i040901: Privacy Policy - Diary & Job Jar

Status	Date	Description




	2004-09-09	I just received an e-mail notification of updates to PayPal policies. It was very clear and I wonder what I would do here that is comparable. It seems to me that an RSS feed on policies would be easier than maintaining a mailing list, although it does mean that people have to remember to poll occasionally. This may get into the recent RSS scaling issues that are coming up.
	2004-09-09	I need to look at how this works for millennia-antica and what is done around copyright of images and so on.
	2004-09-09	I need to understand how my using ASP pages with no processing still might lead to cookies being established, and whether I have any control over that.
	2004-09-09	There will be sites and portions of sites where exceptions and qualifications are introduced for specific purposes. There needs to be a way to cite those in the overall privacy statement.
	2004-09-09	I notice that in making version 0.01, I am using the version of policy as the version of the whole works and I wonder if that is wise - I did it anyhow.
	2004-09-09	It occurs to me that the use and creation of open-source at the SOHO level serves a number of useful purposes. First, it provides a form of escrow that should be satisfying to clients and is also a way to obtain broader review and informal/formal certification from an expert community and expertise that the client does not possess or cannot afford to apply at the level I do work. (Producing industrial-grade widely used middleware is an interesting cross-over case.) Find a place to write this up in information notes.
	2004-09-09	I just came up with other cases about intellectual property considering invention and patent rights. It would be great if there were an open-source disclosure journal and also the business about automatic reciprocity of licensing for essential use in open standards is useful to discuss.
	2004-09-09	0.00 doesn't address intellectual property and copyright. I need to have something about that. Maybe a creative commons license, if that works, and also the impact of retention in Blogger and on my hosting service. I guess I will leave it as copyright. It should emphasize copyrightable subject matter or content and have it remain with the contributor. Interesting problem of contributors not being the holders of the copyright. Also, need to look at exceptions and how they are dealt with. Examples include the ODMA materials and others that have specific licenses for use and for contribution.
in progress	2004-09-09	0.00 is ungrammatical and too geeky. I need it to be more clear about what it means from the visitor's perspective, And from a contributor's perspective. I need to redo it a few times and get some parallel minds looking at it too. Identify countermeasures for the deviations from policy, etc. With the details pushed down onto backup-detail and "here's what we mean by that" kind of pages.
	2004-09-09	Reviewing 0.00, I see that it can all be handled in terms of threat models. It would be interesting to break deviations down that way as threat analyses.
	2004-09-08	Need to look at countermeasures for the Internet case and a threat model External Considerations section that accounts for exposures that occur outside the immediate realm of the nfoCentrale web sites.
	2004-09-08	There is something to be done about Atom Feeds and their association with security zones and customized settings when accessed by a feed reader and not the browser directly.
	2004-09-08	Notice importance of avoiding everything on pages that one is unwilling to see in the Atom feed (e.g., use of ActiveX, etc., where the nfoCentrale.net use of respectful ASP procedures cannot be interjected).
	2004-09-08	Review the Atom feed for the cases of reference to resources on Blogger.com sites.
	2004-09-08	Sniff some blog-page accesses and determine the referrals to blogger.com, the cookie offerings/creations, and other monitored events. We will need to suggest countermeasures.
	2004-09-08	Review the Blogger terms of use and determine what the permissions are with regard to privacy of the blog material and of Blogger-intermediated accesses to blog material by site visitors and by readers of site Atom feeds.
	2004-09-08	Review the privacy and other portions of the bCentral hosting arrangement related to privacy of visits to nfoCentrale web sites.
	2004-09-08	Create adding links to privacy and other information pages on the sidebar for Orcmid's Lair Blog, and then create rotating those around the other blog templates along with other cleanups.
done	2004-09-08	Link to privacy.htm and contact.htm from the site status page on Orcmid's Lair.
done	2004-09-08	Link to privacy.htm from the NuovoDoc home page.
done	2004-09-08	Create the privacy.htm page and include the provisional 0.00 policy into it.
	2004-09-08	Show the ordinary statistical usage of web site information
	2004-09-08	Provide information on browser properties and the information that is obtained from browsers as part of ordinary web-site access
	2004-09-08	Review and cite the Software Engineering Code of Ethics and Professional Practice
	2004-09-08	Review and cite the ACM Code of Ethics and Professional Conduct
	2004-09-08	Review the ACM privacy policy as a basis for how certain information is handled.
	2004-09-08	Discuss similar aspects of site feeds
	2004-09-08	Discuss intermediated content and the problem with cookies, link forwarding, and access to the intermediary
	2004-09-08	Identify the information that is obtained from visits and how it is used
	2004-09-08	Deal with the intermediated web services - what the hosting site might or might not provide
	2004-09-08	Expand coverage of the general approach to privacy in terms of interaction with the sites. - being guests, being non-intrusive, respecting sovereignty (what about confirmable experience? - having this be actionable)
	2004-09-08	Cover business practice and relationships, NDA, and the professional code of ethics.
done	2004-09-08	Customize for i40901 initial Privacy Policy materials