + any identifying information. These double-submit cookies, + are random cookies that reset each time you visit the page. + This prevents another site from tricking you into submitting + data to our site, because they can't read the random value in + the cookie.
- For long-term data we use HTML5 + For long-term data storage we use HTML5 localStorage and other similar client-side storage. This gives you - the benefits of cookies, plus your data is never sent to the + the benefits of cookies, but your data is never sent to the server, so there's nothing to secure.
- We don't track any user data via this site, so we have no + We don't track any personal data via this site, so we have no special databases to secure.
- If you are concerned about your connection being intercepted - by someone else, we offer - HTTPS for our main domain. We would like to offer it - for more, but the CA racket means we can't afford it. - In the future we hope CAs are replaced by something like + Our primary site, which you are reading now, is served + exclusively via HTTPS. We would like to offer HTTPS for all + our subdomains, but the CA racket means we can't afford it. In + the future we hope CAs are replaced by something like Convergence so cheap security is available for everyone, but right now it doesn't work reliably. @@ -97,15 +101,18 @@ We think it's awful, too. Sorry.
- To protect yourself on these sites, we recommend you use - tools to help you browse the web safely and securely. One - straightforward and reliable one is + To protect yourself on these sites, we recommend you use tools + to help you browse the web safely and securely. One easy and + reliable one is Disconnect. PRISM Break has more suggestions, though it's unfortunately-named because this problem neither begins nor ends with the PRISM program or state surveillance.
-We may update this Privacy Policy from time to time. Since - this document is stored in our site's Git repository, you can easily track these changes. + this document is stored in our site's Git repository, you can easily track these changes.