Passphrase 🌐 Life
Ver 2 Created: June 12, 2017. Updated: January 1, 2020.
Passphrase Life is sensitive to your privacy concerns and is committed to protecting the data you entrust to us. This policy describes how we define, collect and use that data—because you should know.
STRONG TLS PROTECTION:
The pages at Passphrase Life are safeguarded by a Trusted, Domain Validated TLS Certificate using a 4096-bit key. This is one of the strongest certificates in the industry (having twice the key size of that used by Amazon, for example). Our security protocols protect your connection against common attacks like SLOTH, HeartBleed and others. Additionally, our servers are configured to permit HTTPS connections only, never insecure HTTP. This makes your visits safer and reduces the chances of eavesdropping.
Please be advised this connection between our server and your browser () .
TLS PROXY AND MAN‑IN‑THE‑MIDDLE (MiTM) ATTACKS:
You should be aware a TLS Interception Proxy performing “SSL Inspection” could have been deployed somewhere between you and the Website. The easiest way to check is to compare our server certificate’s thumbprint to the certificate details your browser presents you. If they are not identical, then 1) you are experiencing a MiTM attack, 2) endpoint to endpoint encryption cannot be verified, and 3) you cannot trust any of the content in your browser!
Serial Number (Hex):
COLLECTION OF PERSONALLY IDENTIFIABLE INFORMATION (PII):
When you visit Passphrase Life, you are anonymous and that suits us fine. We encourage you to access our services using a VPN, TOR or even an anonymizing proxy. In any event, we don’t know who you are and we don’t want to know.
Since it is statistically proven that a mere three separate pieces of “anonymous information” such as one’s zipcode, date of birth and gender are, when taken together, unique for 87% of the US population, we are certain that a pair of quasi‑identifiers like a pseudonym and fake email address are, when taken together, 100% likely to identify nobody on the planet at all.
If you need assistance creating a temporary online moniker for privacy purposes, we suggest
PRIVACY OF PERSONAL INFORMATION:
Your PII at Passphrase Life is 100% private, because we don’t have any of it.
HOW Passphrase Life USES YOUR NON‑PII:
We may use your information—
- To provide you personalized content;
- To process and respond to inquiries;
- To improve the quality and usability of our website;
- To alert you to website updates, special events, announcements, and products & services;
- For the purpose(s) for which you provided it; and
INFORMATION SHARING WITH THIRD PARTIES:
We do not share any non‑PII with anyone.
Passphrase Life is not a business entity. It 1) does not generate annual gross revenue in excess of $25m, 2) does not derive 50% or more of its annual revenue from selling consumers’ personal information, and 3) does not annually buy, receive, sell, or share the personal information of more than 50,000 consumers, households or devices for commercial purposes. If you are a consumer residing in California, this Act does not apply between you and us.
We neither request nor knowingly collect any “personally identifiable information through the Internet about individual consumers residing in California.” The fake email you are required to provide, if you choose to provide an email at all, is not now and never will be personally identifiable.
CONTENT ERASER LAW:
The website has not been created for the purpose of reaching an audience that is predominantly comprised of minors. Further, we neither request nor knowingly collect any PII from anyone under 18 years of age residing in California. Content cannot be posted to the Website for others to view, thus we have no mechanism for minors to remove the content or information (that they couldn’t post in the first place) because... it’s not there.
COLLECTION AND USE OF CHILDREN’S PERSONAL INFORMATION:
Since Passphrase Life does not solicit PII from anyone, children are protected. That said, website visitors under 13 years of age should ask their parent, legal guardian or responsible adult for assistance when using our service.
COOKIES, LOCAL STORAGE, DO NOT TRACK (DNT) AND GOOGLE ANALYTICS (GA):
Cookies, when they are enabled, are set by third‑party GA servers for DATA ANALYSIS mentioned in the next section. (They are also sometimes set by our nginx server(s) as a way to give you fresh content.) We use the GA service only when your browser does not send a DNT request. When the DNT HTTP header is set, the Website does not contact GA servers and does not set GA cookies. For your convenience, you can easily know whether your browser is sending a DNT request by examining the icon at the bottom right corner of the analyzer’s page.
As a benefit, we store a few settings locally on your system in obfuscated form using HTML localStorage. These settings are never transmitted, and include things like preferences, your acknowledgment of the Terms of Service, and selected options for the virtual keyboard and gauges. The thought of having obfuscated data stored on your own system (which never leaves) ought to concern you less than the thought of having encrypted cookie data stored on your own system (which is always transmitted across the Internet). However, if it’s a concern, simply delete the localStorage keys. The analyzer will attempt to use localStorage each time it runs, but will function perfectly if it cannot. Again, we are referring to mere convenience data that stays on your own system in local storage, not cookies.
AT NO TIME WHATSOEVER IS THE PASSPHRASE OR PASSWORD YOU SUBMIT FOR ANALYSIS STORED LOCALLY OR TRANSMITTED via cookie or any other device. Please understand the analyzer acts on each keystroke, not on a password “as a whole,” so while you obviously know the credentials you are testing, there is no way for Passphrase Life to know them.
The analyzer may incorporate features permitting you to check your credentials against third-party database services, such as song lyrics, movie names and book titles. Be advised that if you opt to take advantage of these extra features, the whole contents of the Passphrase entry box will be transmitted without anonymity to the third-party service, with or without TLS protection, depending on their API. If you don’t wish to risk your tested credentials being sent in plaintext to third-party servers, you should not use third-party services.
IP ADDRESSES, LOG FILES AND DATA ANALYSIS:
As with any website operator, Passphrase Life analyzes visitor logs to constantly improve the value of our site. We use an external service to provide real‑time reporting to us and our authorized agents of browser accesses. This includes page views, unique visitors, repeat visitors, bounce rates, frequency of visits and peak‑volume traffic periods.
We log IP addresses that describe the location of your device (or its network) on the Internet. This information is helpful for systems administration and troubleshooting purposes, and lets us understand traffic patterns and identify potential problems with our site.
We will not give, sell or otherwise transfer the anonymous email addresses collected by us to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.
The CLOUD Act, an unreviewed unvetted piece of US legislation containing far‑reaching privacy‑destroying decrees permits foreign police to wiretap your communications on our server(s) without a warrant, no matter where in the world our server(s) may physically be located. You should know this law cannot be used against you because we store nothing about you or what you do on our server(s). All processing and analysis takes place in your browser.
The Website collects no PII on visitors, thus Article 3 of the EU’s General Data Protection Regulation does not apply to activity occurring here. If you, as an EU user, pursuant to Article 15 Right of Access make inquiry as to what data Passphrase Life holds on you, we will confirm we do not process personal data concerning you. Accordingly, the Right of Rectification and the Right of Erasure do not apply.
CHANGES TO THIS STATEMENT:
We may occasionally update this policy statement. If we make material changes to it, we may or may not provide any notice of those impending changes prior to their implementation. Thus, we encourage you to periodically review this page.
Passphrase Life’s web pages may contain links to third‑party websites. Please understand we are not responsible for their privacy practices or their content.