regluit/frontend/templates/privacy.html

139 lines
9.7 KiB
HTML

{% extends "basedocumentation.html" %}
{% load url from future %}
{% block title %}Privacy{% endblock %}
{% block doccontent %}
<h2>Unglue.it Privacy Statement</h2>
Date of last revision: August 18, 2015
<ul class="bullets">
<li><a href="#intro">Introduction</a></li>
<li><a href="#howwespy">How we spy on you.</a></li>
<li><a href="#stoppingothers">How we stop other people from spying on you</a></li>
<li><a href="#others">Other people we allow to spy on you.</a></li>
<li><a href="#nokids">Unglue.it is not intended for Children</a></li>
</ul>
<h3 id="intro">Introduction</h3>
<p>We used to have a "Unglue.it respects your privacy" page here. As we've learned more about privacy practices on the web, we've come to the conclusion that such pages are written by lawyers who are trying to keep their clients from being legally liable for anything, but who actually have no clue how web sites really work. We now think that your privacy interests are better served by being brutally honest.</p>
<p>On the whole, most web sites are privacy disaster areas. We think ours is in the top 10% when it comes to general privacy protection. And that makes us sad.
<h3 id="stoppingothers">How we stop other people from spying on you</h3>
<p>
We do a bunch of things to stop people from spying on your use of unglue.it. We wish more websites did these things.
</p>
<ul class="bullets">
<li>
All access to unglue.it <a href="https://https.cio.gov/everything/">uses secure, encrypted connections</a>, i.e. HTTPS. This means that if you're using public wifi, other people in the Starbucks <a href="http://www.howtogeek.com/178696/why-using-a-public-wi-fi-network-can-be-dangerous-even-when-accessing-encrypted-websites/">can't snoop on you</a>. Your ISPs and your <a href="https://go-to-hellman.blogspot.com/2014/11/if-your-website-still-uses-http-x-uidh.html">mobile data providers</a> can't see or mess with pages you're reading or downloading. Unglue.it can't be <a href="https://citizenlab.org/2015/04/chinas-great-cannon/">weaponized for cyberattacks</a>. Although Unglue.it is hosted on Amazon Web Services, Amazon can't see your unglue.it click stream.
</li>
<li>
We don't participate in advertising networks. We don't have advertising on Unglue.it.
</li>
<li>
We don't use Facebook's "Like" button, which leaks your entire clickstream to Facebook. If you want to "Like" us on Facebook, go <a href="https://www.facebook.com/unglueit">here</a>.
</li>
<li>
We don't use Social widgets such as <a href="http://www.propublica.org/article/meet-the-online-tracking-device-that-is-virtually-impossible-to-block">AddThis</a>, <a href="http://www.marketingcharts.com/online/sharethis-top-syndicated-ad-focus-entity-in-august-23397/">ShareThis</a>, or <a href="http://www.xconomy.com/san-francisco/2015/02/13/disqus-testing-the-targeted-ad-market-for-web-comments/">Disqus</a>. These widgets track you and let <a href="https://securehomes.esat.kuleuven.be/~gacar/persistent/">advertising networks</a> spy on you.
</li>
<li>
We support <a href="https://en.wikipedia.org/wiki/Pseudonymity">pseudonymity</a> on Unglue.it. You don't need to use your real name if you don't want to. You may need to give your real name if you want to support one of our campaigns, but we won't give it to anyone else.
</li>
<li>
We self-host static resources. Many sites load sitewide scripts, images and fonts from third parties. for example: JQuery, FontAwesome, Bootstrap, <a href="https://go-to-hellman.blogspot.com/2014/12/stop-making-web-surveillance-bugs-by.html">Creative Commons buttons</a>. Our web pages get to you a bit slower, but we leak less usage data.
</li>
<li>
We use <a href=" http://w3c.github.io/webappsec/specs/referrer-policy">referrer meta tags</a> to instruct your browser <a href="https://go-to-hellman.blogspot.com/2015/06/protect-reader-privacy-with-referrer.html">not to leak your usage trails</a> to the many websites we link to.
</li>
</ul>
<h3 id="howwespy">How we spy on you.</h3>
<p>We collect email addresses so we can contact you. We keep server logs. Very often we can figure out who you are from your email address and or IP address. We let you declare your identity on our site by connecting to social media. We use services that tell us if you open the email we send you.</p>
<p>We use cookies to allow you to log into the web site and to track you as you use it. We let a third-party (Google Analytics) collect and analyze your clickstream. We intend to share those analytics with rights holders that participate in Unglue.it.</p>
<h3 id="others">Other people we allow to spy on you.</h3>
<p>We use third parties to provide services on our website. They place cookies (also known as web bugs or web beacons) in your browser, or use web beacons to collect information. </p>
<ul class="bullets">
<li>
We use <a href="http://www.google.com/analytics/">Google Analytics</a>. If you believe their <a href="http://www.google.com/analytics/terms/us.html">terms of service</a>, they can't share this data outside Google. But Google is fundamentally an advertising company, and it's very likely that Google knows exactly who you are.
</li>
<li>
We use cover images from <a href="http://books.google.com/">Google Books</a>. We don't really know if Google Books does much with the data they receive as a result. Google isn't learning anything they don't already know from analytics, but the <a href="http://books.google.com/intl/en/googlebooks/privacy.html">Google Books Privacy Policy</a> is interesting reading for privacy wonks.
</li>
<li>
We use <a href="http://mailchimp.com/">Mailchimp</a> to manage our mailing list. As a result, they get to see your email address. When we have them send mail, they <a href="http://mailchimp.com/legal/privacy/">keep track</a> of what you do with it.
</li>
<li>
We use <a href="https://stripe.com/">Stripe</a> to collect payments. As a result, they get to see your name, address, and credit card info. (We don't keep your credit card info ourselves.) The banking networks, in turn, <a href="https://stripe.com/us/terms">require them to pass on</a> a lot of that info.
</li>
<li>
We use avatar images from <a href="https://twitter.com/">Twitter</a>, <a href="https://facebook.com/">Facebook</a>, and <a href="https://gravatar.com/">Automattic's Gravatar service</a>. If you see an avatar on a page at unglue.it and you use an older web browser that doesn't use Referrer meta tags, one or more of these companies can tell what page on our site you're looking at. As you're probably aware, facebook <a href="https://www.facebook.com/policy.php">doesn't put much stock</a> in privacy. You can judge privacy policies at <a href="https://twitter.com/privacy?lang=en">Twitter</a> and <a href="http://automattic.com/privacy/">Automattic</a> for yourself.
</li>
<li>
When you download an ebook via Unglue.it, it usually comes from a third party. When that happens, the third party can see what you're downloading and can set tracking cookies. If you interact with that site in other ways, they may know who you are. Here are links to their privacy information:
<ul class="bullets">
<li><a href="https://archive.org/about/terms.php">Internet Archive</a> (Excellent privacy!) </li>
<li><a href="http://www.gutenberg.org/wiki/Gutenberg:Privacy_policy">Project Gutenberg</a> (insecure) </li>
<li><a href="http://www.oapen.org/about">OAPEN</a> (no privacy policy, insecure) </li>
<li><a href="http://www.hathitrust.org/privacy">Hathitrust</a> (insecure) </li>
<li><a href="https://help.github.com/articles/github-privacy-policy/">Github</a> </li>
<li><a href="https://www.booxtream.com/">Booxtream</a> (no privacy policy)</li>
</ul>
</li>
<li>
We allow rights holders to embed graphics on book pages they control. Our agreements require them to to protect your privacy, but, in principle, these could be used to spy on your use of these pages.
</li>
</ul>
<p>
We have used a small number of third party services that do not set cookies to track you. They probably keep server logs which may include your IP address, referring page, and other information that might identify you. Without tracking cookies, it's difficult for them to spy on you.
</p>
<ul class="bullets">
<li>
We've worked to pare this list down to one. <a href="http://aws.amazon.com/s3/">Amazon S3</a>. We disable logging for our S3 buckets, but we're not aware of any privacy commitment by Amazon Web Services regarding their logging practices for S3 (Simple Storage Service) separate from the Amazon privacy policies. But we can verify that S3 sets no tracking cookies.
</li>
</ul>
<p>
Some of your actions on the site are visible to others. Supporting free books is inherently a social activity, so if you "fave", purchase, or download a book, that fact may be visible to others, associated with your username. Use a pseudonym if you want to support a book without revealing your real-world identity.
</p>
<p>
If there are things you think we should be doing differently with respect to privacy, <a href="{% url 'feedback' %}?page=Privacy">please let us know!</a>
</p>
<h3 id="nokids">Unglue.it is not intended for Children</h3>
<p>Our website, products and services are intended for use and contributions by adults (or with the consent of adults). Individuals under the age of 18 are not permitted to use the Unglue.it website to make contributions or act as a rights holder without the supervision of a parent or legal guardian. We do not knowingly collect or solicit personal information from children under the age of 13 or knowingly allow such persons to register for an online account or to post personal information on our websites. Should we learn that someone under the age of 13 has provided any personal information to or on the Unglue.it website, we will remove that information as soon as possible.</p>
{% endblock %}