Privacy Policy
last updated: 2025-08-02
Change history
- 2025-08-02: Updated Comments policy to reflect new comment engine
Overview
General Principles
Balancing personal privacy with operational needs
This policy attempts to find middle ground between the needs of the site owner and your needs as a user. I also attempt to adhere to the spirit of the GDPR, but it is a best-effort attempt. In particular, this site will not ask you if you consent to cookies because it does not use cookies.
If you have any questions, comments, or concerns about this policy, please email blog+privacy@fixermark.com and I will try to address the issue.
Site Access
My site’s server is Apache on a shared machine, and it records a default set of Apache logs. Here is an example of an access log string:
148.122.135.23 - - [17/Feb/2022:08:07:55 -0800] "GET /css/styles.css.map HTTP/1.1" 200 13684 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36"
This includes the IP address of originating request, the date, what page was requested, the result code and bytes transferred, and the browser’s description of itself.
I aggregate those numbers periodically to get a sense of which pages are popular. Because I’m on a shared host where I do not have control over the log configuration, I cannot log less or more. I do not have any regular disposal process for those logs.
Note: It is the nature of an unfiltered HTTP request log that if you send a request to /my-name-is-john-smith-and-my-credit-card-number-is-1234-5678-0910-1112
, my server will log a 404 on attempting to serve that page because no such page exists. I keep 404 logs to check for spelling errors on my part, so I consider them necessary to the regular operation and maintenance of that site. As consequence, such requests are likely to end up viewed by me as site operator and will stay in the logs until they are noticed and removed.
This site is a static site served on a shared server provided by DreamHost. Here is their information on their own GDPR compliance policies.
I live in a country (and, to my knowledge, this site is physically hosted from said country) where, from time to time, the government may impose surveillance requirements on a site through a sealed warrant with a nondisclosure injunction attached. If DreamHost is issued such a warrant, they will not inform me. If I am issued such a warrant, I will comply and will not inform my users.
Comments
Removing comments — balancing user desire to remove comments with site operation
Having been guilty of logging some comments on sites that I myself came to regret, I’m sensitive to people’s desire to remove comments. The following policy describes comment removal and the thoroughness of that process.
Comments are created via the Mastodon federated network by replying to a “root” post for each blog post and attached via a script described here. If you created a comment and want it removed, deleting it from your Mastodon host will remove it from the shown list.
If there is a comment you don’t control and want removed, please email me with
- the URL of the page the comment exists on
- the full text of the comment
- explanation of the need for removal
I will do my best to remove it if the request seems reasonable. Note that this will require hacking the script to include a suppression feature; this may take time.
My email is hosted through GMail, so I cannot guarantee deletion of an email requesting removal will scrub all instances of it from their servers. I also cannot guarantee the comment will not have been seen by others already, or copied to another site or an archival site that I do not control, and of course, nobody controls memes.
Additional Concerns
If you have any suggestions for improvements to this policy, please to not hesitate to email me at blog+privacy@fixermark.com and I will take them into consideration.