PP3. Aggregated infomation are shared with advertisers: "We do not share any information with advertisers that can identify an individual user.". PP4. Users of the website may be impacted by cookies of advertisers. PP says no certificates are published. CPS2.2 concurs, however adds caveat that certificates are presumed published and public. Presumption should move into PP. Noted in wiki. WT41.3 would also apply here, "not considered confidential." PP8. "CAcert Assurers can see the name, birthday and the number of points by looking up the correct email address." Is there any written restriction on this? DRP would appear to be a substantial control. WT41.4, "revocation", is missing.