last updated: 2022-09-03
I don’t value your privacy (as much as you do)
Your responsibility, mate, not mine. If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.
… but I’m not in the habit of intentionally causing grief
If you have any questions, comments, or concerns about this policy, please email email@example.com and I will try to address the issue.
My site’s server is Apache on a shared machine, and it records a default set of Apache logs. Here is an example of an access log string:
22.214.171.124 - - [17/Feb/2022:08:07:55 -0800] "GET /css/styles.css.map HTTP/1.1" 200 13684 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36"
This includes the IP address of originating request, the date, what page was requested, the result code and bytes transferred, and the browser’s description of itself.
I aggregate those numbers periodically to get a sense of which pages are popular. Because I’m on a shared host where I do not have control over the log configuration, I cannot log less or more. I do not have any regular disposal process for those logs.
Note: It is the nature of an unfiltered HTTP request log that if you send a request to
/my-name-is-john-smith-and-my-credit-card-number-is-1234-5678-0910-1112, my server will log a 404 on attempting to serve that page because no such page exists. I keep 404 logs to check for spelling errors on my part, so I consider them necessary to the regular operation and maintenance of that site. As consequence, my privacy guarantee regarding such logs is that they will be kept until I get around to scrubbing them by hand because they’re annoying me. That’s real inconvenient for both of us so don’t put strings that could be interpreted as PII in your HTTP request URLs.
I live in a country (and, to my knowledge, this site is physically hosted from said country) where, from time to time, the government may impose surveillance requirements on a site through a sealed warrant with a nondisclosure injunction attached for the purpose of fighting
Osama bin Laden ’s ghost terrorism. If DreamHost is issued such a warrant, they will not inform me. If I am issued such a warrant, I will comply and will not inform my users.
The right to be forgotten
… doesn’t exist, sorry.
… but I don’t intend to be a dick about it
In addition to the comments appearing on my site, I keep emails requesting a comment be added to my blog indefinitely (unless otherwise noted, below).
If you make a comment on my blog and later want it removed, please email me with
- the name you gave when you made the comment
- the URL of the page the comment exists on
- the date listed on my site for the comment
- the full text of the comment
I will compare the email I receive to the original email requesting the comment be added and, if I believe they originate from the same person, I will remove the comment.
If the comment is “bare” in the thread on its associated page (i.e. has no replies), I will remove it completely. If the comment is in a reply chain and has replies to it, I will not remove any replies to the comment because they are not owned by the requester, and will instead replace the comment (commenter name, date, and content) with
This blog is maintained via a Hugo static-site generator with an associated (privately-hosted) git repo. This repo exists at least on the server hosting the site and my personal machine where I edit this blog. I do not guarantee that the comment is scrubbed from the version histories of all instances of git repos used to maintain this site.
This blog may from time-to-time find itself backed up to “cold storage” in a personal Google Drive account. I do not guarantee that any comments removed from the git repos will also be removed from the cold storage.
I will also delete the original email requesting the comment be added, but will keep the email asking the comment be removed (as a necessary record of the removal request itself).
My email is hosted through GMail, so I cannot guarantee deletion of an email will scrub all instances of it from their servers. I also cannot guarantee the comment will not have been seen by others already, or copied to another site or an archival site that I do not control, and nobody controls memes. My recommendation for optimal commenting pleasure is to meditate on this parable before commenting.
I don’t think so, but I might be mistaken. Time was, back when we all had onions on our belts, you could put up a simple blog of thoughts without several dozen pages of privacy screed that nobody will read. I’ve at least tried to make this one entertaining, in my own cantankerous way.
If you have any suggestions for improvements to this policy, please to not hesitate to email me at firstname.lastname@example.org and I will take them into consideration.
Hey, you read all the way to the end! Congratulations. Have a cookie.