Privacy Policy

last updated: 2022-09-03

Overview

• General Principles
• Site Access
• Comments
• Additional Concerns

General Principles

Balancing personal privacy with operational needs

This policy attempts to find middle ground between the needs of the site owner and your needs as a user. I also attempt to adhere to the spirit of the GDPR, but it is a best-effort attempt. In particular, this site will not ask you if you consent to cookies because it does not use cookies.

If you have any questions, comments, or concerns about this policy, please email blog+privacy@fixermark.com and I will try to address the issue.

Site Access

My site’s server is Apache on a shared machine, and it records a default set of Apache logs. Here is an example of an access log string:

148.122.135.23 - - [17/Feb/2022:08:07:55 -0800] "GET /css/styles.css.map HTTP/1.1" 200 13684 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36"

This includes the IP address of originating request, the date, what page was requested, the result code and bytes transferred, and the browser’s description of itself.

I aggregate those numbers periodically to get a sense of which pages are popular. Because I’m on a shared host where I do not have control over the log configuration, I cannot log less or more. I do not have any regular disposal process for those logs.

Note: It is the nature of an unfiltered HTTP request log that if you send a request to /my-name-is-john-smith-and-my-credit-card-number-is-1234-5678-0910-1112, my server will log a 404 on attempting to serve that page because no such page exists. I keep 404 logs to check for spelling errors on my part, so I consider them necessary to the regular operation and maintenance of that site. As consequence, such requests are likely to end up viewed by me as site operator and will stay in the logs until they are noticed and removed.

This site is a static site served on a shared server provided by DreamHost. Here is their information on their own GDPR compliance policies.

I live in a country (and, to my knowledge, this site is physically hosted from said country) where, from time to time, the government may impose surveillance requirements on a site through a sealed warrant with a nondisclosure injunction attached. If DreamHost is issued such a warrant, they will not inform me. If I am issued such a warrant, I will comply and will not inform my users.

Comments

Removing comments — balancing user desire to remove comments with site operation

Having been guilty of logging some comments on sites that I myself came to regret, I’m sensitive to people’s desire to remove comments. The following policy describes comment removal and the thoroughness of that process.

If you make a comment on my blog and later want it removed, please email me with

• the name you gave when you made the comment
• the URL of the page the comment exists on
• the date listed on my site for the comment
• the full text of the comment

I will compare the email I receive to the original email requesting the comment be added and, if I believe they originate from the same person, I will remove the comment.

If the comment is “bare” in the thread on its associated page (i.e. has no replies), I will remove it completely. If the comment is in a reply chain and has replies to it, I will not remove any replies to the comment because they are not owned by the requester, and will instead replace the comment (commenter name, date, and content) with [removed].

This blog is maintained via a Hugo static-site generator with an associated (privately-hosted) git repo. This repo exists at least on the server hosting the site and my personal machine where I edit this blog. I do not guarantee that the comment is scrubbed from the version histories of all instances of git repos used to maintain this site.

This blog may from time-to-time find itself backed up to “cold storage” in a personal Google Drive account. I do not guarantee that any comments removed from the git repos will also be removed from the cold storage.

In addition to the comments appearing on my site, I keep emails requesting a comment be added to my blog indefinitely. I will also delete the original email requesting the comment be added, but will keep the email asking the comment be removed (as a necessary record of the removal request itself).

My email is hosted through GMail, so I cannot guarantee deletion of an email will scrub all instances of it from their servers. I also cannot guarantee the comment will not have been seen by others already, or copied to another site or an archival site that I do not control, and of course, nobody controls memes.

Additional Concerns

If you have any suggestions for improvements to this policy, please to not hesitate to email me at blog+privacy@fixermark.com and I will take them into consideration.