Privacy For Noncommercial Site?

[Boojum]

I'm running a noncommercial (journalistic) site, so I don't need to implement a full ecommerce solution. However, I do use feedback forms and ideally would prefer to arrange donations without using Paypal or its equivalent.

 

My concern is that, at the least, communications with visitors can be potentially intercepted and information about the users stolen; I'm afraid this might tend to invalidate any privacy policy I might post, since it means I can't really promise that people's private information will stay private.

 

What would you recommend I do to offer my visitors private communications without investing in an SSL certificate -- which I understand can be quite expensive? I need a no- or low-cost solution that makes my privacy policy meaningful.

[SteveW]

The purpose of a privacy policy should be to state honestly what the actual situation is, not to try to instill confidence in visitors by making comforting mission statements that might not be achievable. Even an honest privacy policy like "I can't really promise that people's private information will stay private" is better than a more comforting one that is false.

 

However, a privacy policy generally only pertains to factors under your control. Some risks of electronic communications are not under your control. It is not necessary to make a sweeping promise like "people's private information will stay private." You can, instead, describe what steps you take to try to ensure the security of their information.

 

If you're thinking about something like doing credit card transactions by email, I don't know if it's legal, but I don't think it would be a good idea in any event.

 

Emails can be encrypted with "PGP" ("Pretty Good Privacy") keys, but that's probably beyond the abilities or willingness of many.

 

Other alternatives are offline communications like phone, USPS, FedEx.

[Boojum]

Precisely: A privacy policy should be an honest statement rather than an unfulfillable promise. That's why I raised this question, having seen too many sites guarantee privacy and information security, while running entirely under http, prompting the question, "How do you *know* users' information is really secure?"

 

It's my personal conviction that ultimately *every* webpage should be encrypted. Even this would provide no absolute certainty of privacy, but it would definitely be better than sending all communications from site to user, and vice versa, in the clear.

 

Given, however, that implementing this would be unwieldy and tend to slow communication if over-applied, I am interested in finding a way to make contact forms, comment modules and donation forms secure.

 

One suggestion I've seen elsewhere is to use startcom's free SSL certification service, but I've also read that its certificates are not universally honored. Also, the process of installing them seems a bit awkward and complex.

 

Anyone happen to know more about startcom and equivalent services? I'd definitely like the option of generating some encrypted pages so I can offer a fair assurance of security to correspondents, commenters and donors, but I really know very little about how to effect this.

[Boojum]

Ahem. *Does* anyone here know anything about startcom and similar free SSL certification services?

[SteveW]

I don't like to let a question go unanswered, but all I know about those certificates was from some reading at their website and Wikipedia after you mentioned them. I thought I saw one comment that some of their free certificates aren't free anymore.

 

I don't know that much about SSL, but it seems as though there are different levels of trust and corresponding differences in price. It would seem to me that all you need is something suitable for encryption, and that the question of whether you are "who you say you are" is not that important in this situation, and maybe an inexpensive certificate might be sufficient for that purpose.

 

Thinking about it a bit, I did come up with some other ideas, although I do realize that they're probably not the kinds of solutions you're looking for.

 

Word documents and zip files can be encrypted and sent as email attachments, secure even when the email itself is not encrypted.

 

I think it would be possible to use JavaScript to encrypt the contents of a feedback form before it gets submitted. Because you would have to send the "secret" encryption token with the outgoing page, it's not secure at all from someone with a real interest in the contents, but it would prevent casual snoopers from seeing the contents without expending more effort than most casual snoopers would bother with.

 

I would expect that anyone who is a regular and real correspondent in the journalistic sense and who was interested in security would be willing to use active methods like Word or Zip or PGP email encryption (which I believe is basically a private certificate that you issue to yourself, so it has no certifying authority).

 

The real problem is providing passive security to ordinary passers-by who are not willing to use active methods. Without a standard SSL certificate, that might be impossible due to the issue you mentioned, lack of browser trust.