I care a great deal about my own personal privacy. I believe that readers of this blog have the right to expect me to respect their privacy as much as I demand that right from others – and I object vehemently to websites which attempt to track me, collect data about me or harvest personal information such as email addresses.
This page sets out the privacy policy I apply to this blog (baldric.net). I have a few fundamental principles which I adhere to:
- I will only collect, process and store such information as is provided automatically by your browser when you connect to this blog or that you provide voluntarily when you interact with this blog (such as through commenting).
- I will not ask you for personally identifiable information (such as your name and/or email address) unless that is truly necessary to the secure operation of baldric.net. In particular I will never ask you to provide irrelevant information such as your gender, age, or inside leg measurements.
- I will at all times operate a privacy policy which is completely transparent to you. This means that I will always tell you what I am collecting, storing or processing. I will also make it as simple as possible for you to use that knowledge to control what information you provide to this blog, and in consequence, through this blog to search engines or other sites.
- I will never sell any data collected by this blog. Nor will I voluntarily provide any personal data collected by this blog to any third party unless I am specifically required to do so by law.
- I may, however, provide anonymous, or aggregate data (such as web usage statistics) freely and publicly through this blog from time to time.
I set out below the policy I use in order to meet these principles.
Automatically recorded information
Whenever you connect to a website such as this, your browser automatically provides that site with information about both itself and the computer it came from. Such information includes: the date and time of the request; the IP address of the source (or in some cases the proxy source); the version of the browser used; the version and type of the computer operating system etc. For a good view of the sort of information that you routinely provide to any and all websites you connect to I recommend privacy.net as a test.
Scary huh?
Note that I do not record anything like the detail gleaned in that test, but the point is I could, and others may do so. What I actually record is the standard log format information provided by the lighttpd configuration directive:
“accesslog.format = “%h %V %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\””
That means that I record:
%h – your hostname or IP address (or a proxy if you came that way)
%V – the hostname requested (in this case baldric.net)
%u – authenticated user id (in this case none because I don’t set users in lighttpd)
%t – time stamp of the request (actually the time it was delivered, unlike apache)
%r – the request line (i.e. what you asked for such as “GET /problems-with-bt-total-broadband/ HTTP/1.1”)
%s – the status code returned (normally 200 for a successful request, though you will be familiar with 404….)
%b – the number of bytes returned (this is useful in statistical analyses)
%{Referer}i – the referer, if provided (i.e. the link you clicked on to get to where you are)
%{User-Agent}i – the user-agent (i.e. your browser type and version – about 47% of you seem to be using Google Chrome. Firefox usage seems to have dropped to around 23% over the last year).
Note that it is possible to geo-locate the IP address recorded using a database such as that provided by MaxMind. I currently do not aggregate geo-location (on a country basis) in quite the way I did in the past because I have stopped using Counterize. As I noted about a year back, my Counterize database was growing too large and run-time queries were taking way too long to process. I now use the static log analysis tool Awstats. My knowledge of the geo-location of addresses is therefore now limited to that provided by the Awstats package.
Voluntarily provided information
If you wish to post a comment on baldric.net I ask that you provide a name and email address. But note that I do not ask you to provide your real name and email address. Indeed, if you are at all concerned about this request I would encourage you to lie to me. Fill in any damned name you like, and only provide a real email address if you want me to to have it. Even then, I would encourage you to use a disposable address such as is provided by trashmail.
So if I don’t care about you giving me false information, why do I ask for it? For the same reason I insist on the use of a captcha code, it adds a level of complexity that thwarts blog spam robots. I really can’t be bothered to have to edit the tedious amounts of crud that would appear on the blog without this. And you really don’t want to have to face the reams of rubbish links to porn sites that would otherwise appear. Trust me on this.
Note that I do not insist that you register on this site in order to comment. Anyone is free to comment if they so wish. This means that I do not have to record any personal identification information for my “users”. Personally I tend to shy away from blogs or wikis which insist that I must register before being allowed access, or if I really must, I lie…..
Cookies
Ah, the wonder of persistent data. A cookie is a short string of information that a website, such as baldric.net, sends to the user’s browser so that it is stored on that user’s computer. The user’s browser subsequently offers that cookie data back to the website each time the visitor returns (if the cookie is set as persistent).
I do not set cookies through the web server software I use. However, the blog software I use (wordpress) will attempt to set session cookies if you try to comment on the blog. Here is what wordpress themselves say about this:
When visitors comment on your blog, they too get cookies stored on their computer. This is purely a convenience, so that the visitor won’t need to re-type all their information again when they want to leave another comment. Three cookies are set for commenters:
- comment_author
- comment_author_email
- comment_author_url
The commenter cookies are set to expire a little under one year from the time they’re set.
So, when you comment, the blog software will set cookies on your computer which will be based on the (probably false) information you have provided to me. I can’t find an easy way to turn off this feature within the blog administration interface. No doubt I could hack the underlying WP php code to remove the offending procedure but that would make my code non-standard and difficult to maintain through upgrades. So I won’t. If you really don’t want the cookies, then set your browser to reject them. It won’t make any difference to your ability to comment.
I do not set any other cookies.
Third party sites
This blog has extensive links to external sites outside my control. I cannot, and do not, offer any guarantees about the privacy policies of any of those external sites.
Changes to this policy
I may amend this policy over time. In particular I may amend it in light of any feedback I may receive (so go ahead and comment, and remember to lie if you like). If and when I do amend the policy I will always post a note to the main page of the blog saying that I have done so. This policy page will always contain a version stamp and the date of the last amendment.
License
In common with the rest of the material on this blog site, this policy is licenced under a Creative Commons Licence
Date of last amendment
version 0.1.0 – dated 11 October 2011
version 0.1.1 – dated 18 March 2012 – minor amendment to Creative Commons Licence reference
version 0.2.0 – dated 12 February 2014. Amendments to references to geo-location and captcha and contact form. See the related post here.
version 0.2.1 – dated 15 October 2015 – minor amendments to references to statistics and removal of reference to contact form. See the related post here.
Mick Morgan