So I like or desire or need something you offer online. This is to explain my terms and conditions for our relationship.
- I will not under any circumstances turn off my ad blockers. I despise ads and do not grant permission under any circumstances for you to waste my bandwidth to display them. Capitalism (really, any system of exchange) is the problem, not the solution. Get over it.
- The cookies you clutter up my browser with are your cookies, not mine. If they’re broken, then it is your job, not mine to fix them, just like if you trash my yard, you should clean up the mess. I didn’t ask for those cookies. But you told me they would “improve [my] experience.” Doesn’t look that way to me.
- If I am paying you for access and that access is denied for any reason, I don’t want to hear about your cookies or my ad blockers. You are in breach of contract. You can repair the breach immediately or you can refund my money. It’s that simple.
- I am a critical theorist: I understand well the need to avoid harassing, abusive, or threatening speech on social networks. But you had better have a very good reason for censoring my speech. That your artificial idiot bot flagged my message, even if I am discussing harassment, abuse, or threats, is not a good reason.
- Unsubscribe links need to work, preferably coded with the email address I am subscribed with. Failure here will result in your email being categorized as unsolicited commercial email (UCE or “spam”). It’s also a very bad idea to just willy nilly subscribe me to email lists: Sometimes I’m okay with it; sometimes I’m not. It’s wiser to ask.
- Some of the greatest idiocy in computer security surrounds password policies. Do not just do what your cubicle-mate tells you are “best practices.” Do some research and find out what best practices actually are:
- Anything that forces people to record passwords in plain text is bad, just as surely as if you record passwords in plain text.
- All program code is shit. This includes password managers and, no, your preferred deity has not blessed any of it. People who rely on password managers should expect to lose their passwords. Forcing people to rely on password managers means forcing them to lose their passwords.
- There is no magic in new passwords. They are every bit as, if not more so (see #1 above), insecure as old passwords.
- Cryptography—and therefore, password strength—is mathematical. Vulnerabilities can often be expressed mathematically. Pay attention to the math.
- Make sure your password recovery mechanisms work and follow actual best practices. Test them obsessively.
In general, faith-based computer security isn’t computer security. It’s lazy bullshit. Just like your code.
Fundamentally, all this is about you taking responsibility for your own shit, not foisting that responsibility off on me. You’re the one making the money here, not me. You’re the one trashing my system with those cookies, not me. You’re the one looking for a cheap and easy way to regulate content, not me. And by the way, you’re also the one who left me with the trash on the side of the “information superhighway;” even with a Ph.D., my career options appear limited to driving for Lyft (I’ve been looking for a real job since 2001). So don’t whine to me about how you need to make money. You have some growing up to do.
These terms and conditions supersede any other agreements we may have and contradict and supersede any boilerplate language about “reservations.” In the event that you violate any of these conditions, I will give you the opportunity to correct your error. You would do well to respond appropriately.