Browse Source

Privacy policy reflects me switching to Matomo

Aleksandar Todorović 5 months ago
parent
commit
9ccea8cb4c
2 changed files with 45 additions and 31 deletions
  1. 1
    0
      Gemfile
  2. 44
    31
      privacy-policy/index.md

+ 1
- 0
Gemfile View File

7
 gem 'rouge'
7
 gem 'rouge'
8
 gem 'jekyll-paginate'
8
 gem 'jekyll-paginate'
9
 gem 'jekyll-redirect-from'
9
 gem 'jekyll-redirect-from'
10
+gem 'jekyll-git_metadata'

+ 44
- 31
privacy-policy/index.md View File

9
   feature: abstract-1-3
9
   feature: abstract-1-3
10
 ---
10
 ---
11
 
11
 
12
-As the owner of this website, I do my best to protect the privacy of you as my visitor whenever it makes sense to do so.
12
+<div style="text-align: center;"><small><strong>Effective from:</strong> {{ page.git.last_commit.commit_date | date: '%B %d, %Y' }} // <strong>Latest changes:</strong> <a href="https://code.r3bl.tech/sites/r3bl.blog/commit/{{ page.git.last_commit.long_sha }}?style=split">{{ page.git.last_commit.short_sha }}</a></small></div>
13
 
13
 
14
-* I self-host whatever makes sense to self-host.
15
-* I make sure that my website loads fast.
16
-* I don't serve ads. Instead, [I promote projects I support](https://r3bl.blog/en/relevant-content/).
17
-* I make sure that my website doesn't make unnecessary connections outside of the domains I control.
18
-* The website and its assets are hosted from a dedicated server in Germany (and as such operates under EU jurisdiction).
19
-* I only load content from third parties when it is necessary to do so, and make sure to use privacy modes when embedding if possible.
20
-* I use a third-party analytics service that respects [Do Not Track](https://en.wikipedia.org/wiki/Do_Not_Track) header and is easily blockable by every popular adblocker.
14
+<hr/>
15
+
16
+## Statement
17
+
18
+As the owner of the website, I do my best to protect the privacy of you as my visitor at all times.
19
+
20
+* I don't store any personally identifiable data about you as my visitor.
21
+* The website is hosted on a dedicated server I have control over. The server in question is under the EU jurisdiction, obliging both me and my provider to the highest privacy standards.
22
+* I don't serve ads. Instead, I [promote projects I support](https://r3bl.blog/en/relevant-content/) by randomly picking one of them to display to you at the bottom of the page.
23
+* I try to prevent your browser from making unnecessary connections outside of my control.
21
 
24
 
22
 ## Applies to
25
 ## Applies to
23
 
26
 
26
 * [r3bl.me](https://r3bl.me)
29
 * [r3bl.me](https://r3bl.me)
27
 * [r3bl.blog](https://r3bl.blog)
30
 * [r3bl.blog](https://r3bl.blog)
28
 * [r3bl.dj](https://r3bl.dj)
31
 * [r3bl.dj](https://r3bl.dj)
29
-* [r3bl.tech](https://r3bl.tech) (Release TBA)
32
+* [r3bl.tech](https://r3bl.tech) (under construction, release TBA)
30
 * [netneutralnost.com](https://netneutralnost.com)
33
 * [netneutralnost.com](https://netneutralnost.com)
31
 
34
 
32
-## Analytics service
35
+#### Analytics
36
+
37
+I self-host my own analytics service called [~~Piwik~~Matomo](https://matomo.org/). In a nutshell:
38
+
39
+* It's not hosted by Google nor any other third party.
40
+* It is configured in such a way that it respects [Do Not Track](https://en.wikipedia.org/wiki/Do_Not_Track) preference. If you chose not to be tracked in your browser's preferences, you will not be tracked.
41
+* Connections to it are blocked by all adblockers that have the [EasyPrivacy](https://easylist.to/#easyprivacy) list enabled ([uBlock Origin](https://github.com/gorhill/uBlock/#installation) has it enabled by default).
42
+* I obscure the IP addresses of where you're coming from to two bytes. Instead of seeing `88.198.121.205` (in case you're wondering: IP address of the server hosting the sites), I only see `88.198.XXX.XXX`.
43
+
44
+**What this means:** I cannot associate the collected data with you as an individual in any way. While you could approach me and give me enough data to uniquely identify you in the database, you should know that I do not have enough data to know who you are without you identifying yourself. I've made sure to comply with the [guidelines by Matomo](https://matomo.org/blog/2018/04/how-to-not-process-any-personal-data-with-matomo-and-what-it-means-for-you/) in order not to store any personal data.
33
 
45
 
34
-The third-party service I'm using is called [Clicky](https://clicky.com/). In a nutshell:
46
+**What I do with data:** I use them to track where the visitors are coming from, what are they visiting, how long are they using the website, and what kind of a device are they using to access the website. I collect very minimal, easily avoidable insight in order to improve the speed of the website and to have some general idea as to how far my word reaches. I sometimes boast about the overall numbers and make some inner decisions based on the stats.
35
 
47
 
36
-* It's not Google Analytics.
37
-* It's easy to block using popular adblockers.
38
-* It is configured in such a way that it respects [Do Not Track](https://en.wikipedia.org/wiki/Do_Not_Track) preference.
39
-* The tracking script loads asynchronously; the content is more important then for me to track you.
48
+**What third parties do with the data:** Nothing. Third parties don't have access to such data.
40
 
49
 
41
-**What I do with data:** I use them to track where the visitors are coming from, what are they visiting, how long are they using the website, and what kind of a device are they using to access the website. I collect very minimal, easily avoidable insight in order to improve the speed of the website and to have some general idea as to how far my word reaches.
50
+### General Data Protection Regulation (GDPR) compliance
42
 
51
 
43
-**What Clicky does with data:** Clicky aggregates anonymized data for the purposes of generating reports (such as the [browser marketshare report](https://clicky.com/marketshare/global/web-browsers/)). It does not have the authority to further sell the data nor use it for any other purpose.
52
+As all the data I collect is anonymous ([recital 26](https://gdpr-info.eu/recitals/no-26/)), and used solely for my personal use ([recital 18](https://gdpr-info.eu/recitals/no-18/)), I do not require consent from you in order to collect and process such data. Since I do not share the collected data with any third party, I am a sole data processor of the collected data.
44
 
53
 
45
-**What are my future plans:** Since I'm already self-hosting pretty much everything, it's only a question of time before I deploy a self-hosted version of the analytics service, such as ~~~Piwik~~~Matomo. Unfortunately, hosting stuff is complicated, requires constant maintenance, and managing analytics data is not an easy task as well. So, the switch to a completely self-hosted site will happen sometime, but I cannot give a time estimate on that. Meanwhile, I'm using the most privacy-aware third-party analytics service I could find.
54
+### Updates to the privacy policy
55
+
56
+Since I don't know who you are, I cannot send you an update whenever I make changes to my privacy policy. As a way around that, I am providing you with the date from which the current version of the policy is effective ({{ page.git.last_commit.commit_date | date: '%B %d, %Y' }}), together with the last Git commit that made changes to the text of the policy ([{{ page.git.last_commit.short_sha }}](https://code.r3bl.tech/sites/r3bl.blog/commit/{{ page.git.last_commit.long_sha }}?style=split)), enabling you to see the changes I've made side-by-side.
46
 
57
 
47
 ## What I don't do on this website
58
 ## What I don't do on this website
48
 
59
 
49
-* I do not nor have I ever sold any collected data.
50
-* I do not nor have I ever used this site to serve ads. [I promote projects I support](https://r3bl.blog/en/relevant-content/) instead.
51
-* I do not mine cryptocurrencies.
52
-* I have never hosted sponsored content on any of my website. If I ever decide to do so in the future, sponsored content will be easy to distinguish.
53
-* I do not use Google Analytics, Google Fonts, Google's CDN, etc.
54
-* I do not use Google's AMP program. I'm one of the signatories of the [Letter about Google AMP](http://ampletter.org/).
55
-* I do not make any connections to Facebook what so ever. You have to explicitly click on a button or a link for your browser to make connections to Facebook's servers.
60
+* I do not sell nor share any data I collect.
61
+* I do make money on this site by serving ads or mining cryptocurrencies.
62
+* If I ever decide to publish some sponsored content, I will make sure it's easy to distinguish as such.
63
+* I do not use Google Analytics, Google Fonts, Google's CDN, etc. I am one of the signatories of the [anti Google AMP letter](http://ampletter.org/), and have strong opinion against sharing your data with the company that's pushing for AMP.
64
+* I do not make connections by default to any social network. When you see a button or a link to it, please be aware that your browser will not make a connection to it by default. In order for the connection to be made, you have to make an explicit action showing your intention of making a connection to it (by clicking on it).
56
 
65
 
57
-## What I do to make my content easy and secure to consume
66
+## What do I do to make my content easy to consume
58
 
67
 
59
 * I make my websites as fast and as minimalistic as possible.
68
 * I make my websites as fast and as minimalistic as possible.
60
 * I focus on the content first. Everything else gets out of the way.
69
 * I focus on the content first. Everything else gets out of the way.
61
-* I carefully structure my data so that it's easily recognizable to scrapers and search engines.
62
-* I only load static content, making my website as fast to load as possible.
70
+* I carefully structure my data so that it's easily recognizable to search engines (and scrapers)..
63
 * I make sure my articles look good using browser's reader mode and [Pocket](https://getpocket.com/).
71
 * I make sure my articles look good using browser's reader mode and [Pocket](https://getpocket.com/).
64
-* I use [Open Graph](http://ogp.me/), and Twitter Cards.
65
-* My blog is available [over RSS](https://r3bl.blog/feed.xml). My RSS feed returns full articles (not just excerpts), making visitors able to read my content in its entirety using their favorite RSS reader.
66
 * I use descriptive alt tags in images.
72
 * I use descriptive alt tags in images.
67
-* If you have visual disability, I recommend reading my articles using [Pocket if you're on a smartphone](https://help.getpocket.com/article/1081-listening-to-articles-in-pocket-with-text-to-speech), or [Firefox's reader view if you're on a laptop/desktop](https://mzl.la/1cHarCP). 
73
+* I use [Open Graph](http://ogp.me/) and Twitter Cards, making my content look nice when it gets shared.
74
+* My blog is available [over RSS](https://r3bl.blog/feed.xml). My RSS feed returns full articles (not just excerpts), making visitors able to read my content in its entirety using their favorite RSS reader.
75
+
76
+## How does this website earn money?
77
+
78
+It doesn't.
79
+
80
+However, maintaining my infrastructure which runs my sites costs me a considerable amount of money (~40€/month). You can help me cover my costs by making a [one-off donation using PayPal](https://www.paypal.me/r3blme), or [recurring donations using Liberapay](https://liberapay.com/r3bl).