Passphrase 🌐 Life
Ver 2 Created: June 12, 2017. Updated: May 25, 2018.
Passphrase Life is sensitive to your privacy concerns and is committed to protecting the data you entrust to us. This policy describes how we define, collect and use that data—because you should know.
STRONG TLS PROTECTION:
The pages at Passphrase Life are safeguarded by a Trusted, Domain Validated TLS Certificate signed with SHA-256 employing a robust key (RSA 4096). This is one of the strongest certificates in the industry (having twice the encryption strength of that used by Amazon Web Services, for example). Our security protocols protect your connection against common attacks like SLOTH, HeartBleed, CRIME, DROWN, POODLE, Logjam, TicketBleed (for servers) & others. Additionally, our server(s) are configured to permit HTTPS connections only, never insecure HTTP. This makes your visit safer and reduces the chance of eavesdropping.
Please be advised this connection between our server and your browser () .
TLS PROXY AND MAN-IN-THE-MIDDLE (MiTM) ATTACKS:
You should be aware a TLS Interception Proxy performing “SSL Inspection” could have been deployed somewhere between you and the Website. The easiest way to check is to compare the following server certificate fingerprint (thumbprint) to the certificate details your browser presents you. If they are not identical, then you are experiencing a MiTM attack, and endpoint to endpoint encryption cannot be verified or trusted!Thumbprint/Fingerprint (SHA-1):
Serial Number (Hex):
COLLECTION OF PERSONALLY IDENTIFIABLE INFORMATION (PII):
When you visit Passphrase Life, you are anonymous and that suits us fine. We encourage you to access our services using a VPN, TOR, or even an anonymizing proxy. In any event, we don’t know who you are and we don’t want to know.
Since it is statistically proven that a mere three separate pieces of “anonymous information” such as one’s zipcode, date of birth and gender are, when taken together, unique for 87% of the US population, we are certain that the quasi-identifiers of a pseudonym combined with a fake email address are, when taken together, 100% likely to identify nobody on the planet at all.
If you need assistance creating a temporary online moniker for privacy purposes, we suggest
PRIVACY OF PERSONAL INFORMATION:
Your PII at Passphrase Life is 100% private, because we don’t have any of it.
HOW Passphrase Life USES YOUR NON-PII:
We may use your information—
- To provide you personalized content;
- To process and respond to inquiries;
- To improve the quality and usability of our website;
- To alert you to website updates, special events, announcements, and products & services;
- For the purpose(s) for which you provided it; and
INFORMATION SHARING WITH THIRD PARTIES:
We do not share any non-PII with anyone.
We neither request nor knowingly collect any “personally identifiable information through the Internet about individual consumers residing in California.” The fake email you are required to provide, if you choose to provide an email at all, is not personally identifiable.
CONTENT ERASER LAW:
The website has not been created for the purpose of reaching an audience that is predominantly comprised of minors. Further, we neither request nor knowingly collect any PII from anyone under 18 years of age residing in California. Content cannot be posted to the Website for others to view, thus we have no mechanism for minors to remove the content or information (that they couldn’t post in the first place) because... it’s not there.
COLLECTION AND USE OF CHILDREN’S PERSONAL INFORMATION:
Since Passphrase Life does not solicit PII from anyone, children are protected. That said, website visitors under 18 years of age should ask their parent, legal guardian or responsible adult for assistance when using our service.
COOKIES, LOCAL STORAGE, DO NOT TRACK (DNT) AND GOOGLE ANALYTICS (GA):
Cookies, when they are enabled, are set by third-party GA servers for DATA ANALYSIS mentioned in the next section. (They are also sometimes set by our nginx server(s) as a way to give you fresh content.) We use the GA service only when your browser does not send a DNT request. When DNT is set, the Website does not contact GA servers and does not set GA cookies. For your convenience, you can easily know whether your browser is sending a DNT request by examining the icon at the bottom right corner of the analyzer page.
Additionally as a benefit, we store a few settings locally on your own system, in obfuscated form, using HTML localStorage. These settings are never transmitted, and include things like preferences, your acknowledgment of the Terms of Service, and selected options for the virtual keyboard and gauges. The thought of having obfuscated data stored on your own system (which never leaves) ought to concern you less than the thought of having encrypted cookie data stored on your own system (which is always transmitted across the Internet), but if it’s a concern, simply delete the localStorage keys. The analyzer will attempt to use localStorage each time it runs, but will function perfectly if it cannot. Again, we are referring to mere convenience data that stays on your own system in local storage, not cookies.
AT NO TIME WHATSOEVER IS THE PASSPHRASE OR PASSWORD YOU SUBMIT FOR ANALYSIS STORED LOCALLY OR TRANSMITTED via cookie or any other device. Understand that the analyzer acts on each keystroke, not on a password “as a whole,” so while you obviously know the credentials being tested, there is no way for Passphrase Life to know them.
IP ADDRESSES, LOG FILES AND DATA ANALYSIS:
As with any website operator, Passphrase Life analyzes visitor logs to constantly improve the value of our site. We use an external service to provide real‑time reporting to us and our authorized agents of browser accesses. This includes page views, unique visitors, repeat visitors, bounce rates, frequency of visits and peak‑volume traffic periods.
We log IP addresses that describe the location of your device (or its network) on the Internet. This information is helpful for systems administration and troubleshooting purposes. These practices help us understand traffic patterns and identify potential problems with our site.
We will not give, sell or otherwise transfer the anonymous email addresses collected by us to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.
The CLOUD Act, an unreviewed unvetted piece of US legislation containing far-reaching privacy-destroying decrees permits foreign police to wiretap your communications on our server(s) without a warrant, no matter where in the world our server(s) may be physically located. You should know this law cannot be used against you because we store nothing about you or what you do on our server(s). All processing and analysis takes place in your browser.
The Website collects no PII on visitors, thus Article 3 of the EU’s General Data Protection Regulation does not apply to activity occurring here. If you, as an EU user, pursuant to Article 15 Right of Access make inquiry as to what data Passphrase Life holds on you, we will confirm we do not process personal data concerning you. Accordingly, the Right of Rectification and the Right of Erasure do not apply.
CHANGES TO THIS STATEMENT:
We may occasionally update this policy statement. If we make material changes to it, we may or may not provide any notice of those impending changes prior to their implementation. Thus, we encourage you to periodically review this page.
Passphrase Life’s web pages may contain links to third‑party websites. Please understand we are not responsible for their privacy practices or their content.