Since Help Net Security’s inception – back in 1998 – we have always valued and prioritized the privacy of our readers.
While most privacy policies are based on templates, we have decided to simplify things and explicitly identify all aspects of our work that might impact your privacy.
In Q4 2020 we switched from Google Analytics to Matomo Cloud, so that Help Net Security may become a cookie-free web site.
If you check our analytics code, you will see the instruction:
We have enabled all the privacy options the Matomo solution provides:
- We anonymize the last 2 bytes of our visitors’ IP address(es) (e.g. 192.168.2.1 is seen as 192.168.0.0)
- We replace the user ID with a pseudonym to avoid storing and displaying personally identifiable information (Matomo creates the pseudonym by salting and hashing the user ID)
- We regularly delete old data – all raw data older than 186 days is automatically deleted
No tracking cookies
Help Net Security is a web site that doesn’t serve any tracking cookies. In Q4 2020 we replaced all the cookie-serving services we previously used with privacy-preserving solutions.
Matomo is our analytics tool of choice, and we switched from SoundCloud to an internal solution, which offers cookie-free embedded podcast code.
All the ads visitors see on the site are served internally via our own in-house built solution.
We don’t support third-party code that serves tracking cookies.
If you analyze our site’s code, you’ll sometimes see a session cookie. The reason we use session cookies is to make your browsing experience better. Session cookies are stored in temporary memory, they don’t collect any of your data and they expire quickly.
Sometimes we run a “welcome ad” – a 640x480px banner placement that opens when you visit Help Net Security. When we were using “real cookies”, we had a default setting that made sure that the banner would be shown once per visitor in 24 hours. As we absolutely wanted to remove tracking cookies from our site, we needed to switch to session cookies. The only downside to you is that if you visit the site a couple of times in one day, you will see the ad once per each visit. We are sorry for this, but this was the only technical workaround we could implement to remove data-storing cookies.
Vimeo / CloudFlare
For videos, we use Vimeo. We have selected the service because of its privacy options. By default, when we embed Vimeo videos, we use the following parameter:
dnt = 1
As per Vimeo:
Setting this parameter to “true” will block the player from tracking any session data, including all cookies and analytics. (Will have the same effect as enabling a Do Not Track setting in your browser
From June 2022, Vimeo started using CloudFlare’s Bot Management service, so with embed videos they now must serve a functional cookie __cf_bm. This cookie is purely functional and does not do any tracking. Here is the CloudFlare description of the cookie, emphasis ours:
Cloudflare’s bot products identify and mitigate automated traffic to protect your site from bad bots. Cloudflare places the __cf_bm cookie on end-user devices that access customer sites protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for these bot solutions to function properly.
This cookie expires after 30 minutes of continuous inactivity by the end user. The cookie contains information related to the calculation of Cloudflare’s proprietary bot score and, when Anomaly Detection is enabled on Bot Management, a session identifier. The information in the cookie (other than time-related information) is encrypted and can only be decrypted by Cloudflare.
A separate __cf_bm cookie is generated for each site that an end user visits, as Cloudflare does not track users from site to site or from session to session. The __cf_bm cookie is generated independently by Cloudflare, and does not correspond to any user ID or other identifiers in a customer’s web application.
We run three (3) mailing lists: one is for Daily News, another is for the Weekly Newsletter, and the third for the (IN)SECURE Newsletter, which delivers the latest developments on specific cybersecurity-related topics.
When you subscribe to any of these lists via our web site, you have to enter your email address and then finalize the subscription by clicking on a link in the confirmation email you receive soon after. This “double opt-in” process is used to prevent you getting subscribed to our newsletters against your knowledge/will.
The Daily News newsletter is sent once per day from Monday to Friday, the Weekly Newsletter is sent once per week, and the (IN)SECURE Newsletter is sent once per month. We sometimes send promotional emails to these lists as well, but we keep that to a maximum of one per month per list.
We never share your details with anyone and we never lease these lists. Only we can send the promotional messages to those subscribed to these newsletters, and their content is always curated and has to be confirmed by our editorial board.
Last updated: May 21, 2023