Security and Privacy
Return to the Doll Hotline Catalog and Webstore
Lynn Hautala's Doll Hotline has gone to a lot of time and trouble to provide the best possible security with the least possible intrusion on your privacy. Please read the following information carefully; you can follow the links to get more detailed information on specific points. If you have any questions, you may e-mail the author of this document (who is also the author of the web store software) at lou@visca.com.
Return to index
With the help of the image below, we'll follow user-supplied data step-by-step from the time it is sent until it is either stored or deleted.
Return to index
The web form you use to order from Doll Hotline is on a secure server. This means that, when you press the 'submit' button, the information you send from your home computer to the server is encrypted using SSL encryption. Your browser should indicate this to you: If you use Netscape, there will be a blue bar at the top of the page; Explorer uses a key symbol.
Some browsers aren't equipped to handle Secure Socket Layers Encryption. If that is your case and you wish to order, then please e-mail us and we will make other arrangements. We do not accept orders over the Internet without SSL!
Return to index
When your SSL-encrypted data arrives at the server, it is decrypted, which means it can now be read by anyone. At this point our web store program separates the credit card number from the rest of your data, encrypts it using Lincoln Stein's Crypt::CBC and Matthew Byng-Maddick's Blowfish encryption modules, and stores it, in encrypted form, in a non-public area of the server. This is what my own personal VISA number looks like when stored in this manner:
RandomIVg,|Pl`0S\>)>ŕyI�tEp
We'll talk about how this number is decrypted and recovered in the decryption section. Meanwhile, the important point is that, once this information is recovered, it is deleted, usually within 24 hours. So even if you choose to have your other, less sensitive, personal information stored on the server so as to be able to order from us more conveniently, your credit card number will never be stored in readable form on the server.
Return to index
Lynn Hautala's Doll Hotline offers you the possibility of creating a personal user account. When you get to the final confirmation page for your order, just before sending it, you can fill in a username/password combination. Then, the next time you order from us, rather than having to fill in all your data again, you can simply provide your username and password. This information, not including your credit card number, is stored on the server.
If you choose not to use the username/password option, your personal information is not stored anywhere; it is e-mailed directly to Lynn. This e-mail is not secure, and that's why we never e-mail credit card numbers. Never!
Even if someone were able to monitor Lynn's e-mail, the only information this cracker could recover would be your name, e-mail, address, city, state and country. Please note that we do not even require you to fill in your phone number (though you may provide it for our convenience if you choose).
Return to index
Remember that, when your data arrives at our server, the credit card number is separated from the rest of the data and encrypted. We'll now talk a bit about how this encryption works.
In order to encrypt information, the encryption software must be provided with an encryption key, which is simply a line of text, similar to a password. Lynn creates this encryption key on a password-protected web page; it is then encrypted using Perl's crypt function, which cannot be decrypted! This encrypted version of the encryption key is then stored in a non-public area of the server. Even if someone were able to access it, it would be useless to them, because there is no way to decrypt it.
So, when the credit card number arrives at the server, it is immediatedly encrypted using a Perl-encrypted encryption key. How do we get it back? Upon receiving your order via e-mail, if you've chosen to pay by credit card, Lynn must then go to a password protected page where she types in her encryption key (the non-encrypted version) and the number of your order. The program then returns the decrypted version of your credit card number to her browser. She copies this down and then deletes the encrypted number from the server. Please note that, even if a cracker were somehow able to monitor her browser at this point, he'd only get a credit card number. A credit card number without a name is virtually useless, because whenever you order something on the Internet, the people you order from use their VISA or MasterCard-supplied software to check that the name and number provided match up.
So, now Lynn stores your personal information, including your credit card number, on her personal computer. This is, of course, completely inaccessible from the Internet. In the future, if you return to place another order (and we certainly hope this will be the case :-), you will not have to fill in your credit card number. If you have chosen to establish an account with us, you only have to fill in your username/password info; if not, then choose the 'You already have my CC info' option under Credit Card Information.
Return to index
None! We will never, under any circumstances short of a judicial subpoena, share the data you give us with anyone. Period!
Return to index
Lynn Hautala's Doll Hotline uses no javascript or cookies. The main reason is that many users disable these 'features' (and we use the term advisedly) because of security and privacy concerns and we don't want to force these visitors to reconfigure their browsers to shop at Doll Hotline. Our web store software is a CGI program written in Perl. Because the program executes on our server --not, as is the case with javascript and cookies, on your computer--, we are the ones who have to protect against malicious code. In our opinion, this is as it should be: Security concerns should be ours, not our customers'.
There are many valid reasons to disable javascript and cookies. We believe it is unfortunate that most browsers come with them enabled by default; the decision to enable them should be left to the user, because they represent greater risk and less privacy.
If you'd like more information on javascript, a search at google.com for the words 'javascript flaw' returns about 1500 pages. Again, it isn't that there may not be flaws in certain CGI programs, but these flaws only affect the security of the server (us), not the client (you).
For more information on cookies, visit the Cookie Central Homepage.
Return to index
We hope this document has addressed your security and privacy concerns. In our opinion, all web sites that ask for or require user information should provide a document similar to this one; be cautious about providing information to those who don't.
However, if you still aren't comfortable with the idea of on-line ordering, then use our on-line store as a catalog and make a note of the product numbers of the items you wish to purchase. We will be happy to take your order by either phone (206-783-7880), fax (206-781-1205) or regular mail (8009 20th Ave. NW, Seattle Wa., 98117).
Return to index
Return to the Doll Hotline Catalog and Webstore