Privacy is important. You will soon see that this is an unusual privacy policy geared toward helping YOU become safe online. In th
I've made it simple for you, our grandma's and every other person to understand this privacy policy and the basic concepts around security.
The usage of legal and technical jargon is kept to a bare minimum. I do my best in explaining all the concepts so that you can understand them.
This whole site is governed by it and by the Terms of Service.
GDPR Compliance
This website adheres to the GDPR laws and compliance. Although it is not required to do so since most of the activities on it it fall under the Recital 18 "Not applicable to personal or household activities".
For YOUR own safe of security and privacy I've made it GDPR compliant.
Cookies
This website makes use of cookies as a way to enable persistent state for users and gather analytics. Cookies from third party services might be also included to keep track of analytical information.
Persistent State
Persistent State is a nice way to say authentication. Whenever you create an account on a website, including this one, in order for you to authenticate or log-in there needs to be a way for that website know it's you between recurrent visits. Cookies are used to store a unique identifier which the server then uses to establish that it's you again. HTTP is a stateless protocol which means that the server nor browser have no state. Cookies help in creating a stateful environment.
Google Analytics
This site also uses Google Analytics for the purpose of knowing my audience based on aggregate data collected. For example Google Analytics allows me to know if a certain anonymous user has returned to my website in a certain timeframe. This information is crucial for website owners. I use this data to know which articles are the most read and to know how I can better serve my readers
All data is fully anonymized and will be deleted after 14 months.
Statistics from the aggregate data will be retained for an unlimited period of time since they do not posses any personal identifiable data.
Google Analytics data is NOT outsourced in any way.
Data collected:
- Who is visiting my website?
- From which country is this anonymous person visiting? This information is freely available to anyone by using GeoIP lookup.
- Which pages did this anonymous person visit?
- How much did the anonymous person stay on each page
- Which operating system is this anonymous person using?
Please note that the above data is already accessible to the webserver each time you visit any page since your browser automatically sends it!
The useragent and IP are fully anonymized and do not track any person.
Follow this link to learn how you can disable cookies.
You can disable Google Analytics access at anytime by using NoScript. (Google Analytics and Googletagmanager domains)
Blocking unwanted scripts (JavaScript, Flash) with NoScript
The EU created a "cookie law", why didn't it create a Scripts law? Unwanted scripts that run in your browser are thousands of time more dangerous than those cookies that sit there.
This website makes use of JavaScript for some functionalities and to provide a better user experience. I will explain how you can better protect your privacy by selectively enabling and disabling JavaScript and other scripts.
Enabling JavaScript for the main website you're visiting is a wise thing to do. Disabling it for all other external services that the website is linking to is also extremely wise. Most websites don't care about your privacy and will link it to others aggregates which form a persona based on certain characteristics.
By using a browser plugin/addon like NoScript you can block unwanted 3d party websites from running JavaScript in your browser.
NoScript's default setting is to block everything unless you explicitly add it to "TRUSTED" or "Temporarily TRUSTED". The first option lasts untill you mark it as untrusted, the second means for as long as you keep your browser window open.
I recommend using Firefox in conjunction with NoScript. Firefox and NoScript make for a safer environment. Both of them are open source and are not under active development by any big corporation which might want your personal data.
Comments
I have added the ability for users to place anonymous comments. All comments are manually preapproved. Since comments can be placed anonymously you can claim to be whoever you want to be. In order for your comment to be approved you may need to provide real details. Whenever you publish a comment your IP address is also stored. All the data is stored in order to avoid fraud and security breaches.
Any data you publish in the comments will be available to everyone. Please consider and acknowledge that by publishing any sensitive or confidential data It can be used by others.
All comments published need to behave to normal human standards and laws. I have zero tolerance for any offensive and abusive comments. They will be deleted AND reported to the competent authorities which handle such abuse.
Newsletter
Whenever you sign up for a newsletter you need to acknowledge that fact with a double opt-in.
You will receive an e-mail in which you will have to click a link to confirm and finalize your subscription. After you've confirmed your subscription you will receive a welcome e-mail which may contain certain links to free ebooks and downloads.
In certain cases, depending to which newsletter you sign up, you can receive a series of e-mails on a certain topic once every few days.
All e-mails are in the form of a newsletter and will be sent 1-3 times per month. In certain cases of product launches or workshop/training/services announcements I may send multiple e-mails.
I will NOT sell your data or e-mail and I will NOT spam you. You will always have the option to opt out and unsubscribe from any e-mail you receive.
Extra Advices regarding online security
I advise you to use a Proxy/VPN to maintain a higher level of anonymity when browsing the Internet anyway!
Contact form and e-mail traffic
The contact form requires your e-mail address, IP address, name and any other details you consider important.
This data is automatically sent to my e-mail address so I can contact you back.
All data is also encrypted and stored in the database for up to 90 days for information security purposes.
The contact form must be filled in with real data.
Any information posted on my contact page and/or e-mail traffic which you will have with me is considered confidential and may not be published anywhere without my prior consent.
Creating Accounts on my website
Creating an account
When any person creates an account the following details are asked "username, name, e-mail address, IP Address, and the date of creation".
The name can be your own name or a psuedo name.
Authentication and Logging in
Each authentication and login attempt is stored in the database to prevent fraud. Date of last login and IP address is stored together with the e-mail/user account.
Each time you log in a cookie is set so the service can remember you.
Registering and using certain services
When you register to this site and use any service that requires you to provide an e-mail address and account you will receive a cookie and your data will be processed for the creation of this account.
Data collected is IP and e-mail address.
For chat applications you will need to provide a nickname and if you want to talk to me your name. Your name will not be visible to other people unless you explicitly allow this into your account
The right to be forgotten
You may use the contact form at any time and ask to have all your personal data deleted from my server.
This means that you will NO longer be able to use the services. All history, purchases, subscriptions etc will automatically be deleted and there is NO way going back.
This can only be used if you have an active account or subscription.
Copy of your data
You can also have a zip file sent to you with all the data that has been collected.
I will delete all data and confirm this within 30 days of your request.
Backups
The systems on the VPS where this website is run plus other software used do regular backups of data.
Those backups can contain encrypted personal data and are stored in a secure place.
Anonymous data collected for information security
Whenever you access this website your browser automatically sends the following information:
- Your IP address
- User-Agent which contains; Browser and Operating System Version;
This data is stored in a webserver traffic log together with a timestamp and the page accessed on our server and it is retained for 12 months.
This same data is used only by me to view certain anonymous statistics and draw certain conclusions about which page is most accessed and how I should optimize my website based on the user-agent.
The above data is also used to detect automatic bots and malevolent users which might try to attack my website, server and services.
By knowing the data I can block those IP addresses so they do not harm anything and no data can be leaked.
These traffic logs are stored with the legitimate interest to combat fraud and maintain information security by avoiding mallicious intent and attacks.
Attacks which could compromise the whole system.
Traffic logs are also stored and used for troubleshooting of the infrastructure that makes it possible for this website to exist.
All statistics generated are only used by me and will not contain any PII.
The anonimized logs and aggregated statistics thereof are stored in a secure fashion for up to 12 months. This ensures that we can analyze patterns of stealthy long term brute force attacks that might compromise the security of the system and other data on it. The system does not track the users based on the useragent. Taking into account that the user agent data can be spoofed (falsified by the browser) there is no way to know which data represents real persons and which represent malicious intent or automated bots. It is necessary that this data be kept for a longer time to ensure a safe system to prevent unauthorized access.
As defined per GDPR legislation Article 6, Paragraph 1, Point F
"“The processing of personal data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security, i.e. the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services offered by, or accessible via, those networks and systems, […] by providers of electronic communications networks and services and by providers of security technologies and services, constitutes a legitimate interest of the data controller concerned. This could, for example, include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to computer and electronic communication systems.”
" Recital 49.
Without the storing of this data there would be no way in stopping attackers from causing disruptions.
Logging of the IP address and useragent cannot be directly used to identify a person since;
- there is a great possibility that the IP is a dynamic IP and only a Third Party Internet Servicde Provider is able to identify the individual. Thus the website operator is unable to identif ythe user since the IP can change
- The useragent can be spoofed and has no relevance to real data
- the user can be accessing the system via a proxy or VPN
The entity accessing the website can be an automated robot or crawler and is not considered a person if the person did not provide anyother PII such as name, e-mail address etc.
The IP address is in NO Way used to target anyone.
Based on past logs and statistics half of all accesses are unauthorized and are trying to get access
How data is stored
All logs are stored on my own VPS hosted at Linode. I'm the only person that has access to this VPS as root user. Of course, real owners of the server
How Logs are stored
Logrotate + gnupg
Ensures no unauthorized third party who gains access to the infrastructure has access to this data. The logs are rotated once every few days and they're automatically encrypted and stored in a secure place.
The logs encrypted and stored are the following:
- Access logs 100 days
- Error logs 200 days
For any questions contact me via the contact form.