A cookie is a small text file containing data. Depending on your browser settings websites can store cookies on your computer (or any other device you're using to surf the world wide web), and your browser can then read the cookies and act on whatever data is stored in them. In principle, this is a good thing. Thanks to cookies you can use web-based e-mail and do your shopping online. Unfortunately, though, marketeers are using cookies to track what web pages people are visiting. It's for this reason the EU felt it necessary to come up with a Privacy and Communications Directive (better known as the 'Cookies Law') introducing strict rules for the use of cookies.

The Cookies Law requires website owners to explain what cookies are used on their website(s). If you're already a cookies expert you'll be pleased to know Stop Junk Mail only uses session cookies (on a limited number of pages). If you're not an expert but want to know more about how Stop Junk Mail uses cookies, please bear with me while I attempt to explain why the cookies on this website won't do you any harm.

Broadly speaking, cookies can be divided into four categories: they're either good, harmless, dubious, or evil:

• Good cookies are those that are necessary for web pages to function properly. These cookies are normally the session cookies I just introduced. Usually, a session cookies exists purely to carry data you've entered on a web form from one page to the next.

  On this website a session cookie is created when you consult the Wishing Tree. Without this cookie the application wouldn't be able to give you advice on how to stop a particular piece of junk mail - and be rendered useless. This is the only purpose of the cookie, and it will be duly deleted when you quit your web browser. Similarly, the two blogs (Diary of Junk Mail Campaigner and Royal Junk Mail) use a session cookie to make the blog work. This cookie is also deleted when you quit your browsing session.

• Harmless cookies aren't strictly necessary for the functioning of web pages but they do add functionality people may find useful. The Contact and Consult Dr Junk Buster pages on this website both create such a cookie. It are again session cookies, and they're used to pass whatever data you enter on the contact / consult form to a confirmation page where you need to take an anti-spambot test before you can hit the 'Submit' button. Compared with the cookie used by the Wishing Tree this isn't strictly necessary - I could have created a one-page contact / consult form instead. However, the cookie is used purely to add functionality to the website and is deleted as soon as you quit your browsing session. As such, they're harmless.

• Dubious cookies are cookies that add functionality to web pages and are not deleted when you quit your web browser. If you've ever left a comment on a blog, for instance, and found that your (nick) name is now automatically displayed on subsequent visits you can be sure a cookie has been set. To some people such cookies are convenient, to others they're intrusive. This website doesn't use first-party cookies by default. Only when you leave a comment on Diary of a Junk Mail Campaigner are you given the option to tick a 'Remember information' box. Doing so would set a first-party cookie that remembers the name, e-mail address and, if applicable, the URL you're submitting via the comment form.

• Evil cookies are those stored on your computer / device for the benefit of third parties. Marketeers use such 'third-party cookies' to keep a log of what websites you're visiting ('tracking'). They use the data collected because they're evil to target you with advertisements their analytics tools think you may be interested in. If, for example, you've recently visited a website with information about some scary decease and you suddenly see lots of adverts popping up from solicitors offing to write a will for you evil cookies have probably been stored on your computer. Needless to say you won't find any third-party cookies on the Stop Junk Mail website.

Finally, please note that websites you visit via the Stop Junk Mail website may store cookies on your computer / device:

• Paypal will store lots of cookies on your computer / device when you buy something from the shop or make a donation. According to its website these are used “to recognise you as a PayPal customer, customise the PayPal services, content and advertising, measure promotional effectiveness, collect information about your computer or other access device to mitigate risk, help prevent fraud and promote trust and safety.” In other words, some of these cookies are used for marketing purposes. If you object to this rather laissez-faire approach to privacy, Stop Junk Mail does accept cheques.
• YouTube videos embedded on this website do not set a cookie. To prevent this videos are embedded using YouTube's privacy-enhanced mode. If you watch any of the embedded videos on the YouTube website cookies will be set.

As of June 2012, the custom / site search no longer uses Google. Instead, the search is now powered by DuckDuckGo. No cookie will be set if you do a custom / site search.

Web servers keep an 'access log'. For every page you visit on this website there's an entry that lists the page that was visited; your IP address; the date and time of your visit; what type of request was made; the result status of the request (i.e. whether or not the page could be displayed); the number of bytes transferred; the referrer (the web page you came from); and the user agent (your operating system and browser).

To illustrate, the below shows the entry of me visiting Stop Junk Mail's home page:

stopjunkmail.org.uk 127.0.0.1 - - [26/May/2012:11:53:25 +0100] "GET / HTTP/1.1" 200 6867 "http://duckduckgo.com/post2.html" "Mozilla/5.0 (X11; Linux i686; rv:11.0) Gecko/20100101 Firefox/11.0 Iceweasel/11.0"

We can break this down into little chunks and display it in a table:

The data from the access log is collated by a web analytics reporting tool. This tool doesn't give me information about how you, as an individual visitor, interacted with the website. It tells me the total number of visitors to individual pages on a certain day or in a certain month, but not which pages were visited by your IP address. Similarly, it allows me to see how many visitors had a user agent identifying itself as, say, Iceweasel - but I can't link this to individual IP addresses.

This website doesn't use Google Analytics to collect data about visitors. Google Analytics collects roughly the same data as the above-mentioned tool but focusses on finding out how visitors interact with the website. A more important difference with standard reporting tools is that Google gets its data not from server logs but from a piece of Javascript users of Google Analytics have to include on all web pages of a website. This data is shared with Google, which is the reason I'm not using its analytics software.

In general, I try to treat your personal data as I'd like you to treat mine:

• I don't collect irrelevant personal details. The website's contact form, for instance, only contains three fields: name, e-mail, and message. You have the option to send your message without providing an e-mail address.
• I don't keep personal data longer than strictly necessary. For instance, junk mail historians will be disappointed to learn I regularly delete e-mails that are over three months old. My sales administration only records an initial for a buyer's first name, the surname, postcode, country and the transaction details. I never get to see your bank or card details, so these are obviously not stored.
• I don't use personal data for any purpose other than the one it was collected for. For instance, if you consult Dr Junk Buster your personal data is used to answer your question - no more, no less. Or, when you buy something from the shop your details are used to send you a confirmation e-mail and the item(s) you bought. Your details won't be used for anything else. You won't suddenly get a newsletter or promotional e-mails, nor will your details be shared with any third party.
• I keep data secure. It's important to be realistic about this: any website can be hacked. That said, a combination of sensible security measures and the above approach to data protection should give you a reasonable level of data security. (In particular deleting data as soon as it's no longer strictly necessary is something I'd encourage others to do - there's no better way of preventing personal data falls in the hand of the wrong people.)

As already indicated, Stop Junk Mail will never use your personal details for marketing purposes. I don't do marketing, simple as that. There's no newsletter, and the campaign doesn't have a presence on nuisance platforms such as Facebook and Twitter.

In general, the Stop Junk Mail website aims to be nuisance free. There are no advertisements here, and the website uses Flash only to display the Junk Buster widget on a small number of pages. Junk Buster dates back to the time when Flash was all singing and dancing, and the widget will (in due course) be replaced by an application using PHP and MySQL. Once that's done the website would only use HTML, CSS, PHP, and MySQL.