Website: Walter Gregg

On this page: Main content. Data Collection. Data Usage. Data Protection. Data Sharing. Data Control.

  No Privacy Policy

There can be no assurance of internet privacy.

What data is collected?

May 2017. When you visit a website without Tor (The Onion Router), for practical purposes, you sign your name. Webmasters can't usually opt out. What's collected? Here's an example specific to you. You're using internet provider address [54.80.227.189]. This resolves to [ec2-54-80-227-189.compute-1.amazonaws.com]. Your browser and operating system are [CCBot/2.0 (http://commoncrawl.org/faq/)]. You were last reading [] when you requested [GET] [/x/warn-privacy/] from [walt.gregg.juneau.ak.us]. The result code was [200].

When you're reading the web, it's reading you. We can look up that IP address. If it belongs to the FCC.gov in Washington, DC, and you're the only one in the building at the time, you're identified. If it tells us you're visiting from an Alaska village of 30 where you're the only one running Linux, you'll stick out like a sore thumb. If you send me an e-mail from your computer and it sticks your IP address in the headers, as many programs do, it unmasks your website visits, leaving no doubt as to your identity.

What's the data used for?

Visitor data is used to used to answer publishing questions. What pages are people looking at recently? Is that ten-year old page still providing useful data or should we update it or redirect people to something current? Why aren't some pages in the index? Has Googlebot visited lately? Is that link really broken? Visitor data is also an audit trail kept for a time in case of criminal activity. You can see example reports at awstats.org.

How is the data protected?

My site's visitor statistics are protected by a username and password, and we all know how secure that really is. But I do use a unique password selected with Diceware.com. And I minimize retention of data. At least, I think I do. I have visited cPanel, Logs, Raw Access Logs, Configure Logs, and checked 'remove the previous month's archived logs from your home directory at the end of the month.' So the logfiles are about as well protected as I can arrange.

To add more protection, I'm currently activating HTTPS encryption. Once implemented, your internet provider and people monitoring the wires shouldn't have a record of what specific pages you viewed any more. But they'll still know you visited my site, and the records kept on my end will still exist. Also, if your internet provider is your employer, they may very well still have your complete browsing history. Employers routinely break HTTPS. Never trust the padlock on an employer computer where legally you have no reasonable expectation of privacy. Did you really believe that only the NSA could break HTTPS? Everybody's doing it, even your boss. See Slashdot posts, 2014: slashdot.org: Does your employer perform HTTPS MITM attacks?.

I'm also testing PiWik running on my own site. I may find that the similar statistics it keeps are just as useful. If that works out, I may activate its privacy enhancements, which should make its logs less sensitive than server logs. But I haven't done that yet. You may see examples of Piwik reports at Piwik.org: piwik-tour.

Data Sharing

I don't normally share the data accessible to me with third parties, and never for advertising. However, there can be no assurance that I won't voluntarily share information if there is a computer hacking or other law enforcement issue to deal with. I have no right or duty to withhold evidence of a crime. Additionally, because the data can be collected in so many places, I simply can't give any assurance of privacy. It's the all-knowing, all-seeing internet, after all.

Data Control

I have not configured PiWik to honor your browser's 'do not track' preference, but may do so in the future. Regardless of this, to the best of my knowledge, it's not possible to opt out of the separate server logfiles. However, you may be able to effectively opt out by using a Tor proxy configured to scrub everyone's logs of your address and browser fingerprint. The best way to do that is by visiting torproject.org and downloading the Tails operating system, or if you can't run Tails, the Tor browser bundle. However, Google may come up in Polish; you may have to pick out which buildings have street signs or some such nonsense before you can do a search, and on an older computer such as a 1 GHZ Celeron, Tails, at least, may be intolerably slow.

That's all I know.


, Walter Gregg (Juneau) (Jan. 2017) (available at ). © W. Gregg 2016-17; CreativeCommons.org /licenses /by-nc-nd /4.0.