Cookies and Tracking

This site does not use cookies, nor does it attempt to fingerprint users in any way.

Log files

All logs are anonymized, using the following regex and log_format in nginx.conf


    map $remote_addr $anon_remote_addr {
        ~(?P\d+\.\d+)\.    $ip.0.0;
        ~(?P[^:]+:[^:]+):  $ip::;
        default 0.0.0.0;
    }
    log_format anonymous '$anon_remote_addr - $remote_user [$time_local] '
                         '"$request" $status $body_bytes_sent '
                         '"$http_user_agent"';

IP addresses in the logs will only show the first two bytes of an ipv4 address and the first two hextets of an ipv6 address’ Global Prefix. Additionally all log files are deleted after 10 days as suggested by the EFF’s DNT Guide.

Data Transfer

All data is served over the HTTPS protocol, encrypting all data between the browser and the server. Your network provider will still be able to see that you are downloading data from bear.im, but they will not be able to see the content.

Do Not Track

Because this site uses the LetsEncrypt Certificate Authority, which is itself DNT-compliant and does not log your browser checking the validity of this site’s HTTPS certificate.

Analytics

This site does not use any analytics at all.

Referrer Header

Nginx has been configured to set a Referrer Policy Header 

add_header Referrer-Policy "no-referrer";

This means that any time you follow a link to an external site from this one, that external site does not know that you have arrived there from here. This is a simple improvement to privacy on the internet which is trivial to implement.

Webmentions

When you send a webmention to this site, you are explicitly providing metadata in your site’s markup, and this information is used to display your comment/reply on this site. This information consists of:

All of this is information made public by you, and no information other than information you have made public can be captured by this process.

Backfeed

This site uses a backfeed mechanism in relation to posts on twitter, google+ and micro.blog. This means that if you respond or interact with a post on those services which originated on this site, those interactions are sent back to this site as a webmention (see above). As with webmentions, there is certain metadata which is sent and which is then used to display your interaction on this site. This information consists of:

All of this is information made public by you in your use of those third-party services, and no information other than public information can be captured by this process.

GDPR

It is my position that all activity on this site is covered by the general exemption of Article 2 (2)© of the GDPR, and by the specific conception of inapplicability contained in Recital 18.2: Personal or household activities could include correspondence and the holding of addresses, or social networking and online activity undertaken within the context of such activities. This is a personal website, an attempt by me to maintain and control my online identity and presence outside the silos and walled gardens of avaricious corporate entities; there is no advertising here, no tracking, no cookies, no corporation.

That said, the principles of natural persons’ rights which underline the GDPR are good ones, and are to be welcomed. As a result, if you wish to obtain information about any data about you which this site might hold, then please make contact, and I shall make every attempt to assist you. Likewise, if you wish to have anything shown on this site, which you regard as personal information, deleted, then please make contact and I shall endeavour to assist you as much as possible. If you are a citizen of the European Union, then you are entitled to register a complaint with your national Data Protection Authority.

Note: The above, heck some of it verbatim, was taken from the excellent work of Daniel Goldsmith. All mistakes or errors are mine.